Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Adware.browsefox.aom

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.12.2014, 10:59   #1
Casy66
 
Adware.browsefox.aom - Standard

Adware.browsefox.aom



Hallo liebes Trojaner-Board,
ich habe zurzeit ein Problem! Es geht um adware.browsefox.
Avast hat mir gemeldet, dass ich eine kritische Browerereiterunger besitze.
Ich entfernte sie und Avira meldete nach einigen scans wieder diesen Virus und das 6x Mal.
Insgesamt ist mein Laptop ziemlich Lahm und hat eine CDU-Auslastung 90%. Selbst bei einfachen Anwendung zeigt er mir oft an das der Grafiktreiber anscheinend nicht richtig funktioniert. Selbst Solitair funktioniert nur mit rucklern.
Ich besitze diesen Laptop erst seit Oktober.
Meine Tochter hatte mir gesagt ich solle Hijacked machen und den Log hier posten:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:56:40, on 03.12.2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\PHotkey\HCSynApi.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Carmen\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CyberLink PowerDVD 10 MS Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 10 MS Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8470 bytes



Vielen Dank für eure Hilfe!

Alt 04.12.2014, 11:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Adware.browsefox.aom - Standard

Adware.browsefox.aom



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 04.12.2014, 15:11   #3
Casy66
 
Adware.browsefox.aom - Standard

Adware.browsefox.aom



Als erstes die FRST.txt
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Carmen (administrator) on HCS on 04-12-2014 16:05:40
Running from C:\Users\Carmen\Downloads
Loaded Profile: Carmen (Available profiles: Carmen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3201879546-1506140658-4254453320-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-maps.xml
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]
CHR Extension: (Google Docs) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]
CHR Extension: (Google Drive) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15]
CHR Extension: (YouTube) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]
CHR Extension: (Google Search) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]
CHR Extension: (Google Sheets) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]
CHR Extension: (Avast Online Security) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-15]
CHR Extension: (Google Wallet) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]
CHR Extension: (Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] ()
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S1 {32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64; system32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys [X]
S1 {84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64; system32\drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys [X]
S1 {94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64; system32\drivers\{94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64.sys [X]
S1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; system32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 16:05 - 2014-12-04 16:06 - 00014508 _____ () C:\Users\Carmen\Downloads\FRST.txt
2014-12-04 16:05 - 2014-12-04 16:05 - 00000000 ____D () C:\FRST
2014-12-04 16:04 - 2014-12-04 16:04 - 02117632 _____ (Farbar) C:\Users\Carmen\Downloads\FRST64.exe
2014-12-04 07:41 - 2014-12-04 07:41 - 00000350 _____ () C:\Windows\PFRO.log
2014-12-03 17:04 - 2014-12-03 17:04 - 00008471 _____ () C:\Users\Carmen\Desktop\hijackthis.log
2014-12-03 16:54 - 2014-12-03 16:55 - 01174352 _____ () C:\Users\Carmen\Downloads\HijackThis - CHIP-Installer.exe
2014-12-01 13:16 - 2014-12-01 13:16 - 00008285 _____ () C:\Users\Carmen\Downloads\hijackthis.log
2014-12-01 13:14 - 2014-12-01 13:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Carmen\Downloads\hijackthis.exe
2014-11-29 11:35 - 2014-11-29 11:36 - 00086266 _____ () C:\Users\Carmen\Documents\cc_20141129_113548.reg
2014-11-27 13:58 - 2014-11-27 13:59 - 05162080 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup500.exe
2014-11-25 11:12 - 2014-11-27 13:59 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-25 11:12 - 2014-11-27 13:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-25 11:12 - 2014-11-25 11:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-25 11:12 - 2014-11-25 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-25 11:11 - 2014-11-25 11:11 - 04974864 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup419.exe
2014-11-21 12:55 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141121-125534.backup
2014-11-21 11:05 - 2014-11-21 12:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-21 11:05 - 2014-11-21 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-21 11:05 - 2014-11-21 11:05 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-21 11:05 - 2014-11-21 11:05 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-21 11:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-21 11:01 - 2014-11-21 11:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carmen\Downloads\spybot-2.4.exe
2014-11-21 09:20 - 2014-11-21 09:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-11-21 09:19 - 2014-11-21 09:19 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-21 09:16 - 2014-11-21 09:16 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Avira
2014-11-21 09:15 - 2014-11-21 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-21 09:15 - 2014-11-21 09:15 - 00002090 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-21 09:14 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-21 09:14 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-21 09:14 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-21 09:13 - 2014-11-21 09:18 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-21 09:13 - 2014-11-21 09:17 - 00000000 ____D () C:\ProgramData\Avira
2014-11-21 08:38 - 2014-11-21 08:46 - 151804352 _____ () C:\Users\Carmen\Downloads\avira_free_antivirus_de.exe
2014-11-21 08:18 - 2014-11-21 08:18 - 00000197 _____ () C:\Windows\system32\2014-11-21-07-18-19.097-AvastVBoxSVC.exe-2480.log
2014-11-21 07:54 - 2014-12-03 20:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 07:53 - 2014-11-21 07:53 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-21 07:53 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 07:53 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 07:53 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-21 07:52 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-11-21 07:52 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-11-21 07:50 - 2014-11-21 07:50 - 01125200 _____ () C:\Users\Carmen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-21 07:45 - 2014-11-21 07:46 - 00000197 _____ () C:\Windows\system32\2014-11-21-06-45-50.087-AvastVBoxSVC.exe-2588.log
2014-11-21 07:08 - 2014-11-21 07:46 - 00000000 ____D () C:\AdwCleaner
2014-11-21 07:08 - 2014-11-21 07:08 - 02140160 _____ () C:\Users\Carmen\Downloads\adwcleaner_4.101.exe
2014-11-21 07:05 - 2014-11-21 07:05 - 00000000 ____D () C:\Users\Carmen\Old Firefox Data
2014-11-20 07:56 - 2014-11-20 07:56 - 00000197 _____ () C:\Windows\system32\2014-11-20-06-56-27.099-AvastVBoxSVC.exe-2592.log
2014-11-19 14:08 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 14:08 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 14:08 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 14:08 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 09:10 - 2014-11-19 09:23 - 00000000 ____D () C:\Users\Carmen\Desktop\Hagen
2014-11-15 22:48 - 2014-11-15 22:48 - 00000197 _____ () C:\Windows\system32\2014-11-15-21-48-57.000-AvastVBoxSVC.exe-2620.log
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieUserList
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieSiteList
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieBrowserModeList
2014-11-15 20:04 - 2014-11-15 20:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-15 20:04 - 2014-11-15 20:07 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Google
2014-11-15 20:02 - 2014-11-15 20:01 - 00784840 _____ (Google Inc.) C:\Users\Carmen\Downloads\google-chrome.exe
2014-11-14 13:45 - 2014-11-25 08:44 - 00007605 _____ () C:\Users\Carmen\AppData\Local\Resmon.ResmonCfg
2014-11-14 13:42 - 2014-11-14 13:43 - 00000197 _____ () C:\Windows\system32\2014-11-14-12-42-59.089-AvastVBoxSVC.exe-2640.log
2014-11-14 13:20 - 2014-11-14 13:48 - 00000000 ____D () C:\Windows\softwaredistribution.bak2
2014-11-12 09:48 - 2014-11-13 06:23 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-11-12 09:05 - 2014-11-12 09:05 - 00000197 _____ () C:\Windows\system32\2014-11-12-08-05-42.045-AvastVBoxSVC.exe-3016.log
2014-11-12 04:08 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 04:08 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 04:08 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 04:08 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-12 04:08 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 04:07 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 04:07 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-12 04:07 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-12 04:07 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 04:07 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 04:07 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-12 04:07 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-12 04:07 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-12 04:07 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 04:07 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 04:07 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-12 04:07 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 04:07 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 04:06 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-12 04:06 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-12 04:06 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-12 04:06 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-12 04:06 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-12 04:06 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-12 04:06 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-12 04:06 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-12 04:06 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-12 04:06 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-12 04:06 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-12 04:06 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-12 04:06 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-12 04:06 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-12 04:06 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-12 04:06 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-12 04:06 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 04:06 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 04:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-12 04:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 04:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 04:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-12 04:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 04:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 04:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 04:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 04:05 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-12 04:05 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 04:05 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-12 04:05 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 04:05 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-12 04:05 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-12 04:05 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-12 04:04 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 04:04 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 04:02 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 04:01 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 04:01 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 04:01 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-12 04:01 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 04:01 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 04:01 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 04:01 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 04:01 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 04:01 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 04:00 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-12 04:00 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 04:00 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-12 04:00 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-12 04:00 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 04:00 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 04:00 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 04:00 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 04:00 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 04:00 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-12 04:00 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 04:00 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 04:00 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 04:00 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-12 04:00 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 04:00 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-12 04:00 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 04:00 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 04:00 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 04:00 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 04:00 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-12 04:00 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 04:00 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 04:00 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 04:00 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-12 04:00 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-12 04:00 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 04:00 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 04:00 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 04:00 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-12 04:00 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 04:00 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-12 04:00 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-12 04:00 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 04:00 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 04:00 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 04:00 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 04:00 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-12 04:00 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-12 04:00 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-12 04:00 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 04:00 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-12 04:00 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-12 04:00 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 04:00 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 04:00 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 04:00 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 04:00 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-12 04:00 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 04:00 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 04:00 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 04:00 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 04:00 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 04:00 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 04:00 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-12 04:00 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 04:00 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-12 04:00 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 04:00 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 04:00 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 04:00 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-12 04:00 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 04:00 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 04:00 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-12 04:00 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 04:00 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-12 04:00 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 04:00 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 04:00 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 04:00 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-12 04:00 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 04:00 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-12 04:00 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-12 04:00 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-12 04:00 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 04:00 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 04:00 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 04:00 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-12 04:00 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-12 04:00 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 03:58 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 03:58 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 03:58 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-11-12 03:58 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 03:58 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-11-12 03:58 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 03:58 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 03:58 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 03:58 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 03:58 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 03:58 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-12 03:58 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 03:58 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 03:58 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 03:58 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 03:58 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 03:58 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 03:58 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 03:58 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-12 03:58 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 03:58 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-12 03:58 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 03:58 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-12 03:58 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-12 03:58 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-12 03:58 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-12 03:58 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-12 03:58 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-12 03:58 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-12 03:58 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-12 03:58 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-12 03:58 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 03:58 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 03:58 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-12 03:58 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 03:58 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-12 03:58 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-12 03:58 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 03:58 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 03:58 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 03:58 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 03:58 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 03:58 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 03:58 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-12 03:58 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-12 03:58 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-11 06:38 - 2014-11-15 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 23:03 - 2014-11-08 23:03 - 00000197 _____ () C:\Windows\system32\2014-11-08-22-03-42.045-AvastVBoxSVC.exe-2488.log
2014-11-08 23:01 - 2014-11-25 11:13 - 00000000 ____D () C:\Windows\Minidump
2014-11-07 13:56 - 2014-11-07 13:56 - 00000247 _____ () C:\Windows\system32\2014-11-07-12-56-32.033-aswFe.exe-5364.log
2014-11-07 13:49 - 2014-11-07 13:56 - 00000247 _____ () C:\Windows\system32\2014-11-07-12-49-21.083-aswFe.exe-5532.log
2014-11-07 13:35 - 2014-11-07 13:35 - 00000197 _____ () C:\Windows\system32\2014-11-07-12-35-48.097-AvastVBoxSVC.exe-1712.log
2014-11-07 12:19 - 2014-11-07 13:35 - 00000247 _____ () C:\Windows\system32\2014-11-07-11-19-51.083-aswFe.exe-5812.log
2014-11-07 11:04 - 2014-11-07 12:19 - 00000247 _____ () C:\Windows\system32\2014-11-07-10-04-33.084-aswFe.exe-1476.log
2014-11-07 11:04 - 2014-11-07 11:04 - 00000197 _____ () C:\Windows\system32\2014-11-07-10-04-29.080-AvastVBoxSVC.exe-2492.log
2014-11-07 10:55 - 2014-11-07 10:55 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-07 10:55 - 2014-11-07 10:55 - 00000000 ____D () C:\Windows\system32\vbox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 16:02 - 2014-10-07 09:30 - 00280131 _____ () C:\Users\Carmen\AppData\Local\BTServer.log
2014-12-04 16:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-04 12:37 - 2014-10-07 10:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-04 12:37 - 2014-10-07 09:39 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17783682-5FE5-4D6A-AFA8-39BA44C454C6}
2014-12-04 11:54 - 2014-10-07 09:24 - 01443559 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 07:46 - 2013-10-07 06:32 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-04 07:46 - 2013-10-07 06:32 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-04 07:46 - 2013-10-07 06:11 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-04 07:41 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 07:40 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-02 10:12 - 2014-10-07 09:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3201879546-1506140658-4254453320-1001
2014-12-02 09:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-01 13:15 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\AppData\Local\VirtualStore
2014-11-26 10:35 - 2014-10-09 10:38 - 00000000 ____D () C:\Users\Carmen\Desktop\Carmen
2014-11-26 07:00 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-26 06:38 - 2014-10-07 10:39 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 11:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-25 11:13 - 2013-10-07 07:05 - 00000000 ____D () C:\Windows\Panther
2014-11-21 13:56 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen
2014-11-21 09:24 - 2014-10-08 05:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-21 09:19 - 2013-10-08 12:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-21 08:24 - 2014-10-07 10:37 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Adobe
2014-11-21 08:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2014-11-21 07:43 - 2014-10-10 11:00 - 00000000 ____D () C:\Users\Carmen\Desktop\Programme
2014-11-21 07:02 - 2014-10-07 15:10 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-21 07:02 - 2014-10-07 15:10 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-21 07:02 - 2014-10-07 09:30 - 00001458 _____ () C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-21 07:02 - 2013-10-22 11:55 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2014-11-21 07:02 - 2013-10-22 11:55 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2014-11-20 21:51 - 2013-08-22 16:38 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 21:51 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-15 07:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-11-12 14:38 - 2014-10-15 08:06 - 00000000 ____D () C:\Users\Carmen\Desktop\Jasmin
2014-11-12 09:03 - 2013-08-22 15:44 - 00368792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 09:02 - 2014-10-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 07:51 - 2014-10-12 10:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 07:51 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 07:11 - 2014-10-13 12:57 - 00105984 ___SH () C:\Users\Carmen\Desktop\Thumbs.db
2014-11-12 07:09 - 2014-10-09 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 07:04 - 2013-10-07 07:12 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-07 11:36 - 2014-10-09 10:08 - 00000000 ____D () C:\Users\Carmen\Desktop\Schottlandtour Jul_Aug14

