Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.05.2015, 15:17   #1
Kasandra
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)



Hallo Trojanar-Bord Hilfer,
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ad2c371ff8da9a4d9e3a9d91caeab567
# engine=23915
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-19 01:37:34
# local_time=2015-05-19 03:37:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 192756 1574296 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 24244 183672504 0 0
# scanned=327003
# found=141
# cleaned=0
# scan_time=19051
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=6C1EDB37AD544B17264D337852395BC8E6E49E19 ft=1 fh=879928cccde82907 vn="Win32/Adware.ConvertAd.NK Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\NAME\AppData\Local\2A7D22F4-1430159342-11DF-AC85-7F8E9ACCAD4E\pnsqF5F3.exe.vir"
sh=66F59F946B116D84B2787EE2010CE6D1CC2635D9 ft=1 fh=fc91a06500238816 vn="Win32/DownloadAdmin.H evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name\Downloads\hotspotshield-setup_540.exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name\Downloads\HSS-3.42-install-hss-600-conduit (1).exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name\Downloads\HSS-3.42-install-hss-600-conduit.exe"
sh=16714534232C63B22C439E8A69DD083E1EC2A846 ft=1 fh=40849a6985947c00 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name\Downloads\HSS-3.42-install-hss-691-conduit.exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name\Downloads\ReimageRepair (1).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name\Downloads\ReimageRepair (2).exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name\Downloads\ReimageRepair.exe"
sh=66F59F946B116D84B2787EE2010CE6D1CC2635D9 ft=1 fh=fc91a06500238816 vn="Win32/DownloadAdmin.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name\Downloads\hotspotshield-setup_540.exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name\Downloads\HSS-3.42-install-hss-600-conduit (1).exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name\Downloads\HSS-3.42-install-hss-600-conduit.exe"
sh=16714534232C63B22C439E8A69DD083E1EC2A846 ft=1 fh=40849a6985947c00 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name\Downloads\HSS-3.42-install-hss-691-conduit.exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name\Downloads\ReimageRepair (1).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name\Downloads\ReimageRepair (2).exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name\Downloads\ReimageRepair.exe"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\nsb71E8.tmp"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\nseFCC6.tmp"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\nsn5EE3.tmp"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\nsnA018.tmp"
sh=20755E07B7A5883463F1E467B926DCDEDD374066 ft=0 fh=0000000000000000 vn="Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.2.2_0\background_with_deps.js"
sh=242FB20EC87B287E9BDC8043140CDE35E336D1F2 ft=0 fh=0000000000000000 vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00VMXDW7\1[2].zip"
sh=DD803B0369F4A0044AC0A42CDA686DFB47D02554 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00VMXDW7\main[1].htm"
sh=1241E36C82255D6C16D359A436133CDC82EC81C7 ft=1 fh=17d1ec1f8ce1b4d0 vn="Variante von Win32/DownloadAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00VMXDW7\mediaplayer[1].exe"
sh=33049B804F6837579AD782694692273FFD43ED17 ft=1 fh=1b2ddb3a5e7fcade vn="Win32/ReImageRepair.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00VMXDW7\ReimageExpress[1].exe"
sh=5ACE9AF344DA3A80B490B464254A37D2B37D5DAC ft=1 fh=dd696e5367b0b862 vn="Variante von Win32/Toolbar.CrossRider.CL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00VMXDW7\setup[4].exe"
sh=C1FEC4694D5EAD1CEBA9FAF32EF12B1B9BE65B5C ft=1 fh=c71c0011a56d2426 vn="Win32/Adware.ConvertAd.JZ Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00VMXDW7\Update_Notifier[1].exe"
sh=7EAF878A614CCF717F99BAEB18F3FD6E6734D62C ft=1 fh=e7a1d499f54e3a1d vn="Variante von MSIL/Adware.Imali.A Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0UC16D2\OfferInstaller_dotnet4[1].exe"
