Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 21.11.2014, 19:52   #1
drChef96
 
Windows7: TR/BProtector.Gen2  &  EXP/CVE-2012-1723.A1 gefunden! - Standard

Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!



Guten Tag liebes Trojaner-Board-Team,

wie schon im Titel erwähnt hat mein Avira 2 Viren gefunden, welche direkt in Qarantäne gesteckt wurden. Zweiterer wurde schon länger gefunden.

Beide Viren hatten bisher keinerlei sichtbaren Einfluss auf mein System, dennoch hätte ich nun beide gerne entfernt.

Es sei zu erwähnen, dass während des Gmer-Scans ein Bluescreen auftrat und darauf das System (wie angeraten) ohne Devices gescannt wurde. Dieser Scan verlief dann erfolgreich, dennoch hatte ich kurze Zeit später erneut einen Bluescreen, was normalerweise noch nie passiert ist.

Folgend sind nun die benötigten Log-Files aufgelistet:

defogger_disable:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:18 on 21/11/2014 (Johannes)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Johannes at 2014-11-21 18:22:50
Running from C:\Users\Johannes\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.1.0.1 - Hewlett-Packard Company)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.3.0 - devolo AG)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.100.35469 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4407 - Hewlett-Packard Company)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{5DCA44EB-03F6-44A3-A294-F3E5DE98D7F6}) (Version: 4.4.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{840021F2-FFC0-467A-BF85-29B8B7803717}) (Version: 2.0.8.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Power Assistant (HKLM\...\{D9355D03-2C06-401B-8A16-F6500379AE21}) (Version: 2.1.0.6 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.08.1017 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{3F437675-F102-4866-BDE1-FFFC7B45EC0B}) (Version: 3.1.2.10229 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{EE5F1911-EA95-4F1A-AF97-495972F5032D}) (Version: 2.4.3.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6428.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.64 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek)
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten (HKLM\...\{B66CA6D0-8EA3-4838-91D1-47EACDCCFA2B}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.9 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.34998 Beta - TeamViewer)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.37.0 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.37.0 - Hewlett-Packard Company) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB PnP Sound Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version:   -  )
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.16 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-11-2014 13:26:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
16-11-2014 13:28:19 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
16-11-2014 13:45:36 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
16-11-2014 13:46:15 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
16-11-2014 13:52:25 Wiederherstellungsvorgang
16-11-2014 14:34:25 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
16-11-2014 14:35:33 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
18-11-2014 15:57:10 Windows Update
19-11-2014 21:40:49 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03DE6ADE-9D66-4BE3-8077-21C27BA5B8C9} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {06E2CBAE-4FE4-4990-939D-B0543BFE7310} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {2ED23246-8A74-4B30-B807-9379DA9CA639} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {30AEB0D7-06C6-4EDC-9430-607329A6F7C6} - System32\Tasks\HPCeeScheduleForJohannes => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {6BE448C4-E51A-4D4D-AEEC-E69E30A0F7DE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {98624B44-B9EF-492E-8EE2-D27CD9CB319D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {9912F099-3A7B-4C9C-9AD5-7514E6859ABD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CD8FE907-F5C8-49A8-8430-B2883FCB1C6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CF95DEC9-AA23-42F5-86E5-898F7A7D87DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-21] (Microsoft)
Task: {EA533C09-D00D-472E-B4A8-6629842205EB} - System32\Tasks\HPCeeScheduleForJOHANNES-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: C:\windows\Tasks\HPCeeScheduleForJOHANNES-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForJohannes.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-07-18 15:48 - 2011-07-18 15:48 - 00156216 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-02-01 09:39 - 2013-02-01 09:39 - 03401216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-02-01 08:39 - 2013-02-01 08:39 - 01323008 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2013-04-06 21:54 - 2013-04-06 21:54 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2011-05-03 02:24 - 2011-06-11 12:42 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-30 19:28 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-14 11:42 - 2012-09-14 11:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-14 11:37 - 2012-09-14 11:37 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2011-01-27 06:11 - 2011-01-27 06:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-01 09:14 - 2013-02-01 09:14 - 02830336 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2013-02-01 08:38 - 2013-02-01 08:38 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2013-02-01 09:17 - 2013-02-01 09:17 - 02863104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2013-02-01 09:15 - 2013-02-01 09:15 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2013-02-01 08:42 - 2013-02-01 08:42 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2013-02-01 08:43 - 2013-02-01 08:43 - 01945600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2013-02-01 09:12 - 2013-02-01 09:12 - 03092480 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2014-10-18 21:06 - 2014-10-18 21:06 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-06-29 22:36 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2014-08-29 19:11 - 2014-11-11 19:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 19:11 - 2014-11-11 19:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 19:11 - 2014-11-11 19:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 20:12 - 2014-11-18 21:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 19:11 - 2014-11-11 19:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 19:11 - 2014-11-11 19:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-12-27 00:43 - 2014-11-18 21:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2011-12-27 00:43 - 2014-11-11 19:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 22:46 - 2014-11-11 19:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-11-10 17:27 - 2014-11-10 17:28 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-17 17:02 - 2014-11-17 17:02 - 16840880 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BtvStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QLBController => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1488422038-2814791348-2129004140-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1488422038-2814791348-2129004140-1006 - Limited - Enabled)
Gast (S-1-5-21-1488422038-2814791348-2129004140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1488422038-2814791348-2129004140-1003 - Limited - Enabled)
Johannes (S-1-5-21-1488422038-2814791348-2129004140-1002 - Administrator - Enabled) => C:\Users\Johannes
Peter (S-1-5-21-1488422038-2814791348-2129004140-1004 - Administrator - Enabled) => C:\Users\Peter

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2014 05:24:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WicaInventory.exe, Version: 6.3.9600.17204, Zeitstempel: 0x545480c0
Name des fehlerhaften Moduls: aticfx64.dll, Version: 8.17.10.1072, Zeitstempel: 0x4d90ad9f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000047b96
ID des fehlerhaften Prozesses: 0x12b0
Startzeit der fehlerhaften Anwendung: 0xWicaInventory.exe0
Pfad der fehlerhaften Anwendung: WicaInventory.exe1
Pfad des fehlerhaften Moduls: WicaInventory.exe2
Berichtskennung: WicaInventory.exe3

Error: (11/21/2014 05:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WicaInventory.exe, Version: 6.3.9600.17204, Zeitstempel: 0x545480c0
Name des fehlerhaften Moduls: aticfx64.dll, Version: 8.17.10.1072, Zeitstempel: 0x4d90ad9f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000047b96
ID des fehlerhaften Prozesses: 0x104c
Startzeit der fehlerhaften Anwendung: 0xWicaInventory.exe0
Pfad der fehlerhaften Anwendung: WicaInventory.exe1
Pfad des fehlerhaften Moduls: WicaInventory.exe2
Berichtskennung: WicaInventory.exe3


System errors:
=============
Error: (11/21/2014 05:19:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_DEVIM
Uim_IM

Error: (11/21/2014 05:17:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Arp Intelligent Protection Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/21/2014 05:17:54 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (11/20/2014 11:12:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (11/21/2014 05:24:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WicaInventory.exe6.3.9600.17204545480c0aticfx64.dll8.17.10.10724d90ad9fc00000050000000000047b9612b001d005a78a14cd5dC:\windows\system32\CompatTel\WicaInventory.exeC:\windows\system32\aticfx64.dllcdf50e14-719a-11e4-b637-2c4138002964

Error: (11/21/2014 05:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WicaInventory.exe6.3.9600.17204545480c0aticfx64.dll8.17.10.10724d90ad9fc00000050000000000047b96104c01d005a77ad29b3cC:\windows\system32\CompatTel\WicaInventory.exeC:\windows\system32\aticfx64.dllc3224c56-719a-11e4-b637-2c4138002964


CodeIntegrity Errors:
===================================
  Date: 2012-07-22 14:24:03.817
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 14:24:03.771
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 14:24:03.708
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 14:24:03.630
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 13:02:39.288
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 13:02:39.225
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 13:02:24.873
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-22 13:02:24.795
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-21 14:07:56.405
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-21 14:07:56.312
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 60%
Total physical RAM: 4030.36 MB
Available physical RAM: 1609.87 MB
Total Pagefile: 8058.9 MB
Available Pagefile: 5166.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:573.04 GB) (Free:447.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:17.83 GB) (Free:2.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 5BB8F1BD)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=573 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================
         
FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Johannes (administrator) on JOHANNES-HP on 21-11-2014 18:20:59
Running from C:\Users\Johannes\Desktop
Loaded Profile: Johannes (Available profiles: Johannes & Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Akamai Technologies, Inc.) C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm108Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-11-19] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\MountPoints2: {8f71424b-8644-11e1-bee0-68a3c4f641c1} - D:\LaunchU3.exe -a
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\.DEFAULT -> {01A1E719-78CA-4756-BA03-4B7DDCD9F0F3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=70501de8-4b19-497a-bd3a-901d763d8869&apn_sauid=2238973F-F20E-4A09-BE90-5EA92D5E04A9
SearchScopes: HKU\S-1-5-21-1488422038-2814791348-2129004140-1002 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1488422038-2814791348-2129004140-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default
FF Homepage: https://www.youtube.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1488422038-2814791348-2129004140-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\abs@avira.com [2014-11-19]
FF Extension: HTTPS-Everywhere - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\https-everywhere@eff.org [2014-10-16]
FF Extension: YouTube Unblocker - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-20]
FF Extension: ipFuck - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\ipfuck@p4ul.info.xpi [2013-02-28]
FF Extension: Magic Actions for YouTube™ - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013-03-16]
FF Extension: NoScript - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-22]
FF Extension: {9ac7d46a-d278-4fba-acc6-2dc897e4d762} - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{9ac7d46a-d278-4fba-acc6-2dc897e4d762}.xpi [2013-10-29]
FF Extension: Adblock Plus - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-28]
FF Extension: PDF Print Wizard Light - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{d3a1baf2-1c0d-4144-ac5f-15108599e5c3}.xpi [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-08-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-08-26]
FF HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\extensions\cliqz@cliqz.com
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2013-02-01] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-04-06] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2013-04-26] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5400848 2014-11-03] (TeamViewer GmbH)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-07-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-09-14] (Qualcomm Atheros)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-07-22] ()
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [101288 2013-02-01] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158888 2013-02-01] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-07-18] (CACE Technologies)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-01-23] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-01-23] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2014-01-23] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 18:20 - 2014-11-21 18:22 - 00021952 _____ () C:\Users\Johannes\Desktop\FRST.txt
2014-11-21 18:20 - 2014-11-21 18:21 - 00000000 ____D () C:\FRST
2014-11-21 18:18 - 2014-11-21 18:18 - 02117632 _____ (Farbar) C:\Users\Johannes\Desktop\FRST64.exe
2014-11-21 18:18 - 2014-11-21 18:18 - 00000478 _____ () C:\Users\Johannes\Desktop\defogger_disable.log
2014-11-21 18:18 - 2014-11-21 18:18 - 00000000 _____ () C:\Users\Johannes\defogger_reenable
2014-11-21 18:15 - 2014-11-21 18:15 - 00050477 _____ () C:\Users\Johannes\Desktop\Defogger.exe
2014-11-20 22:36 - 2014-11-20 22:36 - 00000000 ____D () C:\windows\ERUNT
2014-11-20 22:28 - 2014-11-20 22:32 - 00000000 ____D () C:\AdwCleaner
2014-11-19 16:56 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 16:56 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 16:56 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 16:56 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-18 20:30 - 2014-11-20 22:27 - 00000196 _____ () C:\Users\Johannes\Desktop\csgo.txt
2014-11-17 21:17 - 2014-11-17 21:19 - 207485208 _____ (Advanced Micro Devices, Inc.) C:\Users\Johannes\Downloads\13-9_win7_win8_64_dd_ccc_whql(1).exe
2014-11-17 21:07 - 2014-11-17 21:07 - 00891224 _____ (AMD) C:\Users\Johannes\Downloads\amddriverdownloader.exe
2014-11-16 14:38 - 2014-11-16 14:38 - 00056548 _____ () C:\windows\SysWOW64\CCCInstall_201411161438097924.log
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\ProgramData\ATI
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\ProgramData\AMD
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-16 14:37 - 2014-11-16 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-16 14:32 - 2014-11-16 14:32 - 00000000 ____D () C:\Program Files\AMD
2014-11-16 14:21 - 2014-11-16 14:24 - 286582040 _____ (AMD Inc.) C:\Users\Johannes\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
2014-11-16 14:01 - 2014-11-16 14:01 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-16 14:00 - 2014-11-16 14:25 - 00000000 ____D () C:\AMD
2014-11-16 13:54 - 2014-11-16 13:59 - 207485208 _____ (Advanced Micro Devices, Inc.) C:\Users\Johannes\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2014-11-12 17:25 - 2014-11-12 17:25 - 09698760 _____ (Nota Inc. ) C:\Users\Johannes\Downloads\Gyazo-2.3.0.exe
2014-11-12 17:25 - 2014-11-12 17:25 - 00003764 _____ () C:\windows\System32\Tasks\GyazoUpdateTaskMachine
2014-11-12 17:11 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-12 17:11 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-12 17:11 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-12 17:11 - 2014-10-27 21:32 - 17870336 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 17:11 - 2014-10-27 21:13 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 17:11 - 2014-10-27 21:12 - 10921472 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 17:11 - 2014-10-27 21:07 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 17:11 - 2014-10-27 21:06 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 17:11 - 2014-10-27 21:05 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 17:11 - 2014-10-27 21:05 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-11-12 17:11 - 2014-10-27 21:05 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 02157056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-12 17:11 - 2014-10-27 21:03 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 17:11 - 2014-10-27 21:03 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-11-12 17:11 - 2014-10-27 21:03 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-11-12 17:11 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 17:11 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 17:11 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 17:11 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 17:11 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 17:11 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 17:11 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-11-12 17:11 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-12 17:11 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-12 17:11 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-11-12 17:11 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-11-12 17:11 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 17:11 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 17:11 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 17:11 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 17:11 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 17:11 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 17:11 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-12 17:11 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 17:11 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 17:11 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 17:11 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 17:11 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 17:11 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 17:11 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 17:11 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 17:11 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 17:10 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 17:10 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 17:10 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 17:10 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-12 17:10 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 17:10 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 17:10 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 17:10 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-10 17:27 - 2014-11-10 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-04 20:56 - 2014-11-04 20:56 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TightVNC
2014-11-04 20:07 - 2014-11-04 20:07 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-11-04 20:07 - 2014-11-04 20:07 - 00000995 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-11-04 19:41 - 2014-11-04 19:41 - 00000000 ____D () C:\Users\Johannes\Documents\My Games
2014-11-04 17:07 - 2014-11-04 19:43 - 00000222 _____ () C:\Users\Johannes\Desktop\The Binding of Isaac Rebirth.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 18:18 - 2011-12-03 18:03 - 00000000 ____D () C:\Users\Johannes
2014-11-21 17:38 - 2011-06-29 22:32 - 01241435 _____ () C:\windows\WindowsUpdate.log
2014-11-21 17:31 - 2011-12-27 00:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-21 17:26 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 17:26 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 17:25 - 2011-05-03 02:10 - 00714300 _____ () C:\windows\system32\perfh007.dat
2014-11-21 17:25 - 2011-05-03 02:10 - 00156098 _____ () C:\windows\system32\perfc007.dat
2014-11-21 17:25 - 2009-07-14 06:13 - 01660510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-21 17:19 - 2011-05-03 02:22 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-21 17:17 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-21 17:17 - 2009-07-14 05:51 - 00173043 _____ () C:\windows\setupact.log
2014-11-20 22:42 - 2012-01-04 17:16 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D07EF50A-85F7-4C00-BDDA-5B79AFF39123}
2014-11-20 22:33 - 2011-06-29 23:01 - 00561958 _____ () C:\windows\PFRO.log
2014-11-20 17:23 - 2014-07-08 16:26 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForJohannes
2014-11-20 17:23 - 2014-07-08 16:26 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForJohannes.job
2014-11-18 17:26 - 2012-01-01 21:13 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-18 17:26 - 2011-12-25 21:44 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-11-17 17:48 - 2011-12-04 01:58 - 00000000 ____D () C:\windows\rescache
2014-11-17 17:02 - 2012-04-02 08:47 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-17 17:02 - 2011-12-27 13:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-16 15:39 - 2011-12-27 13:17 - 00000000 ____D () C:\Users\Johannes\AppData\Local\CrashDumps
2014-11-16 14:58 - 2011-12-25 11:35 - 00000000 ____D () C:\Users\Peter
2014-11-16 14:58 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration
2014-11-16 14:36 - 2011-06-29 22:42 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-16 14:29 - 2014-08-14 16:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-16 01:12 - 2012-02-28 19:38 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TS3Client
2014-11-15 18:41 - 2012-12-18 20:28 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\HpUpdate
2014-11-14 16:32 - 2012-03-14 19:32 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Akamai
2014-11-13 16:39 - 2011-12-03 18:24 - 00110352 _____ () C:\Users\Johannes\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 16:23 - 2009-07-14 05:45 - 00410904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-12 23:16 - 2014-05-06 17:06 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-12 18:25 - 2012-05-06 18:15 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-11-12 17:35 - 2011-12-03 18:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 17:28 - 2013-08-15 18:19 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 17:25 - 2012-08-27 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-11-12 17:21 - 2011-12-03 18:59 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 16:59 - 2012-08-24 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 12:41 - 2014-09-15 15:40 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-08 12:41 - 2012-11-02 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-08 12:41 - 2012-11-02 17:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-04 21:58 - 2011-12-30 19:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-04 20:07 - 2012-01-14 13:56 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TeamViewer
2014-11-04 14:30 - 2011-12-03 18:21 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-30 18:11 - 2011-12-03 18:03 - 00003224 _____ () C:\windows\System32\Tasks\HPCeeScheduleForJOHANNES-HP$
2014-10-30 18:11 - 2011-12-03 18:03 - 00000348 _____ () C:\windows\Tasks\HPCeeScheduleForJOHANNES-HP$.job
2014-10-29 17:11 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-28 16:53 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-23 19:39 - 2011-05-03 01:45 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-22 16:29 - 2014-06-30 13:35 - 00000000 ____D () C:\Users\Johannes\Documents\Studium