Some content of TEMP:
====================
C:\Users\Carmen\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-02 07:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Hier die Addition:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Carmen at 2014-12-04 16:08:01
Running from C:\Users\Carmen\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Outlook 2013 Packages (HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Outlook 2013 Packages) (Version:  - ) <==== ATTENTION
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0092 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.093013 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-11-2014 06:07:56 Geplanter Prüfpunkt
21-11-2014 08:19:50 avast! antivirus system restore point
26-11-2014 05:59:39 Windows Update
04-12-2014 05:57:56 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {198AF2E5-7DB1-4230-9A28-6E62069DA172} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {3F82D7EA-B2DA-4C8A-AC14-40A169815E25} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: {66FBF1BD-D577-481A-BF78-5A14B0CEF6F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {7913A038-3BFE-4DE7-B433-E5DFF40D7999} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {B876D1E2-B100-4690-921E-5ACDD4336C93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {C300D883-DE82-485F-98F9-F92EE4A44956} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {E203C98C-6294-4879-809F-2FF5AAB87394} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {FF6B227B-3D3A-4BEB-A425-B5D3F8EDB02F} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-08 12:22 - 2013-06-27 09:56 - 00160768 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-10-08 12:17 - 2013-09-26 20:08 - 00061440 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-10-07 08:29 - 2013-03-06 14:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-10-08 12:22 - 2013-09-11 11:41 - 02216960 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-10-08 12:22 - 2010-12-17 14:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-10-08 12:22 - 2012-10-23 18:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-08-08 16:53 - 2013-08-08 16:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-11-21 11:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-21 11:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-21 11:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-21 11:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-21 11:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-08 12:22 - 2009-12-18 15:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-10-08 12:22 - 2009-12-18 15:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-10-07 08:28 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-11 06:38 - 2014-11-11 06:38 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3201879546-1506140658-4254453320-500 - Administrator - Disabled)
Carmen (S-1-5-21-3201879546-1506140658-4254453320-1001 - Administrator - Enabled) => C:\Users\Carmen
Gast (S-1-5-21-3201879546-1506140658-4254453320-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3201879546-1506140658-4254453320-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2014 02:06:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/04/2014 00:04:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/04/2014 10:09:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/04/2014 08:11:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/04/2014 07:39:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HCS)
Description: Das Paket „Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (12/04/2014 06:27:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/03/2014 11:03:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/03/2014 08:01:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/03/2014 06:13:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/03/2014 04:28:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (12/04/2014 07:40:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (12/04/2014 06:57:48 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/04/2014 06:57:18 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/03/2014 06:56:18 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/03/2014 06:55:48 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/02/2014 07:55:20 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/02/2014 07:54:49 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/02/2014 07:40:45 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/02/2014 07:40:15 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/02/2014 07:06:22 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (12/04/2014 02:06:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/04/2014 00:04:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/04/2014 10:09:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/04/2014 08:11:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/04/2014 07:39:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HCS)
Description: Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe+App