sh=FDE5A22121C651550BED632BEA076862C3402406 ft=1 fh=392424428ddb8ffa vn="Win32/Adware.ConvertAd.NK Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0UC16D2\SFSetup[1].exe"
sh=9ABBAF453246D0C43D62E3A372F40807FB500BCD ft=1 fh=c71c0011f21cd2d8 vn="Win32/AnyProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDMSRLST\AnyProtect[1].exe"
sh=80BE39FB282455943D366971E61DF8C645D27243 ft=1 fh=eb248a9ed58fb380 vn="Variante von Win32/LiMo.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDMSRLST\cmi_luckysearches[1].exe"
sh=DA8AE6B1C058AD28B76FE32000B5AFB4BAF7260C ft=1 fh=e02d0a10088c14b5 vn="Win32/Adware.ConvertAd.NK Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDMSRLST\cmmdWriter[1].exe"
sh=FA45200496F949EDE540FE4FD4BEA7982EB5EC62 ft=1 fh=d40dd28939fc4f8a vn="Win32/Adware.ConvertAd.NK Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDMSRLST\policyname[1].exe"
sh=3A9FABB73B63FA202970779ACA6C32CE9116A973 ft=1 fh=efdea4bb99cc4ea2 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDMSRLST\WinCheckSetup[1].exe"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSJ2ZISK\AnyProtectSetup[1].exe"
sh=F7F68906A9BD926EFC4889D15113E66826574F53 ft=1 fh=9d6689f747bb1415 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSJ2ZISK\ConvertAdSetup[1].exe"
sh=458D93ACB54C46BEC9F2AE459D4074736E414035 ft=1 fh=360861b198e36f2b vn="Variante von Win32/Adware.Vitruvian.F Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSJ2ZISK\infonaut-setup-1.10.0.14[1].exe"
sh=5FBBF79F115385CEA5E54B4FC1D7A0A3B4162C95 ft=1 fh=8ed72dc157ecf261 vn="Win32/Adware.ConvertAd.NK Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nsgEEFA.tmp"
sh=F7F68906A9BD926EFC4889D15113E66826574F53 ft=1 fh=9d6689f747bb1415 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nsk6AFB.tmp"
sh=4F7CC44147D1B44F9450951A7316ED7EB23DEEA1 ft=1 fh=541484c739b79d28 vn="Win32/Adware.ConvertAd.NK Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nsmCDE4.tmp"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nsn5EE3.tmp"
sh=3A9FABB73B63FA202970779ACA6C32CE9116A973 ft=1 fh=efdea4bb99cc4ea2 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nsu55B4.tmp"
sh=FDE5A22121C651550BED632BEA076862C3402406 ft=1 fh=392424428ddb8ffa vn="Win32/Adware.ConvertAd.NK Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nsvB2D6.tmp"
sh=49240F845ADB0D6788DB40C88959609F95E66815 ft=1 fh=a1b15b8ce620894b vn="Mehrere Bedrohungen" ac=I fn="C:\Users\NAME\AppData\Local\Temp\optprosetup.exe"
sh=33049B804F6837579AD782694692273FFD43ED17 ft=1 fh=1b2ddb3a5e7fcade vn="Win32/ReImageRepair.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\ReimageExpressSetup.exe"
sh=D200CCE7CD472C98F6E424C311352AE9A4F0C1E1 ft=1 fh=5862cb09a39a41f5 vn="Win32/ReImageRepair.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\ReimagePackage.exe"
sh=6A54134C4BFABB6E7DE3AD1E3A71BC07F0797762 ft=1 fh=4845552831e20848 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\NAME\AppData\Local\Temp\is-0DF0R.tmp\package_browsergood_installer_multilang.exe"
sh=215A44989DE30A284E28ECE270339CD384BCCA5A ft=1 fh=4845552800ff98fe vn="Mehrere Bedrohungen" ac=I fn="C:\Users\NAME\AppData\Local\Temp\is-0DF0R.tmp\package_optimizerpro_installer_multilang.exe"
sh=703B2CBE36B5BB4CCD0281C630FFEB6240C2D002 ft=1 fh=484555281c2084f8 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\NAME\AppData\Local\Temp\is-OCJ7N.tmp\package_SByoutube_installer_multilang.exe"
sh=1909F0A8A55D3B16953E46F4C813CF23F1BBCCB8 ft=1 fh=b603831b22b31133 vn="Variante von Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nsh4B24.tmp\nsPage_LoadOffer.dll"
sh=1909F0A8A55D3B16953E46F4C813CF23F1BBCCB8 ft=1 fh=b603831b22b31133 vn="Variante von Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nsh9F0.tmp\nsPage_LoadOffer.dll"
sh=1909F0A8A55D3B16953E46F4C813CF23F1BBCCB8 ft=1 fh=b603831b22b31133 vn="Variante von Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nsr4F58.tmp\nsPage_LoadOffer.dll"