Some content of TEMP:
====================
C:\Users\Johannes\AppData\Local\Temp\AskSLib.dll
C:\Users\Johannes\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Johannes\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\DTLocker+-D-ParaDelay.exe
C:\Users\Johannes\AppData\Local\Temp\Extract.exe
C:\Users\Johannes\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Johannes\AppData\Local\Temp\install_flashplayer12x32au_mssd_aaa_aih.exe
C:\Users\Johannes\AppData\Local\Temp\mqermkms.dll
C:\Users\Johannes\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe
C:\Users\Johannes\AppData\Local\Temp\paint.net.4.0.3.install.exe
C:\Users\Johannes\AppData\Local\Temp\Quarantine.exe
C:\Users\Johannes\AppData\Local\Temp\Resource.exe
C:\Users\Johannes\AppData\Local\Temp\SP53858.exe
C:\Users\Johannes\AppData\Local\Temp\SP54972.exe
C:\Users\Johannes\AppData\Local\Temp\SP56729.exe
C:\Users\Johannes\AppData\Local\Temp\SP57014.exe
C:\Users\Johannes\AppData\Local\Temp\SP57555.exe
C:\Users\Johannes\AppData\Local\Temp\SP57556.exe
C:\Users\Johannes\AppData\Local\Temp\SP57879.exe
C:\Users\Johannes\AppData\Local\Temp\SP58268.exe
C:\Users\Johannes\AppData\Local\Temp\SP58647.exe
C:\Users\Johannes\AppData\Local\Temp\sp58915.exe
C:\Users\Johannes\AppData\Local\Temp\SP58930.exe
C:\Users\Johannes\AppData\Local\Temp\SP59118.exe
C:\Users\Johannes\AppData\Local\Temp\SP59151.exe
C:\Users\Johannes\AppData\Local\Temp\SP59196.exe
C:\Users\Johannes\AppData\Local\Temp\SP59202.exe
C:\Users\Johannes\AppData\Local\Temp\SP59213.exe
C:\Users\Johannes\AppData\Local\Temp\SP59291.exe
C:\Users\Johannes\AppData\Local\Temp\SP59529.exe
C:\Users\Johannes\AppData\Local\Temp\SP59530.exe
C:\Users\Johannes\AppData\Local\Temp\SP60095.exe
C:\Users\Johannes\AppData\Local\Temp\SP60686.exe
C:\Users\Johannes\AppData\Local\Temp\SP60769.exe
C:\Users\Johannes\AppData\Local\Temp\SP61104.exe
C:\Users\Johannes\AppData\Local\Temp\SP61411.exe
C:\Users\Johannes\AppData\Local\Temp\SP61423.exe
C:\Users\Johannes\AppData\Local\Temp\SP61823.exe
C:\Users\Johannes\AppData\Local\Temp\SP63779.exe
C:\Users\Johannes\AppData\Local\Temp\sp64126.exe
C:\Users\Johannes\AppData\Local\Temp\sqlite3.dll
C:\Users\Johannes\AppData\Local\Temp\uninst1.exe
C:\Users\Johannes\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Peter\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 17:40

==================== End Of Log ============================
         
--- --- ---


Gmer:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-21 19:02:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Johannes\AppData\Local\Temp\axddrkow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                               fffff800033c1000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                               fffff800033c102f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17           00000000754f1401 2 bytes JMP 7500b21b C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17             00000000754f1419 2 bytes JMP 7500b346 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17           00000000754f1431 2 bytes JMP 75088ea9 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42           00000000754f144a 2 bytes CALL 74fe48ad C:\windows\syswow64\kernel32.dll
.text     ...                                                                                                                              * 9
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17              00000000754f14dd 2 bytes JMP 750887a2 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17       00000000754f14f5 2 bytes JMP 75088978 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17              00000000754f150d 2 bytes JMP 75088698 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17       00000000754f1525 2 bytes JMP 75088a62 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17             00000000754f153d 2 bytes JMP 74fffca8 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                  00000000754f1555 2 bytes JMP 750068ef C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17           00000000754f156d 2 bytes JMP 75088f61 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17             00000000754f1585 2 bytes JMP 75088ac2 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                00000000754f159d 2 bytes JMP 7508865c C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17             00000000754f15b5 2 bytes JMP 74fffd41 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17           00000000754f15cd 2 bytes JMP 7500b2dc C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20       00000000754f16b2 2 bytes JMP 75088e24 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31       00000000754f16bd 2 bytes JMP 750885f1 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17          00000000754f1401 2 bytes JMP 7500b21b C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17            00000000754f1419 2 bytes JMP 7500b346 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17          00000000754f1431 2 bytes JMP 75088ea9 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42          00000000754f144a 2 bytes CALL 74fe48ad C:\windows\syswow64\kernel32.dll
.text     ...                                                                                                                              * 9
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17             00000000754f14dd 2 bytes JMP 750887a2 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17      00000000754f14f5 2 bytes JMP 75088978 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17             00000000754f150d 2 bytes JMP 75088698 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17      00000000754f1525 2 bytes JMP 75088a62 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17            00000000754f153d 2 bytes JMP 74fffca8 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                 00000000754f1555 2 bytes JMP 750068ef C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17          00000000754f156d 2 bytes JMP 75088f61 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17            00000000754f1585 2 bytes JMP 75088ac2 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17               00000000754f159d 2 bytes JMP 7508865c C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17            00000000754f15b5 2 bytes JMP 74fffd41 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17          00000000754f15cd 2 bytes JMP 7500b2dc C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20      00000000754f16b2 2 bytes JMP 75088e24 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31      00000000754f16bd 2 bytes JMP 750885f1 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17          00000000754f1401 2 bytes JMP 7500b21b C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17            00000000754f1419 2 bytes JMP 7500b346 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17          00000000754f1431 2 bytes JMP 75088ea9 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42          00000000754f144a 2 bytes CALL 74fe48ad C:\windows\syswow64\kernel32.dll
.text     ...                                                                                                                              * 9
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17             00000000754f14dd 2 bytes JMP 750887a2 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17      00000000754f14f5 2 bytes JMP 75088978 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17             00000000754f150d 2 bytes JMP 75088698 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17      00000000754f1525 2 bytes JMP 75088a62 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17            00000000754f153d 2 bytes JMP 74fffca8 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                 00000000754f1555 2 bytes JMP 750068ef C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17          00000000754f156d 2 bytes JMP 75088f61 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17            00000000754f1585 2 bytes JMP 75088ac2 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17               00000000754f159d 2 bytes JMP 7508865c C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17            00000000754f15b5 2 bytes JMP 74fffd41 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17          00000000754f15cd 2 bytes JMP 7500b2dc C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20      00000000754f16b2 2 bytes JMP 75088e24 C:\windows\syswow64\kernel32.dll
.text     C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31      00000000754f16bd 2 bytes JMP 750885f1 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\SysWOW64\WSOCK32.dll!recv + 82                                                 00000000728517fa 2 bytes CALL 74fe11a9 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                             0000000072851860 2 bytes CALL 74fe11a9 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                           0000000072851942 2 bytes JMP 75797089 C:\windows\syswow64\WS2_32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                          000000007285194d 2 bytes JMP 7579cba6 C:\windows\syswow64\WS2_32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                   00000000754f1401 2 bytes JMP 7500b21b C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                     00000000754f1419 2 bytes JMP 7500b346 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                   00000000754f1431 2 bytes JMP 75088ea9 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                   00000000754f144a 2 bytes CALL 74fe48ad C:\windows\syswow64\kernel32.dll
.text     ...                                                                                                                              * 9
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                      00000000754f14dd 2 bytes JMP 750887a2 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                               00000000754f14f5 2 bytes JMP 75088978 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                      00000000754f150d 2 bytes JMP 75088698 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                               00000000754f1525 2 bytes JMP 75088a62 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                     00000000754f153d 2 bytes JMP 74fffca8 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                          00000000754f1555 2 bytes JMP 750068ef C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                   00000000754f156d 2 bytes JMP 75088f61 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                     00000000754f1585 2 bytes JMP 75088ac2 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                        00000000754f159d 2 bytes JMP 7508865c C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                     00000000754f15b5 2 bytes JMP 74fffd41 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                   00000000754f15cd 2 bytes JMP 7500b2dc C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                               00000000754f16b2 2 bytes JMP 75088e24 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                               00000000754f16bd 2 bytes JMP 750885f1 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17           00000000754f1401 2 bytes JMP 7500b21b C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17             00000000754f1419 2 bytes JMP 7500b346 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17           00000000754f1431 2 bytes JMP 75088ea9 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42           00000000754f144a 2 bytes CALL 74fe48ad C:\windows\syswow64\kernel32.dll
.text     ...                                                                                                                              * 9
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17              00000000754f14dd 2 bytes JMP 750887a2 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17       00000000754f14f5 2 bytes JMP 75088978 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17              00000000754f150d 2 bytes JMP 75088698 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17       00000000754f1525 2 bytes JMP 75088a62 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17             00000000754f153d 2 bytes JMP 74fffca8 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                  00000000754f1555 2 bytes JMP 750068ef C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17           00000000754f156d 2 bytes JMP 75088f61 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17             00000000754f1585 2 bytes JMP 75088ac2 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                00000000754f159d 2 bytes JMP 7508865c C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17             00000000754f15b5 2 bytes JMP 74fffd41 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17           00000000754f15cd 2 bytes JMP 7500b2dc C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20       00000000754f16b2 2 bytes JMP 75088e24 C:\windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31       00000000754f16bd 2 bytes JMP 750885f1 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                          00000000739f11a8 2 bytes [9F, 73]
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248                         00000000739f127d 2 bytes CALL 74fe14b9 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395                         00000000739f1310 2 bytes CALL 74fe14b9 C:\windows\syswow64\kernel32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                    00000000739f13a8 2 bytes [9F, 73]
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                        00000000739f1422 2 bytes [9F, 73]
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                 00000000739f1498 2 bytes [9F, 73]
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4              0000000073811825 2 bytes JMP 755b6125 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4             0000000073811830 2 bytes JMP 755b6145 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4          000000007381183b 2 bytes JMP 755b6165 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4            0000000073811846 2 bytes JMP 755b5a05 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4  0000000073811851 2 bytes JMP 755b6185 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4          000000007381185c 2 bytes JMP 755b6265 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4                    0000000073811867 2 bytes JMP 755b6285 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4               0000000073811872 2 bytes JMP 755b62a5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4            000000007381187d 2 bytes JMP 755b62c5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4                         0000000073811888 2 bytes JMP 755b5a25 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4          0000000073811893 2 bytes JMP 755b62e5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4            000000007381189e 2 bytes JMP 755b5aa5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4                00000000738118a9 2 bytes JMP 755b6305 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4             00000000738118b4 2 bytes JMP 755b6325 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4      00000000738118bf 2 bytes JMP 75581fcb C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4                00000000738118ca 2 bytes JMP 755b6365 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4               00000000738118d5 2 bytes JMP 755b5ac5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4             00000000738118e0 2 bytes JMP 755b5b45 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4         00000000738118eb 2 bytes JMP 755b5b65 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4      00000000738118f6 2 bytes JMP 755b68c5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4         0000000073811901 2 bytes JMP 755b5a85 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4            000000007381190c 2 bytes JMP 755b68e5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4               0000000073811917 2 bytes JMP 755b6925 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4              0000000073811922 2 bytes JMP 755b5ae5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4              000000007381192d 2 bytes JMP 755b6945 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4                        0000000073811938 2 bytes JMP 755b6965 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4            0000000073811943 2 bytes JMP 755b6985 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4        000000007381194e 2 bytes JMP 755b69a5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4                0000000073811959 2 bytes JMP 755b69c5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4                       0000000073811964 2 bytes JMP 755b69e5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4               000000007381196f 2 bytes JMP 755b6a05 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4              000000007381197a 2 bytes JMP 755b6a25 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4                 0000000073811985 2 bytes JMP 755b6a45 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4               0000000073811990 2 bytes JMP 755b6a65 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4       000000007381199b 2 bytes JMP 755b6a85 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4           00000000738119a6 2 bytes JMP 755b6aa5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4            00000000738119b1 2 bytes JMP 755b6ac5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4              00000000738119bc 2 bytes JMP 755b6ae5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4                 00000000738119c7 2 bytes JMP 755b6b05 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4                        00000000738119d2 2 bytes JMP 755b6b25 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4                     00000000738119dd 2 bytes JMP 755b5b85 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4       00000000738119e8 2 bytes JMP 755b6b65 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4           00000000738119f3 2 bytes JMP 755b6b85 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4    00000000738119fe 2 bytes JMP 755b6bc3 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4                   0000000073811a09 2 bytes JMP 755b6be3 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4                0000000073811a14 2 bytes JMP 755b6c03 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4                 0000000073811a1f 2 bytes JMP 755b5b05 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4                 0000000073811a2a 2 bytes JMP 755b6c23 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4            0000000073811a35 2 bytes JMP 755b6c43 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4                0000000073811a40 2 bytes JMP 755b6c63 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4          0000000073811a4b 2 bytes JMP 755b6c83 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4             0000000073811a56 2 bytes JMP 755b6ca3 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4                      0000000073811a61 2 bytes JMP 755b6cc3 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4                   0000000073811a6c 2 bytes JMP 755b5ba5 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4               0000000073811a77 2 bytes JMP 755b6ce3 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4        0000000073811a82 2 bytes JMP 755b6d03 C:\windows\syswow64\GDI32.dll
.text     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52       0000000073811ab2 2 bytes JMP 76bddc75 C:\windows\syswow64\msvcrt.dll