Error: (12/04/2014 06:27:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/03/2014 11:03:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/03/2014 08:01:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/03/2014 06:13:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/03/2014 04:28:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2910 @ 1.60GHz
Percentage of memory in use: 37%
Total physical RAM: 3976.19 MB
Available physical RAM: 2494.78 MB
Total Pagefile: 8072.19 MB
Available Pagefile: 6242.78 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:346.57 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Carmen at 2014-12-04 16:08:01
Running from C:\Users\Carmen\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Outlook 2013 Packages (HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Outlook 2013 Packages) (Version:  - ) <==== ATTENTION
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0092 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.093013 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-11-2014 06:07:56 Geplanter Prüfpunkt
21-11-2014 08:19:50 avast! antivirus system restore point
26-11-2014 05:59:39 Windows Update
04-12-2014 05:57:56 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {198AF2E5-7DB1-4230-9A28-6E62069DA172} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {3F82D7EA-B2DA-4C8A-AC14-40A169815E25} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: {66FBF1BD-D577-481A-BF78-5A14B0CEF6F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {7913A038-3BFE-4DE7-B433-E5DFF40D7999} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {B876D1E2-B100-4690-921E-5ACDD4336C93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {C300D883-DE82-485F-98F9-F92EE4A44956} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {E203C98C-6294-4879-809F-2FF5AAB87394} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {FF6B227B-3D3A-4BEB-A425-B5D3F8EDB02F} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-08 12:22 - 2013-06-27 09:56 - 00160768 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-10-08 12:17 - 2013-09-26 20:08 - 00061440 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-10-07 08:29 - 2013-03-06 14:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-10-08 12:22 - 2013-09-11 11:41 - 02216960 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-10-08 12:22 - 2010-12-17 14:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-10-08 12:22 - 2012-10-23 18:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-08-08 16:53 - 2013-08-08 16:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-11-21 11:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-21 11:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-21 11:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-21 11:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-21 11:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-08 12:22 - 2009-12-18 15:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-10-08 12:22 - 2009-12-18 15:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-10-07 08:28 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-11 06:38 - 2014-11-11 06:38 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3201879546-1506140658-4254453320-500 - Administrator - Disabled)
Carmen (S-1-5-21-3201879546-1506140658-4254453320-1001 - Administrator - Enabled) => C:\Users\Carmen
Gast (S-1-5-21-3201879546-1506140658-4254453320-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3201879546-1506140658-4254453320-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2014 02:06:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/04/2014 00:04:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/04/2014 10:09:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/04/2014 08:11:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/04/2014 07:39:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HCS)
Description: Das Paket „Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (12/04/2014 06:27:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/03/2014 11:03:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/03/2014 08:01:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/03/2014 06:13:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/03/2014 04:28:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (12/04/2014 07:40:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (12/04/2014 06:57:48 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/04/2014 06:57:18 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/03/2014 06:56:18 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/03/2014 06:55:48 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/02/2014 07:55:20 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/02/2014 07:54:49 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/02/2014 07:40:45 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/02/2014 07:40:15 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/02/2014 07:06:22 AM) (Source: DCOM) (EventID: 10010) (User: HCS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (12/04/2014 02:06:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/04/2014 00:04:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/04/2014 10:09:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/04/2014 08:11:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/04/2014 07:39:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HCS)
Description: Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe+App

Error: (12/04/2014 06:27:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/03/2014 11:03:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/03/2014 08:01:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/03/2014 06:13:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148

Error: (12/03/2014 04:28:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HCS)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2910 @ 1.60GHz
Percentage of memory in use: 37%
Total physical RAM: 3976.19 MB
Available physical RAM: 2494.78 MB
Total Pagefile: 8072.19 MB
Available Pagefile: 6242.78 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:346.57 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 05.12.2014, 14:48   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Adware.browsefox.aom - Standard

Adware.browsefox.aom



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Outlook 2013 Packages

    Outlook 2013 Packages


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.12.2014, 18:50   #5
Casy66
 
Adware.browsefox.aom - Standard

Adware.browsefox.aom



Zuerst die FRST:
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2014 01
Ran by Carmen (administrator) on HCS on 10-12-2014 18:00:48
Running from C:\Users\Carmen\Downloads
Loaded Profiles: Carmen &  (Available profiles: Carmen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe\Solitaire.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3201879546-1506140658-4254453320-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3201879546-1506140658-4254453320-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-maps.xml