sh=1909F0A8A55D3B16953E46F4C813CF23F1BBCCB8 ft=1 fh=b603831b22b31133 vn="Variante von Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nss7F1F.tmp\nsPage_LoadOffer.dll"
sh=1909F0A8A55D3B16953E46F4C813CF23F1BBCCB8 ft=1 fh=b603831b22b31133 vn="Variante von Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Local\Temp\nsx9EFE.tmp\nsPage_LoadOffer.dll"
sh=0825A760BE993A9ED8E57D0C88DB46F0881215E9 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn\1.0.1_0\background.js"
sh=548687E45072FD4FC27B37D4EB56893E33C9118A ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn\1.0.1_0\content.js"
sh=2D44DFDC38A6DDE1D93656451D5996F29F9DCD27 ft=1 fh=7c272d3303659065 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\Downloads\wzmp_10.exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name\Downloads\HSS-3.42-install-hss-600-conduit (1).exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name\Downloads\HSS-3.42-install-hss-600-conduit.exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name\Downloads\ReimageRepair (1).exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name\Downloads\ReimageRepair.exe"
sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="F:\Datensicherung Name 27.1.14\Downloads\iLividSetup-r394-n-bc.exe"
sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="F:\Datensicherung Name 27.1.14\Downloads\iLividSetup-r400-n-bc.exe"
sh=4295B37B690DAC8B2CCD040C9D23ADC02382A9C5 ft=1 fh=0c60622d2ef52dea vn="Win32/DomaIQ.AH evtl. unerwünschte Anwendung" ac=I fn="F:\Datensicherung Name 27.1.14\Downloads\Player_Setup.exe"
sh=C0C5435250AFFB89B2429D16AA4E60701943BB25 ft=1 fh=e68836b4ddf46e81 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="F:\Datensicherung Name 27.1.14\Downloads\SoftonicDownloader_fuer_k-lite-codec-pack.exe"
sh=0300AFB3C1A0E7EDEDFC80344AF3D7DF2E8F4C17 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="F:\NAME-PC\Backup Set 2015-01-16 180748\Backup Files 2015-01-16 180748\Backup files 2.zip"
sh=8AB63AB29D70BB793AC9C4594A2AF82D14CEDC3F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\NAME-PC\Backup Set 2015-01-16 180748\Backup Files 2015-01-16 180748\Backup files 43.zip"
sh=D0C8804169AED206B03723D0815BE5B98E6DF8A9 ft=0 fh=0000000000000000 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="F:\NAME-PC\Backup Set 2015-01-16 180748\Backup Files 2015-01-16 180748\Backup files 44.zip"
sh=DE0C7E55F51E3F6DD668D141C1C72CB263BBD4E6 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="F:\NAME-PC\Backup Set 2015-01-16 180748\Backup Files 2015-02-08 190001\Backup files 30.zip"
sh=93D70A00466109D35A45C0134ACDFB446C739377 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="F:\NAME-PC\Backup Set 2015-01-16 180748\Backup Files 2015-02-08 190001\Backup files 32.zip"
sh=567850E1A28F071530C0FBF2D7381B1AB711608C ft=0 fh=0000000000000000 vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="F:\NAME-PC\Backup Set 2015-01-16 180748\Backup Files 2015-02-15 190001\Backup files 3.zip"
sh=35B922C77E9F51BBF8A25D362152E8659AC4D14D ft=1 fh=1580afc1f00b3898 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="F:\Name\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="F:\Name\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="F:\Name\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll"
sh=C0794B81D4232F94E3E59917E6EFE025A5AC72D4 ft=1 fh=793aa3eeb17df0ba vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="F:\Name\AppData\Local\Conduit\Community Alerts\Alert.dll"
sh=FCD354F950BB5C0F50727B05E66468E47DE37704 ft=1 fh=17a42d112428317d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="F:\Name\AppData\Local\Conduit\CT2431245\softonic-de3AutoUpdaterHelper.exe"
sh=B8F37D0B5801CC3397559A4BADA6FB2E2AAA6165 ft=1 fh=8020d1625c184b6b vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="F:\Name\AppData\Local\Conduit\CT2801948\NCH_ENAutoUpdateHelper.exe"
sh=642822CB36493733B829D20B514471B46C5B0BD5 ft=1 fh=045ef86e0ed41b34 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="F:\Name\AppData\Local\Conduit\CT2801948\NCH_ENToolbarHelper.exe"
sh=13BC48C9A3E1BE59503D8C071D1285CC0B97A86B ft=1 fh=899e93eeab603faf vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\BearShareV10de.exe"