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4f641c1                                                      
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4f641c1 (not active ControlSet)                                  

---- EOF - GMER 2.1 ----
         
Avira:

Code:
ATTFilter
Exportierte Ereignisse:

20.11.2014 21:33 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Johannes\AppData\Local\Temp\CBB993BC-BAB0-7891-B450-D6D7D872DD06\Lates
      t\ccp.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5014f119.qua' 
      verschoben!
         
Vielen Dank im Vorraus!

Alt 21.11.2014, 20:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: TR/BProtector.Gen2  &  EXP/CVE-2012-1723.A1 gefunden! - Standard

Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 22.11.2014, 18:40   #3
drChef96
 
Windows7: TR/BProtector.Gen2  &  EXP/CVE-2012-1723.A1 gefunden! - Standard

Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!



Vielen Dank für die schnelle Antwort.

mbam:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.11.2014
Suchlauf-Zeit: 17:18:08
Logdatei: mbam3.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.22.05
Rootkit Datenbank: v2014.11.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Johannes

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 377155
Verstrichene Zeit: 20 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.101 - Bericht erstellt am 22/11/2014 um 18:21:19
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Johannes - JOHANNES-HP
# Gestartet von : C:\Users\Johannes\Desktop\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v33.1 (x86 de)


*************************

AdwCleaner[R0].txt - [23643 octets] - [20/11/2014 22:28:56]
AdwCleaner[R1].txt - [900 octets] - [22/11/2014 18:19:05]
AdwCleaner[S0].txt - [22593 octets] - [20/11/2014 22:32:05]
AdwCleaner[S1].txt - [822 octets] - [22/11/2014 18:21:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [881 octets] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Johannes on 22.11.2014 at 18:26:40,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.11.2014 at 18:29:34,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
frisches FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 01
Ran by Johannes (administrator) on JOHANNES-HP on 22-11-2014 18:31:23
Running from C:\Users\Johannes\Desktop
Loaded Profile: Johannes (Available profiles: Johannes & Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm108Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-11-19] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\MountPoints2: {8f71424b-8644-11e1-bee0-68a3c4f641c1} - D:\LaunchU3.exe -a
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\.DEFAULT -> {01A1E719-78CA-4756-BA03-4B7DDCD9F0F3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=70501de8-4b19-497a-bd3a-901d763d8869&apn_sauid=2238973F-F20E-4A09-BE90-5EA92D5E04A9
SearchScopes: HKU\S-1-5-21-1488422038-2814791348-2129004140-1002 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1488422038-2814791348-2129004140-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default
FF Homepage: https://www.youtube.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1488422038-2814791348-2129004140-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\abs@avira.com [2014-11-19]
FF Extension: HTTPS-Everywhere - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\https-everywhere@eff.org [2014-10-16]
FF Extension: YouTube Unblocker - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-20]
FF Extension: ipFuck - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\ipfuck@p4ul.info.xpi [2013-02-28]
FF Extension: Magic Actions for YouTube™ - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013-03-16]
FF Extension: NoScript - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-22]
FF Extension: {9ac7d46a-d278-4fba-acc6-2dc897e4d762} - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{9ac7d46a-d278-4fba-acc6-2dc897e4d762}.xpi [2013-10-29]
FF Extension: Adblock Plus - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-28]
FF Extension: PDF Print Wizard Light - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{d3a1baf2-1c0d-4144-ac5f-15108599e5c3}.xpi [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-08-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-08-26]
FF HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\extensions\cliqz@cliqz.com
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2013-02-01] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-04-06] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2013-04-26] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5400848 2014-11-03] (TeamViewer GmbH)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-07-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-09-14] (Qualcomm Atheros)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-07-22] ()
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [101288 2013-02-01] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158888 2013-02-01] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-07-18] (CACE Technologies)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-01-23] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-01-23] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2014-01-23] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 18:30 - 2014-11-22 18:30 - 00000000 ____D () C:\Users\Johannes\Desktop\FRST-OlderVersion
2014-11-22 18:29 - 2014-11-22 18:29 - 00000628 _____ () C:\Users\Johannes\Desktop\JRT.txt
2014-11-22 18:26 - 2014-11-22 18:26 - 01707532 _____ (Thisisu) C:\Users\Johannes\Desktop\JRT.exe
2014-11-22 18:23 - 2014-11-22 18:23 - 00000960 _____ () C:\Users\Johannes\Desktop\AdwCleaner[S1].txt
2014-11-22 18:17 - 2014-11-22 18:17 - 02140160 _____ () C:\Users\Johannes\Desktop\AdwCleaner_4.101.exe
2014-11-22 18:09 - 2014-11-22 18:09 - 00001207 _____ () C:\Users\Johannes\Desktop\mbam.txt
2014-11-22 11:58 - 2014-11-22 18:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-22 11:58 - 2014-11-22 11:58 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-22 11:58 - 2014-11-22 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-22 11:58 - 2014-11-22 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-22 11:58 - 2014-11-22 11:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-22 11:58 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-22 11:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-22 11:58 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-22 11:56 - 2014-11-22 11:56 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Johannes\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-21 19:30 - 2014-11-21 19:30 - 00000852 _____ () C:\Users\Johannes\Desktop\avira.txt
2014-11-21 19:21 - 2014-11-21 19:21 - 00262144 _____ () C:\windows\Minidump\112114-29858-01.dmp
2014-11-21 19:02 - 2014-11-21 19:02 - 00033594 _____ () C:\Users\Johannes\Desktop\Gmer.log
2014-11-21 18:39 - 2014-11-21 18:39 - 00262144 _____ () C:\windows\Minidump\112114-28953-01.dmp
2014-11-21 18:29 - 2014-11-21 18:29 - 00380416 _____ () C:\Users\Johannes\Desktop\Gmer-19357.exe
2014-11-21 18:22 - 2014-11-21 18:23 - 00036697 _____ () C:\Users\Johannes\Desktop\Addition.txt
2014-11-21 18:20 - 2014-11-22 18:31 - 00021695 _____ () C:\Users\Johannes\Desktop\FRST.txt
2014-11-21 18:20 - 2014-11-22 18:31 - 00000000 ____D () C:\FRST
2014-11-21 18:18 - 2014-11-22 18:30 - 02118144 _____ (Farbar) C:\Users\Johannes\Desktop\FRST64.exe
2014-11-21 18:18 - 2014-11-21 18:18 - 00000478 _____ () C:\Users\Johannes\Desktop\defogger_disable.log
2014-11-21 18:18 - 2014-11-21 18:18 - 00000000 _____ () C:\Users\Johannes\defogger_reenable
2014-11-21 18:15 - 2014-11-21 18:15 - 00050477 _____ () C:\Users\Johannes\Desktop\Defogger.exe
2014-11-20 22:36 - 2014-11-20 22:36 - 00000000 ____D () C:\windows\ERUNT
2014-11-20 22:28 - 2014-11-22 18:21 - 00000000 ____D () C:\AdwCleaner
2014-11-19 16:56 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 16:56 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 16:56 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 16:56 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-18 20:30 - 2014-11-22 18:24 - 00000237 _____ () C:\Users\Johannes\Desktop\csgo.txt
2014-11-17 21:17 - 2014-11-17 21:19 - 207485208 _____ (Advanced Micro Devices, Inc.) C:\Users\Johannes\Downloads\13-9_win7_win8_64_dd_ccc_whql(1).exe
2014-11-17 21:07 - 2014-11-17 21:07 - 00891224 _____ (AMD) C:\Users\Johannes\Downloads\amddriverdownloader.exe
2014-11-16 14:38 - 2014-11-16 14:38 - 00056548 _____ () C:\windows\SysWOW64\CCCInstall_201411161438097924.log
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\ProgramData\ATI
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\ProgramData\AMD
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-16 14:37 - 2014-11-16 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-16 14:32 - 2014-11-16 14:32 - 00000000 ____D () C:\Program Files\AMD