Chrome: 
=======
CHR Profile: C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]
CHR Extension: (Google Docs) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]
CHR Extension: (Google Drive) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15]
CHR Extension: (YouTube) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]
CHR Extension: (Google Search) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]
CHR Extension: (Google Sheets) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]
CHR Extension: (Avast Online Security) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-15]
CHR Extension: (Google Wallet) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]
CHR Extension: (Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] ()
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S1 {32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64; system32\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys [X]
S1 {84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64; system32\drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys [X]
S1 {94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64; system32\drivers\{94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64.sys [X]
S1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; system32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 18:00 - 2014-12-10 18:00 - 00000000 ____D () C:\Users\Carmen\Downloads\FRST-OlderVersion
2014-12-10 17:57 - 2014-12-10 17:57 - 00001191 _____ () C:\Users\Carmen\Desktop\mbam.txt
2014-12-10 17:31 - 2014-12-10 17:31 - 00001288 _____ () C:\Users\Carmen\Desktop\Revo Uninstaller.lnk
2014-12-10 17:31 - 2014-12-10 17:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-10 17:30 - 2014-12-10 17:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Carmen\Downloads\revosetup95.exe
2014-12-10 16:26 - 2014-12-10 16:26 - 00026618 _____ () C:\Users\Carmen\Desktop\trojanerboard.odt
2014-12-10 14:45 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 14:45 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 08:37 - 2014-12-10 08:37 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 07:15 - 2014-12-10 07:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 07:05 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 07:05 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 07:05 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 07:05 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 06:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 06:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 06:50 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 06:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 06:50 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 06:50 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:50 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 06:50 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 06:50 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 06:50 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 06:50 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 06:50 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 06:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 06:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 06:49 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 06:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 06:49 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 06:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 06:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 06:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 06:49 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 06:49 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 06:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 06:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 06:49 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 06:49 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 06:49 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 06:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 06:49 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 06:49 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 06:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 06:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 06:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 06:49 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 06:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 06:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 06:49 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 06:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 06:49 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 06:49 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 06:49 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 06:49 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 06:49 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 06:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 06:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 06:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 06:49 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 06:49 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-06 08:18 - 2014-12-06 08:18 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Intel_Corporation
2014-12-04 17:04 - 2014-12-04 17:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-04 17:04 - 2014-12-04 17:04 - 00000000 _____ () C:\Windows\setupact.log
2014-12-04 16:08 - 2014-12-04 16:09 - 00019875 _____ () C:\Users\Carmen\Downloads\Addition.txt
2014-12-04 16:05 - 2014-12-10 18:00 - 00015889 _____ () C:\Users\Carmen\Downloads\FRST.txt
2014-12-04 16:05 - 2014-12-10 18:00 - 00000000 ____D () C:\FRST
2014-12-04 16:04 - 2014-12-10 18:00 - 02119680 _____ (Farbar) C:\Users\Carmen\Downloads\FRST64.exe
2014-12-04 07:41 - 2014-12-04 07:41 - 00000350 _____ () C:\Windows\PFRO.log
2014-12-03 17:04 - 2014-12-03 17:04 - 00008471 _____ () C:\Users\Carmen\Desktop\hijackthis.log
2014-12-03 16:54 - 2014-12-03 16:55 - 01174352 _____ () C:\Users\Carmen\Downloads\HijackThis - CHIP-Installer.exe
2014-12-01 13:16 - 2014-12-01 13:16 - 00008285 _____ () C:\Users\Carmen\Downloads\hijackthis.log
2014-12-01 13:14 - 2014-12-01 13:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Carmen\Downloads\hijackthis.exe
2014-11-29 11:35 - 2014-11-29 11:36 - 00086266 _____ () C:\Users\Carmen\Documents\cc_20141129_113548.reg
2014-11-27 13:58 - 2014-11-27 13:59 - 05162080 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup500.exe
2014-11-25 11:12 - 2014-11-27 13:59 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-25 11:12 - 2014-11-27 13:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-25 11:12 - 2014-11-25 11:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-25 11:12 - 2014-11-25 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-25 11:11 - 2014-11-25 11:11 - 04974864 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup419.exe
2014-11-21 12:55 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141121-125534.backup
2014-11-21 11:05 - 2014-11-21 12:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-21 11:05 - 2014-11-21 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-21 11:05 - 2014-11-21 11:05 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-21 11:05 - 2014-11-21 11:05 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-21 11:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-21 11:01 - 2014-11-21 11:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carmen\Downloads\spybot-2.4.exe
2014-11-21 09:20 - 2014-11-21 09:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-11-21 09:19 - 2014-11-21 09:19 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-21 09:16 - 2014-11-21 09:16 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Avira
2014-11-21 09:15 - 2014-11-21 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-21 09:15 - 2014-11-21 09:15 - 00002090 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-21 09:14 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-21 09:14 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-21 09:14 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-21 09:13 - 2014-11-21 09:18 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-21 09:13 - 2014-11-21 09:17 - 00000000 ____D () C:\ProgramData\Avira
2014-11-21 08:38 - 2014-11-21 08:46 - 151804352 _____ () C:\Users\Carmen\Downloads\avira_free_antivirus_de.exe
2014-11-21 08:18 - 2014-11-21 08:18 - 00000197 _____ () C:\Windows\system32\2014-11-21-07-18-19.097-AvastVBoxSVC.exe-2480.log
2014-11-21 07:54 - 2014-12-10 17:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 07:53 - 2014-11-21 07:53 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-21 07:53 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 07:53 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 07:53 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-21 07:52 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-11-21 07:52 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-11-21 07:50 - 2014-11-21 07:50 - 01125200 _____ () C:\Users\Carmen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-21 07:45 - 2014-11-21 07:46 - 00000197 _____ () C:\Windows\system32\2014-11-21-06-45-50.087-AvastVBoxSVC.exe-2588.log
2014-11-21 07:08 - 2014-11-21 07:46 - 00000000 ____D () C:\AdwCleaner
2014-11-21 07:08 - 2014-11-21 07:08 - 02140160 _____ () C:\Users\Carmen\Downloads\adwcleaner_4.101.exe
2014-11-21 07:05 - 2014-11-21 07:05 - 00000000 ____D () C:\Users\Carmen\Old Firefox Data
2014-11-20 07:56 - 2014-11-20 07:56 - 00000197 _____ () C:\Windows\system32\2014-11-20-06-56-27.099-AvastVBoxSVC.exe-2592.log
2014-11-19 14:08 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 14:08 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 14:08 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 14:08 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 09:10 - 2014-11-19 09:23 - 00000000 ____D () C:\Users\Carmen\Desktop\Hagen
2014-11-15 22:48 - 2014-11-15 22:48 - 00000197 _____ () C:\Windows\system32\2014-11-15-21-48-57.000-AvastVBoxSVC.exe-2620.log
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieUserList
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieSiteList
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieBrowserModeList
2014-11-15 20:04 - 2014-11-15 20:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-15 20:04 - 2014-11-15 20:07 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Google
2014-11-15 20:02 - 2014-11-15 20:01 - 00784840 _____ (Google Inc.) C:\Users\Carmen\Downloads\google-chrome.exe
2014-11-14 13:45 - 2014-11-25 08:44 - 00007605 _____ () C:\Users\Carmen\AppData\Local\Resmon.ResmonCfg
2014-11-14 13:42 - 2014-11-14 13:43 - 00000197 _____ () C:\Windows\system32\2014-11-14-12-42-59.089-AvastVBoxSVC.exe-2640.log
2014-11-14 13:20 - 2014-11-14 13:48 - 00000000 ____D () C:\Windows\softwaredistribution.bak2
2014-11-12 09:48 - 2014-11-13 06:23 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-11-12 09:05 - 2014-11-12 09:05 - 00000197 _____ () C:\Windows\system32\2014-11-12-08-05-42.045-AvastVBoxSVC.exe-3016.log
2014-11-12 04:08 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 04:08 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 04:08 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 04:08 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-12 04:08 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 04:07 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 04:07 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-12 04:07 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-12 04:07 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 04:07 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 04:07 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-12 04:07 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-12 04:07 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-12 04:07 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 04:07 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 04:07 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-12 04:07 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 04:07 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 04:06 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-12 04:06 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-12 04:06 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-12 04:06 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-12 04:06 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-12 04:06 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-12 04:06 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-12 04:06 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-12 04:06 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-12 04:06 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-12 04:06 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-12 04:06 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-12 04:06 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-12 04:06 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-12 04:06 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-12 04:06 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-12 04:06 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 04:06 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 04:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-12 04:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 04:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 04:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-12 04:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 04:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 04:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 04:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 04:05 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-12 04:05 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 04:05 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-12 04:05 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 04:05 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-12 04:05 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-12 04:05 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-12 04:00 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-12 04:00 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 04:00 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-12 04:00 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-12 04:00 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 04:00 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 04:00 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 04:00 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 04:00 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 04:00 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 04:00 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-12 04:00 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 04:00 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-12 04:00 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 04:00 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 04:00 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 04:00 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-12 04:00 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 04:00 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 04:00 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 04:00 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-12 04:00 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-12 04:00 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 04:00 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 04:00 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-12 04:00 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-12 04:00 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-12 04:00 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-12 04:00 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 04:00 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-12 04:00 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-12 04:00 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 04:00 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 04:00 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 04:00 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 04:00 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 04:00 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 04:00 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-12 04:00 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 04:00 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-12 04:00 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 04:00 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 04:00 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-12 04:00 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 04:00 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 04:00 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-12 04:00 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 04:00 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-12 04:00 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 04:00 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 04:00 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-12 04:00 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-12 04:00 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-12 03:58 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 03:58 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 03:58 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 03:58 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 03:58 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 03:58 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-12 03:58 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 03:58 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 03:58 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 03:58 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 03:58 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 03:58 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 03:58 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 03:58 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-12 03:58 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 03:58 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-12 03:58 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 03:58 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-12 03:58 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-12 03:58 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-12 03:58 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-12 03:58 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-12 03:58 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-12 03:58 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-12 03:58 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-12 03:58 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-12 03:58 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 03:58 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 03:58 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-12 03:58 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 03:58 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-12 03:58 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-12 03:58 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 03:58 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 03:58 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 03:58 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 03:58 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 03:58 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 03:58 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-12 03:58 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-12 03:58 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-10 17:37 - 2014-10-07 10:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 17:36 - 2014-10-07 09:35 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3201879546-1506140658-4254453320-1001
2014-12-10 17:31 - 2014-10-13 12:57 - 00189952 ___SH () C:\Users\Carmen\Desktop\Thumbs.db
2014-12-10 16:51 - 2014-10-07 09:24 - 01091861 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 14:50 - 2014-10-07 09:39 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17783682-5FE5-4D6A-AFA8-39BA44C454C6}
2014-12-10 14:50 - 2013-10-07 06:32 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-10 14:50 - 2013-10-07 06:32 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-10 14:50 - 2013-10-07 06:11 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 14:45 - 2014-10-07 09:30 - 00299618 _____ () C:\Users\Carmen\AppData\Local\BTServer.log
2014-12-10 14:43 - 2014-10-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 14:43 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 08:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-10 08:37 - 2014-10-12 10:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 07:24 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-10 07:21 - 2014-10-09 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 07:15 - 2013-10-07 07:12 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 06:37 - 2014-10-07 10:39 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 06:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-04 19:55 - 2014-10-09 10:38 - 00000000 ____D () C:\Users\Carmen\Desktop\Carmen
2014-12-04 17:14 - 2014-10-15 08:06 - 00000000 ____D () C:\Users\Carmen\Desktop\Jasmin
2014-12-04 17:08 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\Documents\My Bluetooth
2014-12-01 13:15 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\AppData\Local\VirtualStore
2014-11-25 11:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-25 11:13 - 2014-11-08 23:01 - 00000000 ____D () C:\Windows\Minidump
2014-11-25 11:13 - 2013-10-07 07:05 - 00000000 ____D () C:\Windows\Panther
2014-11-21 13:56 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen
2014-11-21 09:24 - 2014-10-08 05:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-21 09:19 - 2013-10-08 12:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-21 08:24 - 2014-10-07 10:37 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Adobe
2014-11-21 08:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2014-11-21 07:43 - 2014-10-10 11:00 - 00000000 ____D () C:\Users\Carmen\Desktop\Programme
2014-11-21 07:02 - 2014-10-07 15:10 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-21 07:02 - 2014-10-07 15:10 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-21 07:02 - 2014-10-07 09:30 - 00001458 _____ () C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-21 07:02 - 2013-10-22 11:55 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2014-11-21 07:02 - 2013-10-22 11:55 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2014-11-15 07:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-11-12 09:03 - 2013-08-22 15:44 - 00368792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 07:51 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