sh=5CE951D6844E09BD65F6B5E1F79BD2E2C3339C59 ft=1 fh=b126f8f7a8c98d66 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\DivxUpdate_de (1).exe"
sh=5CE951D6844E09BD65F6B5E1F79BD2E2C3339C59 ft=1 fh=b126f8f7a8c98d66 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\DivxUpdate_de (2).exe"
sh=5CE951D6844E09BD65F6B5E1F79BD2E2C3339C59 ft=1 fh=b126f8f7a8c98d66 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\DivxUpdate_de (3).exe"
sh=5CE951D6844E09BD65F6B5E1F79BD2E2C3339C59 ft=1 fh=b126f8f7a8c98d66 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\DivxUpdate_de (4).exe"
sh=5CE951D6844E09BD65F6B5E1F79BD2E2C3339C59 ft=1 fh=b126f8f7a8c98d66 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\DivxUpdate_de (5).exe"
sh=5CE951D6844E09BD65F6B5E1F79BD2E2C3339C59 ft=1 fh=b126f8f7a8c98d66 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\DivxUpdate_de.exe"
sh=453CCB565321D53E59A1506C9A3B29A4B983602E ft=1 fh=46a909a619375ef9 vn="NSIS/StartPage.BQ Trojaner" ac=I fn="F:\Laptop-Backup\Downloads\Flashplayer_hbr.exe"
sh=4FA04D5AE6763685D2E22C1FAF34D0999FBCEAF3 ft=1 fh=722070cb7d48ada1 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\FreeVideoToFlashConverter509 (1).exe"
sh=4FA04D5AE6763685D2E22C1FAF34D0999FBCEAF3 ft=1 fh=722070cb7d48ada1 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\FreeVideoToFlashConverter509.exe"
sh=630C243E952FED53F684A4A68E49B825A4619196 ft=1 fh=22fbd4060f33fdef vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\iLividSetup (1).exe"
sh=DD667FC070DED3AD62A5785A777D4E167B81D933 ft=1 fh=9e0978a017421b85 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\iLividSetup.exe"
sh=86A282773F57B0ADD31BDB09B99A07D407243334 ft=1 fh=c0ec450a4000c596 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\iMeshSetup-r1157-n-bc (1).exe"
sh=86A282773F57B0ADD31BDB09B99A07D407243334 ft=1 fh=c0ec450a4000c596 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\iMeshSetup-r1157-n-bc.exe"
sh=3A5A8FBBCDCA3841E5D805F33469875F10C71CB6 ft=1 fh=5267405932aa5f2c vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\iMeshV11de.exe"
sh=C9AE55F15B28459248B14CDDB03B3E33478C774A ft=1 fh=578a4d6752204186 vn="Win32/LoadTubes.B evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\npm.dll"
sh=F6D6E2A45E716AE42323D7E972B1A9504EB32A5F ft=1 fh=efce469d230090e4 vn="Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\rcpsetup_3335_new.exe"
sh=08FCE35D0BFC3C2B957A9A6EE26E9E7F3BCFE652 ft=1 fh=2d0f86c82113b523 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\registrybooster.exe"
sh=54E6E77FE7E70D680D56DEDF0503FA3BEDE18059 ft=1 fh=3957f90093c05c66 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\Setup.exe"
sh=CFCF0ADB9C1CF62D655041B7082EF3B017E1C3EF ft=1 fh=c3cf7631b8bb7034 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\setup_codec_3dx (1).exe"
sh=CFCF0ADB9C1CF62D655041B7082EF3B017E1C3EF ft=1 fh=c3cf7631b8bb7034 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\setup_codec_3dx (2).exe"
sh=A8629BCB0CB7B995CDA9F6829ADBDD3070902FE9 ft=1 fh=238d9fcda8c98d66 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\setup_codec_3dx (3).exe"
sh=A8629BCB0CB7B995CDA9F6829ADBDD3070902FE9 ft=1 fh=238d9fcda8c98d66 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\setup_codec_3dx (4).exe"
sh=CFCF0ADB9C1CF62D655041B7082EF3B017E1C3EF ft=1 fh=c3cf7631b8bb7034 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\setup_codec_3dx.exe"
sh=3688C37930585EF4D3689AEAF78297CE8893CCE3 ft=1 fh=9c7b498cf0067834 vn="Variante von Win32/LoadTubes.C evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\toolbar.dll"
sh=18F831AB18CD8BFDAFD4AD469C7A6368E265B313 ft=1 fh=2347a5a568b8e5ba vn="Win32/Toolbar.Inbox.D evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\TVSetup.exe"
sh=E27B3D7DC6E1D8EE5C398238C6E2059A385B0656 ft=1 fh=0a752b4a288ad097 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\vpsetup.exe"
sh=83F7491AAA9DAF73337CC0B2D13A40EFD4C19339 ft=1 fh=7fcedeea9049f953 vn="Win32/TopMedia.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\vshare-plugin.exe"