2014-11-16 14:21 - 2014-11-16 14:24 - 286582040 _____ (AMD Inc.) C:\Users\Johannes\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
2014-11-16 14:01 - 2014-11-16 14:01 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-16 14:00 - 2014-11-16 14:25 - 00000000 ____D () C:\AMD
2014-11-16 13:54 - 2014-11-16 13:59 - 207485208 _____ (Advanced Micro Devices, Inc.) C:\Users\Johannes\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2014-11-12 17:25 - 2014-11-12 17:25 - 09698760 _____ (Nota Inc. ) C:\Users\Johannes\Downloads\Gyazo-2.3.0.exe
2014-11-12 17:25 - 2014-11-12 17:25 - 00003764 _____ () C:\windows\System32\Tasks\GyazoUpdateTaskMachine
2014-11-12 17:11 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-12 17:11 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-12 17:11 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-12 17:11 - 2014-10-27 21:32 - 17870336 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 17:11 - 2014-10-27 21:13 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 17:11 - 2014-10-27 21:12 - 10921472 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 17:11 - 2014-10-27 21:07 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 17:11 - 2014-10-27 21:06 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 17:11 - 2014-10-27 21:05 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 17:11 - 2014-10-27 21:05 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-11-12 17:11 - 2014-10-27 21:05 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 02157056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-12 17:11 - 2014-10-27 21:03 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 17:11 - 2014-10-27 21:03 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-11-12 17:11 - 2014-10-27 21:03 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-11-12 17:11 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 17:11 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 17:11 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 17:11 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 17:11 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 17:11 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 17:11 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-11-12 17:11 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-12 17:11 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-12 17:11 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-11-12 17:11 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-11-12 17:11 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 17:11 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 17:11 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 17:11 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 17:11 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 17:11 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 17:11 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-12 17:11 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 17:11 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 17:11 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 17:11 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 17:11 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 17:11 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 17:11 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 17:11 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 17:11 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 17:10 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 17:10 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 17:10 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 17:10 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-12 17:10 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 17:10 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 17:10 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 17:10 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-10 17:27 - 2014-11-10 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-04 20:56 - 2014-11-04 20:56 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TightVNC
2014-11-04 20:07 - 2014-11-04 20:07 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-11-04 20:07 - 2014-11-04 20:07 - 00000995 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-11-04 19:41 - 2014-11-04 19:41 - 00000000 ____D () C:\Users\Johannes\Documents\My Games
2014-11-04 17:07 - 2014-11-04 19:43 - 00000222 _____ () C:\Users\Johannes\Desktop\The Binding of Isaac Rebirth.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 18:30 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-22 18:30 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-22 18:23 - 2011-05-03 02:22 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-22 18:22 - 2011-06-29 23:01 - 00565830 _____ () C:\windows\PFRO.log
2014-11-22 18:22 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-22 18:22 - 2009-07-14 05:51 - 00173323 _____ () C:\windows\setupact.log
2014-11-22 18:21 - 2011-06-29 22:32 - 01288007 _____ () C:\windows\WindowsUpdate.log
2014-11-22 18:10 - 2011-12-27 00:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-22 12:25 - 2011-05-03 02:35 - 00000000 ____D () C:\windows\en
2014-11-22 11:54 - 2012-01-04 17:16 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D07EF50A-85F7-4C00-BDDA-5B79AFF39123}
2014-11-21 19:21 - 2014-01-18 00:54 - 00000000 ____D () C:\windows\Minidump
2014-11-21 19:21 - 2014-01-18 00:53 - 710771068 _____ () C:\windows\MEMORY.DMP
2014-11-21 18:18 - 2011-12-03 18:03 - 00000000 ____D () C:\Users\Johannes
2014-11-21 17:25 - 2011-05-03 02:10 - 00714300 _____ () C:\windows\system32\perfh007.dat
2014-11-21 17:25 - 2011-05-03 02:10 - 00156098 _____ () C:\windows\system32\perfc007.dat
2014-11-21 17:25 - 2009-07-14 06:13 - 01660510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-20 17:23 - 2014-07-08 16:26 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForJohannes
2014-11-20 17:23 - 2014-07-08 16:26 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForJohannes.job
2014-11-18 17:26 - 2012-01-01 21:13 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-18 17:26 - 2011-12-25 21:44 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-11-17 17:48 - 2011-12-04 01:58 - 00000000 ____D () C:\windows\rescache
2014-11-17 17:02 - 2012-04-02 08:47 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-17 17:02 - 2011-12-27 13:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-16 15:39 - 2011-12-27 13:17 - 00000000 ____D () C:\Users\Johannes\AppData\Local\CrashDumps
2014-11-16 14:58 - 2011-12-25 11:35 - 00000000 ____D () C:\Users\Peter
2014-11-16 14:58 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration
2014-11-16 14:36 - 2011-06-29 22:42 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-16 14:29 - 2014-08-14 16:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-16 01:12 - 2012-02-28 19:38 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TS3Client
2014-11-15 18:41 - 2012-12-18 20:28 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\HpUpdate
2014-11-14 16:32 - 2012-03-14 19:32 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Akamai
2014-11-13 16:39 - 2011-12-03 18:24 - 00110352 _____ () C:\Users\Johannes\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 16:23 - 2009-07-14 05:45 - 00410904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-12 23:16 - 2014-05-06 17:06 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-12 18:25 - 2012-05-06 18:15 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-11-12 17:35 - 2011-12-03 18:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 17:28 - 2013-08-15 18:19 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 17:25 - 2012-08-27 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-11-12 17:21 - 2011-12-03 18:59 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 16:59 - 2012-08-24 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 12:41 - 2014-09-15 15:40 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-08 12:41 - 2012-11-02 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-08 12:41 - 2012-11-02 17:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-04 21:58 - 2011-12-30 19:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-04 20:07 - 2012-01-14 13:56 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TeamViewer
2014-11-04 14:30 - 2011-12-03 18:21 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-30 18:11 - 2011-12-03 18:03 - 00003224 _____ () C:\windows\System32\Tasks\HPCeeScheduleForJOHANNES-HP$
2014-10-30 18:11 - 2011-12-03 18:03 - 00000348 _____ () C:\windows\Tasks\HPCeeScheduleForJOHANNES-HP$.job
2014-10-29 17:11 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-28 16:53 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-23 19:39 - 2011-05-03 01:45 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard

Some content of TEMP:
====================
C:\Users\Johannes\AppData\Local\Temp\AskSLib.dll
C:\Users\Johannes\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Johannes\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\DTLocker+-D-ParaDelay.exe
C:\Users\Johannes\AppData\Local\Temp\Extract.exe
C:\Users\Johannes\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Johannes\AppData\Local\Temp\install_flashplayer12x32au_mssd_aaa_aih.exe
C:\Users\Johannes\AppData\Local\Temp\mqermkms.dll
C:\Users\Johannes\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe
C:\Users\Johannes\AppData\Local\Temp\paint.net.4.0.3.install.exe
C:\Users\Johannes\AppData\Local\Temp\Quarantine.exe
C:\Users\Johannes\AppData\Local\Temp\Resource.exe
C:\Users\Johannes\AppData\Local\Temp\SP53858.exe
C:\Users\Johannes\AppData\Local\Temp\SP54972.exe
C:\Users\Johannes\AppData\Local\Temp\SP56729.exe
C:\Users\Johannes\AppData\Local\Temp\SP57014.exe
C:\Users\Johannes\AppData\Local\Temp\SP57555.exe
C:\Users\Johannes\AppData\Local\Temp\SP57556.exe
C:\Users\Johannes\AppData\Local\Temp\SP57879.exe
C:\Users\Johannes\AppData\Local\Temp\SP58268.exe
C:\Users\Johannes\AppData\Local\Temp\SP58647.exe
C:\Users\Johannes\AppData\Local\Temp\sp58915.exe
C:\Users\Johannes\AppData\Local\Temp\SP58930.exe
C:\Users\Johannes\AppData\Local\Temp\SP59118.exe
C:\Users\Johannes\AppData\Local\Temp\SP59151.exe
C:\Users\Johannes\AppData\Local\Temp\SP59196.exe
C:\Users\Johannes\AppData\Local\Temp\SP59202.exe
C:\Users\Johannes\AppData\Local\Temp\SP59213.exe
C:\Users\Johannes\AppData\Local\Temp\SP59291.exe
C:\Users\Johannes\AppData\Local\Temp\SP59529.exe
C:\Users\Johannes\AppData\Local\Temp\SP59530.exe
C:\Users\Johannes\AppData\Local\Temp\SP60095.exe
C:\Users\Johannes\AppData\Local\Temp\SP60686.exe
C:\Users\Johannes\AppData\Local\Temp\SP60769.exe
C:\Users\Johannes\AppData\Local\Temp\SP61104.exe
C:\Users\Johannes\AppData\Local\Temp\SP61411.exe
C:\Users\Johannes\AppData\Local\Temp\SP61423.exe
C:\Users\Johannes\AppData\Local\Temp\SP61823.exe
C:\Users\Johannes\AppData\Local\Temp\SP63779.exe
C:\Users\Johannes\AppData\Local\Temp\sp64126.exe
C:\Users\Johannes\AppData\Local\Temp\sqlite3.dll
C:\Users\Johannes\AppData\Local\Temp\uninst1.exe
C:\Users\Johannes\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Peter\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 17:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---


AdwCleaner und Junkware Removal Tool hatte ich schonmal vor meinem Beitrag in diesem Forum ausgeführt, deshalb wurde teilweise auch nichts mehr wirklich gefunden (falls das eine Rolle spielt).
__________________

Alt 23.11.2014, 14:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: TR/BProtector.Gen2  &  EXP/CVE-2012-1723.A1 gefunden! - Standard

Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.11.2014, 19:01   #5
drChef96
 
Windows7: TR/BProtector.Gen2  &  EXP/CVE-2012-1723.A1 gefunden! - Standard

Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!



Wie angefordert hier die neuen Logs:

ESET-Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6e389de1489a7746a9125b34902e2e92
# engine=21227
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-23 05:32:10
# local_time=2014-11-23 06:32:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 92267 282183620 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 89774 168393780 0 0
# scanned=315853
# found=13
# cleaned=0
# scan_time=8483
sh=91DF849B2AE30E03078694E6E256E0C15F2EA59C ft=1 fh=648c3ff72a5dc3cb vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1488422038-2814791348-2129004140-1002\$R8083ZK.exe"
sh=5EDC1022ED094C2BED0C34142FF8132456E5CB1D ft=1 fh=d3abce892e7b82f6 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1488422038-2814791348-2129004140-1002\$RAVFM80.exe"
sh=330364EA66581FB2C7710FF1A452486AF9F4338A ft=1 fh=342d8c41a0ecb1a8 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1488422038-2814791348-2129004140-1002\$RQT58VS.exe"
sh=FD5D1274D9E28F6AF00C6D0719FEFD0754798D6B ft=1 fh=e237b576c92c3fb8 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1488422038-2814791348-2129004140-1002\$RSMBQ3L.exe"
sh=596D78A7F03D1DAEE86BCCE8DD7713AA60E8F9E4 ft=1 fh=8eaf1d336ac02ccc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1488422038-2814791348-2129004140-1002\$RZ0PM7K.exe"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=7676D2F17068A9050BBBBE10908E75BC5D59B631 ft=1 fh=2d5c485f303dcc33 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johannes\AppData\Local\Temp\OCS\ocs_v6z.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johannes\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=EAB3A867FD239AD7D1D5416E8139D3D71F4140FA ft=1 fh=38338eb635a00b8a vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Johannes\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\831fc6f9901af1fd98115b5a10864eef\DeltaTB.exe.vir"
sh=C2CE7FE6ADA46C11A1006F7D4F9E0C4457443393 ft=1 fh=3cf6a2e5af2a0045 vn="Variante von Win32/Adware.AdvPCTweak Anwendung" ac=I fn="C:\Users\Johannes\AppData\Local\Temp\XcoGyUCj.exe.part"
sh=1B2983DD978DB886263B1740E4C7E0CA1CEF88C4 ft=1 fh=29f8994b325a4b60 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johannes\AppData\Local\Temp\CBB993BC-BAB0-7891-B450-D6D7D872DD06\Setup.exe"
sh=B56E298AA3EB2BBAEDEDEF1F751474750811B52F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johannes\AppData\Local\Temp\CBB993BC-BAB0-7891-B450-D6D7D872DD06\Latest\delta.crx"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Johannes\AppData\Local\Temp\CBB993BC-BAB0-7891-B450-D6D7D872DD06\Latest\IEHelper.dll"
         