Some content of TEMP:
====================
C:\Users\Carmen\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-02 07:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Hier die mbam datei:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 10.12.2014
Suchlauf-Zeit: 17:36:10
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.12.03.10
Rootkit Datenbank: v2014.12.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Carmen

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 319200
Verstrichene Zeit: 20 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

und adw-cleaner:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.105 - Bericht erstellt am 10/12/2014 um 18:16:38
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Carmen - HCS
# Gestartet von : C:\Users\Carmen\Downloads\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : {32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64
[#] Dienst Gelöscht : {84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64
Dienst Gelöscht : {94c4b27a-8cb1-4214-9d76-87c59a8cf657}Gw64
[#] Dienst Gelöscht : {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64

***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [5745 octets] - [21/11/2014 07:09:18]
AdwCleaner[R1].txt - [5805 octets] - [21/11/2014 07:37:18]
AdwCleaner[R2].txt - [1386 octets] - [10/12/2014 18:12:52]
AdwCleaner[S0].txt - [5585 octets] - [21/11/2014 07:43:45]
AdwCleaner[S1].txt - [1269 octets] - [10/12/2014 18:16:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1329 octets] ##########
         
--- --- ---

Hier JRTJRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Carmen on 10.12.2014 at 18:49:09,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Carmen\AppData\Roaming\mozilla\firefox\profiles\ukmenv6b.default-1416549949705\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.12.2014 at 18:54:17,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---

Neuer FRST
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2014 01
Ran by Carmen (administrator) on HCS on 10-12-2014 19:04:16
Running from C:\Users\Carmen\Downloads
Loaded Profile: Carmen (Available profiles: Carmen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = msn
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3201879546-1506140658-4254453320-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-maps.xml