sh=D8389995D8CB8836B399F43303F3BA7666927767 ft=1 fh=42b12dc4d29d5673 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\wrar401d.exe"
sh=EEF40F3F5B9E8A15E6C31C13F092321B52B58ADE ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\chrome@loadtubes.com\background.js"
sh=121A47B1DE7B73677B7EEFFA9DE86C1264A41633 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwünschte Anwendung" ac=I fn="F:\Laptop-Backup\Downloads\software@loadtubes.com\chrome\content\loadtbs.js"
sh=4B0FA6BDE710EC3547C8604BE312EA380116503E ft=1 fh=4b1e9915a751f03e vn="Variante von Win32/4Shared.T evtl. unerwünschte Anwendung" ac=I fn="F:\Neuer Ordner\B1FreeArchiver_1.5.86.exe"
sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="F:\Neuer Ordner\iLividSetup-r394-n-bc.exe"
sh=8AE6AF24A0E6B3005AF09A136674FE195191DCF9 ft=1 fh=4990242b8e3b0363 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="F:\Neuer Ordner\iLividSetup-r400-n-bc.exe"
sh=1B2E938EAEA27B990355B6C3DB6C1C1A9F33BFB4 ft=1 fh=c71c0011ddfe20fa vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll"
sh=7A18C5B083B2038CB2DE877694085DF633F40C46 ft=1 fh=c71c0011b1f6426d vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll"
sh=AC056A6D25E04155BA23BF34670C3E6D2A85B248 ft=1 fh=c71c0011bbd638b2 vn="Variante von Win32/Toolbar.Babylon.AA evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe"
sh=C02A094933FD68AE44EAE0EA249EB6A981353C91 ft=1 fh=1cff81f31528b9a9 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll"
sh=9E60FE40C5BA463780413D5D22446858015EFF4B ft=1 fh=b2e9a257c367f009 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
sh=15AA45495C94233D3198CF37C2A48EEAFE8F5A5A ft=1 fh=ec6dae5e208ec01b vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsbandmltbpi.dll"
sh=35129EB1712E6D18A6598A4C1B4B44EBB395AF34 ft=1 fh=979f60e6ec24cc67 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\DVDVideoSoftTB\ldrtbDVDV.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll"
sh=0088967A4ED52F491976136C95D43E0E1B06CC31 ft=1 fh=747164d7710b2556 vn="Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll"
sh=74F62A9ACDB9F9DD0580D69450C062BA8870DEEA ft=1 fh=daae48e4533266e0 vn="Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll"
sh=E1E883B9345BD74B0C7E158751C60B0EE2139677 ft=1 fh=f225799ffa29083c vn="Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe"
sh=A1BE7D513D40B1A0AF1AA1FD73C2C2B6173AC700 ft=1 fh=eaf29083931cc401 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll"
sh=CC22B0AA6F4B5367865B75F3C0AFA788C7F97D8E ft=1 fh=d3b414c31cf2ce68 vn="Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="F:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name\Downloads\HSS-3.42-install-hss-600-conduit (1).exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name\Downloads\HSS-3.42-install-hss-600-conduit.exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name\Downloads\ReimageRepair (1).exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name\Downloads\ReimageRepair.exe"
sh=66F59F946B116D84B2787EE2010CE6D1CC2635D9 ft=1 fh=fc91a06500238816 vn="Win32/DownloadAdmin.H evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-02-26.190130)\C Drive\Users\Name\Downloads\hotspotshield-setup_540.exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-02-26.190130)\C Drive\Users\Name\Downloads\HSS-3.42-install-hss-600-conduit (1).exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-02-26.190130)\C Drive\Users\Name\Downloads\HSS-3.42-install-hss-600-conduit.exe"
sh=16714534232C63B22C439E8A69DD083E1EC2A846 ft=1 fh=40849a6985947c00 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-02-26.190130)\C Drive\Users\Name\Downloads\HSS-3.42-install-hss-691-conduit.exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-02-26.190130)\C Drive\Users\Name\Downloads\ReimageRepair (1).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-02-26.190130)\C Drive\Users\Name\Downloads\ReimageRepair (2).exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="F:\SamsungRecovery\SamsungData\DataBackup#(2015-02-26.190130)\C Drive\Users\Name\Downloads\ReimageRepair.exe"