SecurityCheck-Log:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 15.0.0.223  
 Adobe Reader XI  
 Mozilla Firefox (33.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
neues FRST-Log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 01
Ran by Johannes (administrator) on JOHANNES-HP on 23-11-2014 18:52:24
Running from C:\Users\Johannes\Desktop
Loaded Profiles: Johannes & Peter (Available profiles: Johannes & Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Akamai Technologies, Inc.) C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm108Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-11-19] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\MountPoints2: {8f71424b-8644-11e1-bee0-68a3c4f641c1} - D:\LaunchU3.exe -a
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKU\S-1-5-21-1488422038-2814791348-2129004140-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKU\S-1-5-21-1488422038-2814791348-2129004140-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\.DEFAULT -> {01A1E719-78CA-4756-BA03-4B7DDCD9F0F3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=70501de8-4b19-497a-bd3a-901d763d8869&apn_sauid=2238973F-F20E-4A09-BE90-5EA92D5E04A9
SearchScopes: HKU\S-1-5-21-1488422038-2814791348-2129004140-1002 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-1488422038-2814791348-2129004140-1004 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1488422038-2814791348-2129004140-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1488422038-2814791348-2129004140-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default
FF Homepage: https://www.youtube.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1488422038-2814791348-2129004140-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\abs@avira.com [2014-11-19]
FF Extension: HTTPS-Everywhere - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\https-everywhere@eff.org [2014-10-16]
FF Extension: YouTube Unblocker - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-20]
FF Extension: ipFuck - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\ipfuck@p4ul.info.xpi [2013-02-28]
FF Extension: Magic Actions for YouTube™ - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013-03-16]
FF Extension: NoScript - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-22]
FF Extension: {9ac7d46a-d278-4fba-acc6-2dc897e4d762} - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{9ac7d46a-d278-4fba-acc6-2dc897e4d762}.xpi [2013-10-29]
FF Extension: Adblock Plus - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-28]
FF Extension: PDF Print Wizard Light - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{d3a1baf2-1c0d-4144-ac5f-15108599e5c3}.xpi [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-08-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-08-26]
FF HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\extensions\cliqz@cliqz.com
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2013-02-01] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-04-06] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2013-04-26] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5400848 2014-11-03] (TeamViewer GmbH)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-07-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-09-14] (Qualcomm Atheros)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-07-22] ()
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [101288 2013-02-01] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158888 2013-02-01] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-07-18] (CACE Technologies)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-01-23] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-01-23] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2014-01-23] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 18:51 - 2014-11-23 18:51 - 00000728 _____ () C:\Users\Johannes\Desktop\checkup.txt
2014-11-23 18:39 - 2014-11-23 18:39 - 00854414 _____ () C:\Users\Johannes\Desktop\SecurityCheck.exe
2014-11-23 18:34 - 2014-11-23 18:32 - 00003803 _____ () C:\Users\Johannes\Desktop\eset.txt
2014-11-23 16:02 - 2014-11-23 16:02 - 02347384 _____ (ESET) C:\Users\Johannes\Desktop\esetsmartinstaller_deu.exe
2014-11-22 18:32 - 2014-11-22 18:32 - 00045579 _____ () C:\Users\Johannes\Desktop\FRST2.txt
2014-11-22 18:30 - 2014-11-22 18:30 - 00000000 ____D () C:\Users\Johannes\Desktop\FRST-OlderVersion
2014-11-22 18:29 - 2014-11-22 18:29 - 00000628 _____ () C:\Users\Johannes\Desktop\JRT.txt
2014-11-22 18:26 - 2014-11-22 18:26 - 01707532 _____ (Thisisu) C:\Users\Johannes\Desktop\JRT.exe
2014-11-22 18:23 - 2014-11-22 18:23 - 00000960 _____ () C:\Users\Johannes\Desktop\AdwCleaner[S1].txt
2014-11-22 18:17 - 2014-11-22 18:17 - 02140160 _____ () C:\Users\Johannes\Desktop\AdwCleaner_4.101.exe
2014-11-22 18:09 - 2014-11-22 18:09 - 00001207 _____ () C:\Users\Johannes\Desktop\mbam.txt
2014-11-22 11:58 - 2014-11-22 18:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-22 11:58 - 2014-11-22 11:58 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-22 11:58 - 2014-11-22 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-22 11:58 - 2014-11-22 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-22 11:58 - 2014-11-22 11:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-22 11:58 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-22 11:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-22 11:58 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-22 11:56 - 2014-11-22 11:56 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Johannes\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-21 19:30 - 2014-11-21 19:30 - 00000852 _____ () C:\Users\Johannes\Desktop\avira.txt
2014-11-21 19:21 - 2014-11-21 19:21 - 00262144 _____ () C:\windows\Minidump\112114-29858-01.dmp
2014-11-21 19:02 - 2014-11-21 19:02 - 00033594 _____ () C:\Users\Johannes\Desktop\Gmer.log
2014-11-21 18:39 - 2014-11-21 18:39 - 00262144 _____ () C:\windows\Minidump\112114-28953-01.dmp
2014-11-21 18:29 - 2014-11-21 18:29 - 00380416 _____ () C:\Users\Johannes\Desktop\Gmer-19357.exe
2014-11-21 18:22 - 2014-11-21 18:23 - 00036697 _____ () C:\Users\Johannes\Desktop\Addition.txt
2014-11-21 18:20 - 2014-11-23 18:52 - 00022441 _____ () C:\Users\Johannes\Desktop\FRST.txt
2014-11-21 18:20 - 2014-11-23 18:52 - 00000000 ____D () C:\FRST
2014-11-21 18:18 - 2014-11-22 18:30 - 02118144 _____ (Farbar) C:\Users\Johannes\Desktop\FRST64.exe
2014-11-21 18:18 - 2014-11-21 18:18 - 00000478 _____ () C:\Users\Johannes\Desktop\defogger_disable.log
2014-11-21 18:18 - 2014-11-21 18:18 - 00000000 _____ () C:\Users\Johannes\defogger_reenable
2014-11-21 18:15 - 2014-11-21 18:15 - 00050477 _____ () C:\Users\Johannes\Desktop\Defogger.exe
2014-11-20 22:36 - 2014-11-20 22:36 - 00000000 ____D () C:\windows\ERUNT
2014-11-20 22:28 - 2014-11-22 18:21 - 00000000 ____D () C:\AdwCleaner
2014-11-19 16:56 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 16:56 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 16:56 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 16:56 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-18 20:30 - 2014-11-23 18:39 - 00000239 _____ () C:\Users\Johannes\Desktop\csgo.txt
2014-11-17 21:17 - 2014-11-17 21:19 - 207485208 _____ (Advanced Micro Devices, Inc.) C:\Users\Johannes\Downloads\13-9_win7_win8_64_dd_ccc_whql(1).exe
2014-11-17 21:07 - 2014-11-17 21:07 - 00891224 _____ (AMD) C:\Users\Johannes\Downloads\amddriverdownloader.exe
2014-11-16 14:38 - 2014-11-16 14:38 - 00056548 _____ () C:\windows\SysWOW64\CCCInstall_201411161438097924.log
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\ProgramData\ATI
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\ProgramData\AMD
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-16 14:37 - 2014-11-16 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-16 14:32 - 2014-11-16 14:32 - 00000000 ____D () C:\Program Files\AMD
2014-11-16 14:21 - 2014-11-16 14:24 - 286582040 _____ (AMD Inc.) C:\Users\Johannes\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
2014-11-16 14:01 - 2014-11-16 14:01 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-16 14:00 - 2014-11-16 14:25 - 00000000 ____D () C:\AMD
2014-11-16 13:54 - 2014-11-16 13:59 - 207485208 _____ (Advanced Micro Devices, Inc.) C:\Users\Johannes\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2014-11-12 17:25 - 2014-11-12 17:25 - 09698760 _____ (Nota Inc. ) C:\Users\Johannes\Downloads\Gyazo-2.3.0.exe
2014-11-12 17:25 - 2014-11-12 17:25 - 00003764 _____ () C:\windows\System32\Tasks\GyazoUpdateTaskMachine
2014-11-12 17:11 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-12 17:11 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-12 17:11 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-12 17:11 - 2014-10-27 21:32 - 17870336 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 17:11 - 2014-10-27 21:13 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 17:11 - 2014-10-27 21:12 - 10921472 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 17:11 - 2014-10-27 21:07 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 17:11 - 2014-10-27 21:06 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 17:11 - 2014-10-27 21:05 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 17:11 - 2014-10-27 21:05 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-11-12 17:11 - 2014-10-27 21:05 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 02157056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-12 17:11 - 2014-10-27 21:03 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 17:11 - 2014-10-27 21:03 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-11-12 17:11 - 2014-10-27 21:03 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-11-12 17:11 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 17:11 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 17:11 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 17:11 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 17:11 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 17:11 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 17:11 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-11-12 17:11 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-12 17:11 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-12 17:11 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-11-12 17:11 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-11-12 17:11 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 17:11 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 17:11 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 17:11 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 17:11 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 17:11 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 17:11 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-12 17:11 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 17:11 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 17:11 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 17:11 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 17:11 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 17:11 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 17:11 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 17:11 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 17:11 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 17:10 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 17:10 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 17:10 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 17:10 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-12 17:10 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 17:10 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 17:10 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 17:10 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-10 17:27 - 2014-11-10 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-04 20:56 - 2014-11-04 20:56 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TightVNC
2014-11-04 20:07 - 2014-11-04 20:07 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-11-04 20:07 - 2014-11-04 20:07 - 00000995 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-11-04 19:41 - 2014-11-04 19:41 - 00000000 ____D () C:\Users\Johannes\Documents\My Games
2014-11-04 17:07 - 2014-11-04 19:43 - 00000222 _____ () C:\Users\Johannes\Desktop\The Binding of Isaac Rebirth.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 17:45 - 2011-06-29 22:32 - 01311188 _____ () C:\windows\WindowsUpdate.log
2014-11-23 16:07 - 2011-12-27 00:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-23 14:30 - 2012-01-04 17:16 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D07EF50A-85F7-4C00-BDDA-5B79AFF39123}
2014-11-23 13:12 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 13:12 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 13:05 - 2011-05-03 02:22 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-23 13:03 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-23 13:03 - 2009-07-14 05:51 - 00173491 _____ () C:\windows\setupact.log
2014-11-23 01:36 - 2012-02-28 19:38 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TS3Client
2014-11-22 19:28 - 2012-12-18 20:28 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\HpUpdate
2014-11-22 18:22 - 2011-06-29 23:01 - 00565830 _____ () C:\windows\PFRO.log
2014-11-22 17:06 - 2011-05-03 02:35 - 00000000 ____D () C:\windows\en
2014-11-21 19:21 - 2014-01-18 00:54 - 00000000 ____D () C:\windows\Minidump
2014-11-21 19:21 - 2014-01-18 00:53 - 710771068 _____ () C:\windows\MEMORY.DMP
2014-11-21 18:18 - 2011-12-03 18:03 - 00000000 ____D () C:\Users\Johannes
2014-11-21 17:25 - 2011-05-03 02:10 - 00714300 _____ () C:\windows\system32\perfh007.dat
2014-11-21 17:25 - 2011-05-03 02:10 - 00156098 _____ () C:\windows\system32\perfc007.dat
2014-11-21 17:25 - 2009-07-14 06:13 - 01660510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-20 17:23 - 2014-07-08 16:26 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForJohannes
2014-11-20 17:23 - 2014-07-08 16:26 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForJohannes.job
2014-11-18 17:26 - 2012-01-01 21:13 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-18 17:26 - 2011-12-25 21:44 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-11-17 17:48 - 2011-12-04 01:58 - 00000000 ____D () C:\windows\rescache
2014-11-17 17:02 - 2012-04-02 08:47 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-17 17:02 - 2011-12-27 13:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-16 15:39 - 2011-12-27 13:17 - 00000000 ____D () C:\Users\Johannes\AppData\Local\CrashDumps
2014-11-16 14:58 - 2011-12-25 11:35 - 00000000 ____D () C:\Users\Peter
2014-11-16 14:58 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration
2014-11-16 14:36 - 2011-06-29 22:42 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-16 14:29 - 2014-08-14 16:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-14 16:32 - 2012-03-14 19:32 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Akamai
2014-11-13 16:39 - 2011-12-03 18:24 - 00110352 _____ () C:\Users\Johannes\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 16:23 - 2009-07-14 05:45 - 00410904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-12 23:16 - 2014-05-06 17:06 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-12 18:25 - 2012-05-06 18:15 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-11-12 17:35 - 2011-12-03 18:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 17:28 - 2013-08-15 18:19 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 17:25 - 2012-08-27 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-11-12 17:21 - 2011-12-03 18:59 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 16:59 - 2012-08-24 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 12:41 - 2014-09-15 15:40 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-08 12:41 - 2012-11-02 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-08 12:41 - 2012-11-02 17:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-04 21:58 - 2011-12-30 19:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-04 20:07 - 2012-01-14 13:56 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TeamViewer
2014-11-04 14:30 - 2011-12-03 18:21 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-30 18:11 - 2011-12-03 18:03 - 00003224 _____ () C:\windows\System32\Tasks\HPCeeScheduleForJOHANNES-HP$
2014-10-30 18:11 - 2011-12-03 18:03 - 00000348 _____ () C:\windows\Tasks\HPCeeScheduleForJOHANNES-HP$.job
2014-10-29 17:11 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-28 16:53 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