Chrome: 
=======
CHR Profile: C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]
CHR Extension: (Google Docs) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]
CHR Extension: (Google Drive) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15]
CHR Extension: (YouTube) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]
CHR Extension: (Google Search) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]
CHR Extension: (Google Sheets) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]
CHR Extension: (Avast Online Security) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-15]
CHR Extension: (Google Wallet) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]
CHR Extension: (Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] ()
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 18:54 - 2014-12-10 18:54 - 00000761 _____ () C:\Users\Carmen\Desktop\JRT.txt
2014-12-10 18:49 - 2014-12-10 18:49 - 00000000 ____D () C:\Windows\ERUNT
2014-12-10 18:48 - 2014-12-10 18:48 - 01707646 _____ (Thisisu) C:\Users\Carmen\Downloads\JRT.exe
2014-12-10 18:11 - 2014-12-10 18:11 - 02166272 _____ () C:\Users\Carmen\Downloads\AdwCleaner_4.105.exe
2014-12-10 18:00 - 2014-12-10 18:00 - 00000000 ____D () C:\Users\Carmen\Downloads\FRST-OlderVersion
2014-12-10 17:57 - 2014-12-10 17:57 - 00001191 _____ () C:\Users\Carmen\Desktop\mbam.txt
2014-12-10 17:31 - 2014-12-10 17:31 - 00001288 _____ () C:\Users\Carmen\Desktop\Revo Uninstaller.lnk
2014-12-10 17:31 - 2014-12-10 17:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-10 17:30 - 2014-12-10 17:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Carmen\Downloads\revosetup95.exe
2014-12-10 16:26 - 2014-12-10 16:26 - 00026618 _____ () C:\Users\Carmen\Desktop\trojanerboard.odt
2014-12-10 14:45 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 14:45 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 08:37 - 2014-12-10 08:37 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 07:15 - 2014-12-10 07:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 07:05 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 07:05 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 07:05 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 07:05 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 06:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 06:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 06:50 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 06:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 06:50 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 06:50 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:50 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 06:50 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 06:50 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 06:50 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 06:50 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 06:50 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 06:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 06:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 06:49 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 06:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 06:49 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 06:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 06:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 06:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 06:49 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 06:49 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 06:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 06:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 06:49 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 06:49 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 06:49 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 06:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 06:49 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 06:49 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 06:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 06:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 06:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 06:49 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 06:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 06:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 06:49 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 06:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 06:49 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 06:49 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 06:49 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 06:49 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 06:49 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 06:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 06:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 06:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 06:49 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 06:49 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-06 08:18 - 2014-12-06 08:18 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Intel_Corporation
2014-12-04 17:04 - 2014-12-04 17:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-04 17:04 - 2014-12-04 17:04 - 00000000 _____ () C:\Windows\setupact.log
2014-12-04 16:08 - 2014-12-04 16:09 - 00019875 _____ () C:\Users\Carmen\Downloads\Addition.txt
2014-12-04 16:05 - 2014-12-10 19:04 - 00014338 _____ () C:\Users\Carmen\Downloads\FRST.txt
2014-12-04 16:05 - 2014-12-10 19:04 - 00000000 ____D () C:\FRST
2014-12-04 16:04 - 2014-12-10 18:00 - 02119680 _____ (Farbar) C:\Users\Carmen\Downloads\FRST64.exe
2014-12-04 07:41 - 2014-12-10 18:17 - 00000668 _____ () C:\Windows\PFRO.log
2014-12-03 17:04 - 2014-12-03 17:04 - 00008471 _____ () C:\Users\Carmen\Desktop\hijackthis.log
2014-12-03 16:54 - 2014-12-03 16:55 - 01174352 _____ () C:\Users\Carmen\Downloads\HijackThis - CHIP-Installer.exe
2014-12-01 13:16 - 2014-12-01 13:16 - 00008285 _____ () C:\Users\Carmen\Downloads\hijackthis.log
2014-12-01 13:14 - 2014-12-01 13:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Carmen\Downloads\hijackthis.exe
2014-11-29 11:35 - 2014-11-29 11:36 - 00086266 _____ () C:\Users\Carmen\Documents\cc_20141129_113548.reg
2014-11-27 13:58 - 2014-11-27 13:59 - 05162080 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup500.exe
2014-11-25 11:12 - 2014-11-27 13:59 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-25 11:12 - 2014-11-27 13:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-25 11:12 - 2014-11-25 11:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-25 11:12 - 2014-11-25 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-25 11:11 - 2014-11-25 11:11 - 04974864 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup419.exe
2014-11-21 12:55 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141121-125534.backup
2014-11-21 11:05 - 2014-11-21 12:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-21 11:05 - 2014-11-21 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-21 11:05 - 2014-11-21 11:05 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-21 11:05 - 2014-11-21 11:05 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-21 11:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-21 11:01 - 2014-11-21 11:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carmen\Downloads\spybot-2.4.exe
2014-11-21 09:20 - 2014-11-21 09:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-11-21 09:19 - 2014-11-21 09:19 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-21 09:16 - 2014-11-21 09:16 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Avira
2014-11-21 09:15 - 2014-11-21 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-21 09:15 - 2014-11-21 09:15 - 00002090 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-21 09:14 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-21 09:14 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-21 09:14 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-21 09:13 - 2014-11-21 09:18 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-21 09:13 - 2014-11-21 09:17 - 00000000 ____D () C:\ProgramData\Avira
2014-11-21 08:38 - 2014-11-21 08:46 - 151804352 _____ () C:\Users\Carmen\Downloads\avira_free_antivirus_de.exe
2014-11-21 08:18 - 2014-11-21 08:18 - 00000197 _____ () C:\Windows\system32\2014-11-21-07-18-19.097-AvastVBoxSVC.exe-2480.log
2014-11-21 07:54 - 2014-12-10 17:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 07:53 - 2014-11-21 07:53 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-21 07:53 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 07:53 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 07:53 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-21 07:52 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-11-21 07:52 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-11-21 07:50 - 2014-11-21 07:50 - 01125200 _____ () C:\Users\Carmen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-21 07:45 - 2014-11-21 07:46 - 00000197 _____ () C:\Windows\system32\2014-11-21-06-45-50.087-AvastVBoxSVC.exe-2588.log
2014-11-21 07:08 - 2014-12-10 18:18 - 00000000 ____D () C:\AdwCleaner
2014-11-21 07:08 - 2014-11-21 07:08 - 02140160 _____ () C:\Users\Carmen\Downloads\adwcleaner_4.101.exe
2014-11-21 07:05 - 2014-11-21 07:05 - 00000000 ____D () C:\Users\Carmen\Old Firefox Data
2014-11-20 07:56 - 2014-11-20 07:56 - 00000197 _____ () C:\Windows\system32\2014-11-20-06-56-27.099-AvastVBoxSVC.exe-2592.log
2014-11-19 14:08 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 14:08 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 14:08 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 14:08 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 09:10 - 2014-11-19 09:23 - 00000000 ____D () C:\Users\Carmen\Desktop\Hagen
2014-11-15 22:48 - 2014-11-15 22:48 - 00000197 _____ () C:\Windows\system32\2014-11-15-21-48-57.000-AvastVBoxSVC.exe-2620.log
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieUserList
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieSiteList
2014-11-15 20:20 - 2014-11-15 20:20 - 00000000 __SHD () C:\Users\Carmen\AppData\Local\EmieBrowserModeList
2014-11-15 20:04 - 2014-11-15 20:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-15 20:04 - 2014-11-15 20:07 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Google
2014-11-15 20:02 - 2014-11-15 20:01 - 00784840 _____ (Google Inc.) C:\Users\Carmen\Downloads\google-chrome.exe
2014-11-14 13:45 - 2014-11-25 08:44 - 00007605 _____ () C:\Users\Carmen\AppData\Local\Resmon.ResmonCfg
2014-11-14 13:42 - 2014-11-14 13:43 - 00000197 _____ () C:\Windows\system32\2014-11-14-12-42-59.089-AvastVBoxSVC.exe-2640.log
2014-11-14 13:20 - 2014-11-14 13:48 - 00000000 ____D () C:\Windows\softwaredistribution.bak2
2014-11-12 09:48 - 2014-11-13 06:23 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-11-12 09:05 - 2014-11-12 09:05 - 00000197 _____ () C:\Windows\system32\2014-11-12-08-05-42.045-AvastVBoxSVC.exe-3016.log
2014-11-12 04:08 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 04:08 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 04:08 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 04:08 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-12 04:08 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 04:07 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 04:07 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-12 04:07 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-12 04:07 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 04:07 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 04:07 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-12 04:07 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-12 04:07 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-12 04:07 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 04:07 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 04:07 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-12 04:07 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 04:07 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 04:06 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-12 04:06 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-12 04:06 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-12 04:06 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-12 04:06 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-12 04:06 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-12 04:06 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-12 04:06 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-12 04:06 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-12 04:06 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-12 04:06 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-12 04:06 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-12 04:06 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-12 04:06 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-12 04:06 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-12 04:06 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-12 04:06 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 04:06 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 04:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-12 04:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 04:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 04:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-12 04:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 04:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 04:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 04:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 04:05 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-12 04:05 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 04:05 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-12 04:05 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 04:05 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-12 04:05 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-12 04:05 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-12 04:00 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-12 04:00 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 04:00 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-12 04:00 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-12 04:00 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 04:00 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 04:00 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 04:00 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 04:00 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 04:00 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 04:00 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-12 04:00 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 04:00 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-12 04:00 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 04:00 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 04:00 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 04:00 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-12 04:00 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 04:00 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 04:00 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 04:00 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-12 04:00 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-12 04:00 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 04:00 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 04:00 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-12 04:00 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-12 04:00 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-12 04:00 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-12 04:00 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 04:00 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-12 04:00 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-12 04:00 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 04:00 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 04:00 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 04:00 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 04:00 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 04:00 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 04:00 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-12 04:00 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 04:00 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-12 04:00 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 04:00 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 04:00 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-12 04:00 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 04:00 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 04:00 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-12 04:00 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 04:00 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-12 04:00 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 04:00 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 04:00 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-12 04:00 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-12 04:00 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-12 03:58 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 03:58 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 03:58 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 03:58 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 03:58 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 03:58 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-12 03:58 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 03:58 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 03:58 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 03:58 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 03:58 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 03:58 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 03:58 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 03:58 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-12 03:58 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 03:58 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-12 03:58 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 03:58 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-12 03:58 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-12 03:58 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-12 03:58 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-12 03:58 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-12 03:58 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-12 03:58 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-12 03:58 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-12 03:58 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-12 03:58 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 03:58 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 03:58 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-12 03:58 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 03:58 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-12 03:58 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-12 03:58 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 03:58 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 03:58 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 03:58 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 03:58 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 03:58 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 03:58 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-12 03:58 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-12 03:58 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-10 18:51 - 2014-10-07 09:30 - 00302478 _____ () C:\Users\Carmen\AppData\Local\BTServer.log
2014-12-10 18:37 - 2014-10-07 10:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 18:29 - 2014-10-07 09:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3201879546-1506140658-4254453320-1001
2014-12-10 18:29 - 2014-10-07 09:24 - 01125761 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 18:25 - 2013-10-07 06:32 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-10 18:25 - 2013-10-07 06:32 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-10 18:25 - 2013-10-07 06:11 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 18:17 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 17:31 - 2014-10-13 12:57 - 00189952 ___SH () C:\Users\Carmen\Desktop\Thumbs.db
2014-12-10 14:50 - 2014-10-07 09:39 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17783682-5FE5-4D6A-AFA8-39BA44C454C6}
2014-12-10 14:43 - 2014-10-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 08:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-10 08:37 - 2014-10-12 10:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 07:24 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-10 07:21 - 2014-10-09 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 07:15 - 2013-10-07 07:12 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 06:37 - 2014-10-07 10:39 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 06:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-04 19:55 - 2014-10-09 10:38 - 00000000 ____D () C:\Users\Carmen\Desktop\Carmen
2014-12-04 17:14 - 2014-10-15 08:06 - 00000000 ____D () C:\Users\Carmen\Desktop\Jasmin
2014-12-04 17:08 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\Documents\My Bluetooth
2014-12-01 13:15 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\AppData\Local\VirtualStore
2014-11-25 11:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-25 11:13 - 2014-11-08 23:01 - 00000000 ____D () C:\Windows\Minidump
2014-11-25 11:13 - 2013-10-07 07:05 - 00000000 ____D () C:\Windows\Panther
2014-11-21 13:56 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen
2014-11-21 09:24 - 2014-10-08 05:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-21 09:19 - 2013-10-08 12:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-21 08:24 - 2014-10-07 10:37 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Adobe
2014-11-21 08:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2014-11-21 07:43 - 2014-10-10 11:00 - 00000000 ____D () C:\Users\Carmen\Desktop\Programme
2014-11-21 07:02 - 2014-10-07 15:10 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-21 07:02 - 2014-10-07 15:10 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-21 07:02 - 2014-10-07 09:30 - 00001458 _____ () C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-21 07:02 - 2013-10-22 11:55 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2014-11-21 07:02 - 2013-10-22 11:55 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2014-11-15 07:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-11-12 09:03 - 2013-08-22 15:44 - 00368792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 07:51 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 07:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

Some content of TEMP:
====================
C:\Users\Carmen\AppData\Local\Temp\avgnt.exe
C:\Users\Carmen\AppData\Local\Temp\Quarantine.exe
C:\Users\Carmen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-02 07:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 11.12.2014, 18:55   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Adware.browsefox.aom - Standard

Adware.browsefox.aom




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Adware.browsefox.aom

Alt 13.12.2014, 15:44   #7
Casy66
 
Adware.browsefox.aom - Standard

Adware.browsefox.aom



Hallo Schrauber,

zunchst erst mal herzlichen Dank für Deine Mühen,
habs letzt vor lauter scannen , posten etc vergessen.
Der ESET hat nichts gefunden. Leider ich den Logfile auch nicht mehr.