Alt 19.05.2015, 15:23   #2
M-K-D-B
/// TB-Ausbilder
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Wozu hast du ESET laufen lassen?



Zur ersten Analyse bitte FRST ausführen:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 19.05.2015, 20:35   #3
Kasandra
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by NAME at 2015-05-19 21:24:10
Running from C:\Users\NAME\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3322448490-314981258-3538992574-500 - Administrator - Disabled)
Gast (S-1-5-21-3322448490-314981258-3538992574-501 - Limited - Disabled)
NAME (S-1-5-21-3322448490-314981258-3538992574-1001 - Administrator - Enabled) => C:\Users\NAME
HomeGroupUser$ (S-1-5-21-3322448490-314981258-3538992574-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AnyPC Client (HKLM-x32\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.23 - Doctorsoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
BatteryLifeExtender (HKLM-x32\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.41 - Samsung)
Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM-x32\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.206 - McAfee, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

18-05-2015 00:30:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01B3D1E1-F657-4E81-867A-16FD5F494970} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {01B8ADB4-248B-4798-BF1E-2D56A5EDA83B} - System32\Tasks\APSchedulerC => C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe [2009-10-20] (DoctorSoft)
Task: {031780A1-A51C-4DA2-8E54-3CECC0706A7E} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {28ACB30E-A847-4E15-A67F-DA1B35F6A38D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3322448490-314981258-3538992574-1001
Task: {2F0AC871-0C77-499A-BA87-D8510A4E0842} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {39907A7D-F8E6-49F7-B2F1-25EBE958A43B} - System32\Tasks\KOUXJCT1 => C:\ProgramData\LolliScan\LolliScan.exe
Task: {3FDECC49-44E8-44D9-8445-52133D8C528F} - System32\Tasks\avastBCLRestartS-1-5-21-3322448490-314981258-3538992574-1001 => Chrome.exe
Task: {449F3363-7FDD-470B-9A1B-D3C5F54110EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {5E2B7CED-05FA-4DC0-9908-13E14D123B7F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6692E917-223F-4293-81BC-E133696F2111} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-10-07] (SEC)
Task: {6883BD0A-AED7-4D86-8845-E5AF2957517A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-04] (Google Inc.)
Task: {73F02508-5C8E-4BD6-BF44-E123243B084C} - \EasySpeedUpManager No Task File <==== ATTENTION
Task: {8F4CAFB5-A3FE-47BC-9066-397859A9ACCF} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {9D8B0ACB-56E3-4A25-9895-0A6B6D6CFC2E} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {9E496484-1215-4EAE-8435-ADF72B705743} - System32\Tasks\{758E9634-3C1E-47D3-81DF-495F72B94F5E} => pcalua.exe -a C:\Users\NAME\AppData\Roaming\luckysearches\UninstallManager.exe -c -ptid=cmi
Task: {A1727EC6-EDCB-4560-87A7-EC49EFA537BE} - System32\Tasks\{D1A9DA31-EE25-4F9E-B14A-B80EBE196C87} => pcalua.exe -a C:\Users\NAME\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=cmi
Task: {B05B30E4-B963-49EE-A44A-EDD7D864A398} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {CBB9A4E2-AE7F-4D27-BF3C-CED0AD0AE498} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-04] (Google Inc.)
Task: {D8579408-D95A-40D0-9DEA-326DF25B90B8} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {F48CF397-95F1-4465-B765-3E98CDC1152F} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FF241637-A579-4205-B881-F94B92877445} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\KOUXJCT1.job => C:\ProgramData\LolliScan\LolliScan.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-20 08:01 - 2015-02-20 08:01 - 00022528 _____ () C:\Windows\System32\us001lm.dll
2015-02-20 08:01 - 2015-02-20 08:01 - 01603584 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\us001du.dll
2015-05-01 10:22 - 2015-05-01 10:22 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-01 10:22 - 2015-05-01 10:22 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-18 22:16 - 2015-05-18 22:16 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051801\algo.dll
2015-05-19 12:55 - 2015-05-19 12:55 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051900\algo.dll
2015-05-01 10:22 - 2015-05-01 10:22 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-10 19:07 - 2013-07-10 19:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-05-17 09:59 - 2015-05-05 06:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-17 09:59 - 2015-05-05 06:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-05-17 09:59 - 2015-05-05 06:06 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3322448490-314981258-3538992574-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{46A5C8BE-819C-4EC5-BAC6-59457121FB46}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{0DE907FE-1D4B-4A73-8014-9FEBA20F0B01}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{25E6A57C-38CD-414E-AAB5-2D93A2E7B902}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{A3E55C8D-F260-4AC7-815C-C39CB809EFCA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5FE27080-4047-4082-833F-7B36F0193119}] => (Allow) svchost.exe
FirewallRules: [{82A8B5F4-D027-4EB7-A749-E1F2A794B4B8}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{FC147D5D-5515-44D6-9FD0-A11FD16B1AD2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04751780-22CC-4D60-9C93-56B7D955C90C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCCFDAC5-2058-4F12-9038-4C06293BB663}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AACC3901-C074-40D7-BA4C-B21BFC67555B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{61FB8DAE-442D-46AD-8F43-98E07E577E87}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EA68CF91-EA64-45A1-84D6-1B37AD67759D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2015 08:57:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/19/2015 03:52:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/19/2015 10:13:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/19/2015 08:51:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NAME-PC.local already in use; will try NAME-PC-2.local instead