Some content of TEMP:
====================
C:\Users\Johannes\AppData\Local\Temp\AskSLib.dll
C:\Users\Johannes\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Johannes\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\DTLocker+-D-ParaDelay.exe
C:\Users\Johannes\AppData\Local\Temp\Extract.exe
C:\Users\Johannes\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Johannes\AppData\Local\Temp\install_flashplayer12x32au_mssd_aaa_aih.exe
C:\Users\Johannes\AppData\Local\Temp\mqermkms.dll
C:\Users\Johannes\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe
C:\Users\Johannes\AppData\Local\Temp\paint.net.4.0.3.install.exe
C:\Users\Johannes\AppData\Local\Temp\Quarantine.exe
C:\Users\Johannes\AppData\Local\Temp\Resource.exe
C:\Users\Johannes\AppData\Local\Temp\SP53858.exe
C:\Users\Johannes\AppData\Local\Temp\SP54972.exe
C:\Users\Johannes\AppData\Local\Temp\SP56729.exe
C:\Users\Johannes\AppData\Local\Temp\SP57014.exe
C:\Users\Johannes\AppData\Local\Temp\SP57555.exe
C:\Users\Johannes\AppData\Local\Temp\SP57556.exe
C:\Users\Johannes\AppData\Local\Temp\SP57879.exe
C:\Users\Johannes\AppData\Local\Temp\SP58268.exe
C:\Users\Johannes\AppData\Local\Temp\SP58647.exe
C:\Users\Johannes\AppData\Local\Temp\sp58915.exe
C:\Users\Johannes\AppData\Local\Temp\SP58930.exe
C:\Users\Johannes\AppData\Local\Temp\SP59118.exe
C:\Users\Johannes\AppData\Local\Temp\SP59151.exe
C:\Users\Johannes\AppData\Local\Temp\SP59196.exe
C:\Users\Johannes\AppData\Local\Temp\SP59202.exe
C:\Users\Johannes\AppData\Local\Temp\SP59213.exe
C:\Users\Johannes\AppData\Local\Temp\SP59291.exe
C:\Users\Johannes\AppData\Local\Temp\SP59529.exe
C:\Users\Johannes\AppData\Local\Temp\SP59530.exe
C:\Users\Johannes\AppData\Local\Temp\SP60095.exe
C:\Users\Johannes\AppData\Local\Temp\SP60686.exe
C:\Users\Johannes\AppData\Local\Temp\SP60769.exe
C:\Users\Johannes\AppData\Local\Temp\SP61104.exe
C:\Users\Johannes\AppData\Local\Temp\SP61411.exe
C:\Users\Johannes\AppData\Local\Temp\SP61423.exe
C:\Users\Johannes\AppData\Local\Temp\SP61823.exe
C:\Users\Johannes\AppData\Local\Temp\SP63779.exe
C:\Users\Johannes\AppData\Local\Temp\sp64126.exe
C:\Users\Johannes\AppData\Local\Temp\sqlite3.dll
C:\Users\Johannes\AppData\Local\Temp\uninst1.exe
C:\Users\Johannes\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Peter\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 17:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Auf die Frage, ob es noch Probleme gibt, bin ich mir etwas unschlüssig.

Wirkliche Probleme hatte ich ja nie. ESET findet aber trotz vorher angewandten "Clean-Programmen" immernoch einen ganzen Haufen Einträge.


Alt 24.11.2014, 17:58   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: TR/BProtector.Gen2  &  EXP/CVE-2012-1723.A1 gefunden! - Standard

Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!



Das meiste ist aber schon in Quarantäne oder nur im Papierkorb


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\$Recycle.Bin
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!

Alt 24.11.2014, 20:40   #7
drChef96
 
Windows7: TR/BProtector.Gen2  &  EXP/CVE-2012-1723.A1 gefunden! - Standard

Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!



Den Inhalt der Fixlog.txt kann ich dir leider nicht posten, da Delfix mir diese gelöscht hat, bevor ich sie retten konnte.

Ich hatte sie mir zuvor noch angeschaut und es schien jede Aktion problemlos funktioniert zu haben. Am Ende war noch ein Systemneustart erforderlich.

Falls dir dies genügt und wir hier am Ende sind, bleibt mir nicht mehr viel als mich zu bedanken. Vielen Dank für die tolle und schnelle Unterstützung deinerseits! Ich hoffe du kannst noch vielen weiteren Nutzern so kompetent unter die Arme greifen.

Alt 25.11.2014, 16:39   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: TR/BProtector.Gen2  &  EXP/CVE-2012-1723.A1 gefunden! - Standard

Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!



Passt schon

Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!
adware, bingbar, bluescreen, bprotector.gen2, converter, device driver, dvdvideosoft ltd., exp/cve-2012-1723.a1, fehlercode 0xc0000005, fehlercode windows, firefox 33.1, homepage, installation, rundll, services.exe, svchost.exe, symantec, tr/bprotector.gen2, win32/adware.advpctweak, win32/downloadsponsor.a, win32/toolbar.babylon.a, win32/toolbar.babylon.e, win32/toolbar.babylon.i, win32/toolbar.conduit, windows



Ähnliche Themen: Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!


  1. Windows7: Trojaner EXP/CVE-2013-0422 und EXP/CVE-2012-4681 gefunden
    Log-Analyse und Auswertung - 02.05.2015 (21)
  2. Windows7: Trojaner EXP/CVE-2013-0422 und EXP/CVE-2012-4681 gefunden
    Mülltonne - 08.04.2015 (3)
  3. Ich hab auch TR/BProtector.Gen2 gefunden.
    Log-Analyse und Auswertung - 24.10.2014 (21)
  4. habe TR/BProtector.Gen2 gefunden - komme nicht weiter
    Plagegeister aller Art und deren Bekämpfung - 11.10.2014 (11)
  5. TR/BProtector.Gen2 von Avira gefunden.
    Plagegeister aller Art und deren Bekämpfung - 15.04.2014 (4)
  6. Kaspersky findet 2 trojanische Programme (Windows 7): HEUR:Exploit.Java.CVE-2012-1723.gen und Exploit.Java.CVE-2012-1723.nh
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (14)
  7. Kaspersky - gefunden: HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (5)
  8. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen in c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\34\ gefunden
    Log-Analyse und Auswertung - 30.05.2013 (7)
  9. Avira meldet W32/Patched.UC, TR/ATRAPS.Gen2, TR/Gendal.15360, JAVA/Joegek.KY, BDS/ZAccess.AY, EXP/CVE-2012-1723
    Log-Analyse und Auswertung - 27.05.2013 (9)
  10. Trojaner gefunden: HEUR:Exploit.Java.CVE-2012-1723.gen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (3)
  11. EXP/CVE-2012-1723.A.1 durch Antivirus gefunden, Erpressungstrojaner?
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (11)
  12. EXP/2012-1723.FY.1, EXP/2012-1723.FX.1 gefunden, was tun?
    Plagegeister aller Art und deren Bekämpfung - 20.12.2012 (3)
  13. Virus "exp/cve-2012-1723.A.597" von antivir gefunden; malware-bytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (29)
  14. EXP/CVE-2012-1723.A.300 und EXP/2012-1723.FO.2
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (77)
  15. Java/Exploit.CVE-2012-1723 auf meinem PC gefunden
    Log-Analyse und Auswertung - 05.09.2012 (1)
  16. TR/Crypt.ZPACK.Gen2 und EXP/2012-0507.CR von Avira gefunden, Konto gesperrt.
    Log-Analyse und Auswertung - 16.08.2012 (7)
  17. Konto leergeräumt! Exploits EXP/CVE-2012-1723.Z und Spyware.Zbot.OUT gefunden!
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (5)

Zum Thema Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden! - Guten Tag liebes Trojaner-Board-Team, wie schon im Titel erwähnt hat mein Avira 2 Viren gefunden, welche direkt in Qarantäne gesteckt wurden. Zweiterer wurde schon länger gefunden. Beide Viren hatten bisher - Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!...
Archiv
Du betrachtest: Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.