Der Security Check:

Results of screen317's Security Check version 0.99.91
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware Version 2.0.3.1025
Adobe Flash Player 16.0.0.235
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FRST mach ich gleich noch.



Gruß, Casy66

FRST Logfile:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Carmen (administrator) on HCS on 13-12-2014 16:17:39
Running from C:\Users\Carmen\Downloads
Loaded Profile: Carmen (Available profiles: Carmen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\Carmen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe


Und Fragen hab ich tatsächlich noch:

Simmer jetzt durch?

Außerdem habe ich mir überlegt jetzt doch mal in ein Virenschutzpaket zu investieren und mich nicht mehr auf kostenlosen Schutz zu verlassen.
Was wäre Deine Empfehlung?

Gruß,
Casy66

Alt 14.12.2014, 10:31   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Adware.browsefox.aom - Standard

Adware.browsefox.aom



Ich empfehle immer Emsisoft

POste bitte das FRST log nochmal, das hier ist unvollständig und nicht in Codetags
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.12.2014, 11:49   #9
Casy66
 
Adware.browsefox.aom - Standard

Adware.browsefox.aom



Hallo Schrauber,

ich hoffe, das FRST ist jetzt vollständig, habe ein frisches gestartet:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Carmen (administrator) on HCS on 16-12-2014 12:13:46
Running from C:\Users\Carmen\Downloads
Loaded Profile: Carmen (Available profiles: Carmen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\Carmen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.5.1411.701_x86__8wekyb3d8bbwe\Solitaire.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
Startup: C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Carmen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3201879546-1506140658-4254453320-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3201879546-1506140658-4254453320-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\Firefox\Profiles\ukmenv6b.default-1416549949705\searchplugins\google-maps.xml

Chrome: 
=======
CHR Profile: C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]
CHR Extension: (Google Docs) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]
CHR Extension: (Google Drive) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15]
CHR Extension: (YouTube) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]
CHR Extension: (Google Search) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]
CHR Extension: (Google Sheets) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]
CHR Extension: (Avast Online Security) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-15]
CHR Extension: (Google Wallet) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]
CHR Extension: (Gmail) - C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] () [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] ()
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 06:31 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 06:31 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-13 18:32 - 2014-12-13 18:32 - 00000099 ____H () C:\Users\Carmen\Desktop\.~lock.trojanerboard.odt#
2014-12-13 16:05 - 2014-12-13 16:05 - 00852490 _____ () C:\Users\Carmen\Downloads\SecurityCheck.exe
2014-12-13 11:19 - 2014-12-13 11:19 - 02347384 _____ (ESET) C:\Users\Carmen\Downloads\esetsmartinstaller_deu.exe
2014-12-10 19:40 - 2014-12-16 10:20 - 00000000 ___RD () C:\Users\Carmen\Dropbox
2014-12-10 19:40 - 2014-12-10 19:40 - 00001177 _____ () C:\Users\Carmen\Desktop\Dropbox.lnk
2014-12-10 19:32 - 2014-12-10 19:32 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-10 19:29 - 2014-12-16 10:20 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Dropbox
2014-12-10 19:29 - 2014-12-10 19:29 - 00324224 _____ (Dropbox, Inc.) C:\Users\Carmen\Downloads\DropboxInstaller.exe
2014-12-10 18:54 - 2014-12-10 18:54 - 00000761 _____ () C:\Users\Carmen\Desktop\JRT.txt
2014-12-10 18:49 - 2014-12-10 18:49 - 00000000 ____D () C:\Windows\ERUNT
2014-12-10 18:48 - 2014-12-10 18:48 - 01707646 _____ (Thisisu) C:\Users\Carmen\Downloads\JRT.exe
2014-12-10 18:11 - 2014-12-10 18:11 - 02166272 _____ () C:\Users\Carmen\Downloads\AdwCleaner_4.105.exe
2014-12-10 18:00 - 2014-12-13 16:17 - 00000000 ____D () C:\Users\Carmen\Downloads\FRST-OlderVersion
2014-12-10 17:57 - 2014-12-10 17:57 - 00001191 _____ () C:\Users\Carmen\Desktop\mbam.txt
2014-12-10 17:31 - 2014-12-10 17:31 - 00001288 _____ () C:\Users\Carmen\Desktop\Revo Uninstaller.lnk
2014-12-10 17:31 - 2014-12-10 17:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-10 17:30 - 2014-12-10 17:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Carmen\Downloads\revosetup95.exe
2014-12-10 16:26 - 2014-12-10 16:26 - 00026618 _____ () C:\Users\Carmen\Desktop\trojanerboard.odt
2014-12-10 14:45 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 14:45 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 08:37 - 2014-12-10 08:37 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 07:15 - 2014-12-10 07:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 07:05 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 07:05 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 07:05 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 07:05 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 06:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 06:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 06:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 06:50 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 06:50 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 06:50 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 06:50 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:50 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 06:50 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 06:50 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 06:50 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 06:50 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 06:50 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 06:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 06:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 06:49 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 06:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 06:49 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 06:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 06:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 06:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 06:49 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 06:49 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 06:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 06:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 06:49 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 06:49 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 06:49 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 06:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 06:49 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 06:49 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 06:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 06:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 06:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 06:49 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 06:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 06:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 06:49 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 06:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 06:49 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 06:49 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 06:49 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 06:49 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 06:49 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 06:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 06:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 06:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 06:49 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 06:49 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-06 08:18 - 2014-12-06 08:18 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Intel_Corporation
2014-12-04 16:08 - 2014-12-04 16:09 - 00019875 _____ () C:\Users\Carmen\Downloads\Addition.txt
2014-12-04 16:05 - 2014-12-16 12:13 - 00014935 _____ () C:\Users\Carmen\Downloads\FRST.txt
2014-12-04 16:05 - 2014-12-16 12:13 - 00000000 ____D () C:\FRST
2014-12-04 16:04 - 2014-12-13 16:17 - 02119168 _____ (Farbar) C:\Users\Carmen\Downloads\FRST64.exe
2014-12-03 17:04 - 2014-12-03 17:04 - 00008471 _____ () C:\Users\Carmen\Desktop\hijackthis.log
2014-12-03 16:54 - 2014-12-03 16:55 - 01174352 _____ () C:\Users\Carmen\Downloads\HijackThis - CHIP-Installer.exe
2014-12-01 13:16 - 2014-12-01 13:16 - 00008285 _____ () C:\Users\Carmen\Downloads\hijackthis.log
2014-12-01 13:14 - 2014-12-01 13:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Carmen\Downloads\hijackthis.exe
2014-11-29 11:35 - 2014-11-29 11:36 - 00086266 _____ () C:\Users\Carmen\Documents\cc_20141129_113548.reg
2014-11-27 13:58 - 2014-11-27 13:59 - 05162080 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup500.exe
2014-11-25 11:12 - 2014-11-27 13:59 - 00000838 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-25 11:12 - 2014-11-27 13:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-25 11:12 - 2014-11-25 11:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-25 11:12 - 2014-11-25 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-25 11:11 - 2014-11-25 11:11 - 04974864 _____ (Piriform Ltd) C:\Users\Carmen\Downloads\ccsetup419.exe
2014-11-21 12:55 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141121-125534.backup
2014-11-21 11:05 - 2014-11-21 12:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-21 11:05 - 2014-11-21 11:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-21 11:05 - 2014-11-21 11:05 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-21 11:05 - 2014-11-21 11:05 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-21 11:05 - 2014-11-21 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-21 11:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-21 11:01 - 2014-11-21 11:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Carmen\Downloads\spybot-2.4.exe
2014-11-21 09:20 - 2014-11-21 09:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-11-21 09:19 - 2014-11-21 09:19 - 00001157 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-21 09:16 - 2014-11-21 09:16 - 00000000 ____D () C:\Users\Carmen\AppData\Roaming\Avira
2014-11-21 09:15 - 2014-11-21 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-21 09:15 - 2014-11-21 09:15 - 00002090 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-21 09:14 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-21 09:14 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-21 09:14 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-21 09:13 - 2014-11-21 09:18 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-21 09:13 - 2014-11-21 09:17 - 00000000 ____D () C:\ProgramData\Avira
2014-11-21 08:38 - 2014-11-21 08:46 - 151804352 _____ () C:\Users\Carmen\Downloads\avira_free_antivirus_de.exe
2014-11-21 08:18 - 2014-11-21 08:18 - 00000197 _____ () C:\Windows\system32\2014-11-21-07-18-19.097-AvastVBoxSVC.exe-2480.log
2014-11-21 07:54 - 2014-12-14 13:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 07:53 - 2014-12-14 13:04 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-21 07:53 - 2014-12-14 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-21 07:53 - 2014-12-14 13:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-21 07:53 - 2014-11-21 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-21 07:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 07:53 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 07:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-21 07:52 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-11-21 07:52 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-11-21 07:50 - 2014-11-21 07:50 - 01125200 _____ () C:\Users\Carmen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-11-21 07:45 - 2014-11-21 07:46 - 00000197 _____ () C:\Windows\system32\2014-11-21-06-45-50.087-AvastVBoxSVC.exe-2588.log
2014-11-21 07:08 - 2014-12-10 18:18 - 00000000 ____D () C:\AdwCleaner
2014-11-21 07:08 - 2014-11-21 07:08 - 02140160 _____ () C:\Users\Carmen\Downloads\adwcleaner_4.101.exe
2014-11-21 07:05 - 2014-11-21 07:05 - 00000000 ____D () C:\Users\Carmen\Old Firefox Data
2014-11-20 07:56 - 2014-11-20 07:56 - 00000197 _____ () C:\Windows\system32\2014-11-20-06-56-27.099-AvastVBoxSVC.exe-2592.log
2014-11-19 14:08 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 14:08 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 14:08 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 14:08 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 09:10 - 2014-11-19 09:23 - 00000000 ____D () C:\Users\Carmen\Desktop\Hagen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-16 11:37 - 2014-10-07 10:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 10:39 - 2014-10-07 09:24 - 01114082 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 10:27 - 2014-11-08 23:01 - 00000000 ____D () C:\Windows\Minidump
2014-12-16 10:19 - 2014-10-07 09:30 - 00334457 _____ () C:\Users\Carmen\AppData\Local\BTServer.log
2014-12-16 06:54 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-16 06:28 - 2014-10-07 09:39 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17783682-5FE5-4D6A-AFA8-39BA44C454C6}
2014-12-14 23:23 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen
2014-12-14 16:14 - 2013-10-07 06:32 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-14 16:14 - 2013-10-07 06:32 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-14 16:14 - 2013-10-07 06:11 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 16:09 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 16:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-14 13:09 - 2014-10-07 09:35 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3201879546-1506140658-4254453320-1001
2014-12-14 12:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-12 06:28 - 2014-10-07 10:37 - 00000000 ____D () C:\Users\Carmen\AppData\Local\Adobe
2014-12-12 06:27 - 2014-10-07 10:39 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 17:44 - 2014-10-13 12:57 - 00189952 ___SH () C:\Users\Carmen\Desktop\Thumbs.db
2014-12-11 08:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 14:43 - 2014-10-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 08:37 - 2014-10-12 10:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-10 08:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 07:21 - 2014-10-09 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 07:15 - 2013-10-07 07:12 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-04 19:55 - 2014-10-09 10:38 - 00000000 ____D () C:\Users\Carmen\Desktop\Carmen
2014-12-04 17:14 - 2014-10-15 08:06 - 00000000 ____D () C:\Users\Carmen\Desktop\Jasmin
2014-12-04 17:08 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\Documents\My Bluetooth
2014-12-01 13:15 - 2014-10-07 09:30 - 00000000 ____D () C:\Users\Carmen\AppData\Local\VirtualStore
2014-11-25 11:39 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-25 11:13 - 2013-10-07 07:05 - 00000000 ____D () C:\Windows\Panther
2014-11-25 08:44 - 2014-11-14 13:45 - 00007605 _____ () C:\Users\Carmen\AppData\Local\Resmon.ResmonCfg
2014-11-21 09:24 - 2014-10-08 05:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-21 09:19 - 2013-10-08 12:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-21 08:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2014-11-21 07:43 - 2014-10-10 11:00 - 00000000 ____D () C:\Users\Carmen\Desktop\Programme
2014-11-21 07:02 - 2014-10-07 15:10 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-21 07:02 - 2014-10-07 15:10 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-21 07:02 - 2014-10-07 09:30 - 00001458 _____ () C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-21 07:02 - 2013-10-22 11:55 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2014-11-21 07:02 - 2013-10-22 11:55 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk

Some content of TEMP:
====================
C:\Users\Carmen\AppData\Local\Temp\avgnt.exe
C:\Users\Carmen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiz0xc5.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-12 06:54

==================== End Of Log ============================
         
--- --- ---


Gruß, Casy66

Alt 16.12.2014, 20:39   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Adware.browsefox.aom - Standard

Adware.browsefox.aom



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.12.2014, 07:07   #11
Casy66
 
Adware.browsefox.aom - Standard

Adware.browsefox.aom



Zunächst erst mal der Fixlog Text:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014
Ran by Carmen at 2014-12-21 08:00:08 Run:1
Running from C:\Users\Carmen\Desktop
Loaded Profile: Carmen (Available profiles: Carmen)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

Alt 21.12.2014, 07:57   #12
Casy66
 
Adware.browsefox.aom - Icon24

Adware.browsefox.aom



Hallo Schrauber,

puh,
bin jetzt durch alles durch und siehe da,
auf einmal läuft alles wieder flüssig.

Ich werde versuchen, alle Ratschläge, zu befolgen.
und ich hoffe, dass mir dat nich nochmal passiert.

Ganz dickes Danke und ein frohe Fest,

Casy66

Alt 21.12.2014, 22:32   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Adware.browsefox.aom - Standard

Adware.browsefox.aom



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Adware.browsefox.aom
adobe, adobe flash player, antivir, avg, avira, defender, desktop, ebay, explorer, firefox, flash player, hijackthis, internet, internet explorer, log, mozilla, opera, problem, realtek, security, software, tcp, temp, virus, windows



Ähnliche Themen: Adware.browsefox.aom


  1. Windows 7: PUA/Linkury.Gen2, TR/Spy.Agent.509120, TR/Dropper.Gen, ADWARE/BrowseFox.Gen
    Log-Analyse und Auswertung - 09.08.2015 (18)
  2. Windows Vista - InstallMonetizer.AQ MSIL/BrowseFox.J Toolbar.Widgi.N Systweak.A
    Log-Analyse und Auswertung - 23.05.2015 (16)
  3. ADWARE-Browsefox beseitigen
    Plagegeister aller Art und deren Bekämpfung - 11.03.2015 (15)
  4. Browsefox.Gen löschen
    Plagegeister aller Art und deren Bekämpfung - 04.03.2015 (17)
  5. ADWARE/Browsefox.apa und viele mehr loswerden
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (9)
  6. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  7. ADWARE/BrowseFox.Gen2 Entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.11.2014 (11)
  8. verschiedene Viren, adwaredealplygen und browsefox.gen2 jetzt nur noch schwarzer Bildschirm mit Mauszeiger
    Log-Analyse und Auswertung - 22.11.2014 (18)
  9. ADWARE/BrowseFox.Gen2 Entfernen
    Plagegeister aller Art und deren Bekämpfung - 19.11.2014 (5)
  10. APPL/BrowseFox.gen
    Log-Analyse und Auswertung - 06.09.2014 (8)
  11. eBay-Fake eMail mit ZIP Anhang gespeichert, Windows 7- Avira: Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 29.08.2014 (17)
  12. Avast meldet ununterbrochen Bedrohung durch win32:BrowseFox-C[PUP]
    Plagegeister aller Art und deren Bekämpfung - 17.08.2014 (7)
  13. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  14. adware/browsefox.dac.1 (wie lässt sich diese lästige Adware entfernen?)
    Log-Analyse und Auswertung - 21.02.2014 (13)
  15. Win8 Whilokii, BrowseFox.A und Delta-Search, evtl. mehr...
    Log-Analyse und Auswertung - 03.11.2013 (11)
  16. Absturz Firefox und Funde ADWARE/InstallMat.D, TR/Barys.443.5, ADWARE/Adware.Gen6
    Log-Analyse und Auswertung - 03.01.2013 (19)
  17. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)

Zum Thema Adware.browsefox.aom - Hallo liebes Trojaner-Board, ich habe zurzeit ein Problem! Es geht um adware.browsefox. Avast hat mir gemeldet, dass ich eine kritische Browerereiterunger besitze. Ich entfernte sie und Avira meldete nach einigen - Adware.browsefox.aom...
Archiv
Du betrachtest: Adware.browsefox.aom auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.