Error: (05/19/2015 08:51:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 NAME-PC.local. Addr 192.168.178.27

Error: (05/19/2015 08:51:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353 4 Name-PC.local. Addr 192.168.178.22

Error: (05/19/2015 08:22:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NAME-PC.local already in use; will try NAME-PC-2.local instead

Error: (05/19/2015 08:22:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 NAME-PC.local. Addr 192.168.178.27

Error: (05/19/2015 08:22:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353 4 Name-PC.local. Addr 192.168.178.22

Error: (05/19/2015 08:22:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NAME-PC.local already in use; will try NAME-PC-2.local instead


System errors:
=============
Error: (05/19/2015 08:53:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/19/2015 08:53:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/19/2015 08:53:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/19/2015 08:53:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/19/2015 08:53:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Rezip" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/19/2015 08:53:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McAfee SiteAdvisor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/19/2015 08:53:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/19/2015 08:53:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/19/2015 08:53:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/19/2015 08:53:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 3949.63 MB
Available physical RAM: 1948.66 MB
Total Pagefile: 7897.46 MB
Available Pagefile: 5463.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:347.01 GB) (Free:242 GB) NTFS
Drive d: () (Fixed) (Total:103.65 GB) (Free:91.72 GB) NTFS
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:175.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 250885B1)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0004A9A0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
__________________

Alt 20.05.2015, 15:51   #4
M-K-D-B
/// TB-Ausbilder
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)



Servus,


FRST erstellt 2 Logdateien, einfach die FRST.txt und einmal die Addition.txt.

Bitte poste noch den Inhalt der FRST.txt, dann kann es weitergehen.

Ferner möchte ich dich darauf hinweisen, dass es keine Hilfe per PM gibt, d. h. ich werde deine PMs nicht lesen. Halte bitte ferner Abstand davon, mir zukünftig PMs zu schicken. Nutze dein Thema hier.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 20.05.2015, 16:28   #5
Kasandra
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

Avast meldungen 20




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by NAME (administrator) on NAME-PC on 19-05-2015 21:23:08
Running from C:\Users\NAME\Downloads
Loaded Profiles: NAME (Available profiles: NAME)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] => C:\Program Files (x86)\AnyPC Client\APLangApp.exe [13312 2009-10-20] (DoctorSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-17] (Avast Software s.r.o.)
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-15] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-03-08] (Microsoft Corporation)
AppInit_DLLs-x32: c:\progra~3\{3282d~1\1170~1.1\sine.dll => "c:\progra~3\{3282d~1\1170~1.1\sine.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-03-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {07A8D34C-AAC5-4365-AE17-2006B9692B2A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE532D20091215&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {A7DD207A-40C4-4935-8536-BCABE2857E89} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-06] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-01] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg64.dll [2015-03-07] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2009-12-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-01]

Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-04]
CHR Extension: (YouTube) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-04]
CHR Extension: (Google Search) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-04]
CHR Extension: (Bookmark Manager) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-28]
CHR Extension: (Google Wallet) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-28]
CHR Extension: (Google Quick Scroll) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-04-30]
CHR Extension: (Gmail) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-21]
CHR HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]

Opera: 
=======
OPR Extension: (Browser Good) - C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn [2015-04-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-04-10] (McAfee, Inc.)
S2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-01] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 cpuz134; \??\C:\Users\NAME\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 21:23 - 2015-05-19 21:23 - 00019389 _____ () C:\Users\NAME\Downloads\FRST.txt
2015-05-19 21:22 - 2015-05-19 21:23 - 00000000 ____D () C:\FRST
2015-05-19 21:19 - 2015-05-19 21:20 - 02107904 _____ (Farbar) C:\Users\NAME\Downloads\FRST64.exe
2015-05-19 21:09 - 2015-05-19 21:09 - 00001263 _____ () C:\Users\NAME\Desktop\OnlineScannerUninstaller - Verknüpfung.lnk
2015-05-19 20:56 - 2015-05-19 20:56 - 02209792 _____ () C:\Users\NAME\Downloads\AdwCleaner_4.204 (2).exe
2015-05-19 10:13 - 2015-05-19 10:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-19 10:11 - 2015-05-19 10:12 - 02347384 _____ (ESET) C:\Users\NAME\Downloads\esetsmartinstaller_deu.exe
2015-05-19 08:56 - 2015-05-19 08:56 - 00001435 _____ () C:\Users\NAME\Desktop\JRT.txt
2015-05-19 08:52 - 2015-05-19 08:52 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NAME-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-19 08:52 - 2015-05-19 08:52 - 00000000 ____D () C:\RegBackup
2015-05-19 08:51 - 2015-05-19 08:52 - 02720186 _____ (Thisisu) C:\Users\NAME\Downloads\JRT.exe
2015-05-19 08:44 - 2015-05-19 08:45 - 00010440 _____ () C:\Users\NAME\Documents\adwcleanerergebnis.txt
2015-05-19 08:32 - 2015-05-19 08:32 - 02209792 _____ () C:\Users\NAME\Downloads\AdwCleaner_4.204 (1).exe
2015-05-19 08:25 - 2015-05-19 20:58 - 00000000 ____D () C:\AdwCleaner
2015-05-19 08:24 - 2015-05-19 08:24 - 02209792 _____ () C:\Users\NAME\Downloads\AdwCleaner_4.204.exe
2015-05-19 08:15 - 2015-05-19 08:15 - 00004622 _____ () C:\antimalware.txt
2015-05-18 14:14 - 2015-05-19 08:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 14:14 - 2015-05-18 14:14 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-18 14:14 - 2015-05-18 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-18 14:14 - 2015-05-18 14:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-18 14:14 - 2015-05-18 14:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-18 14:14 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 14:14 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 14:14 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 14:11 - 2015-05-18 14:11 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\NAME\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-18 14:08 - 2015-05-18 14:08 - 04798152 _____ (WinZip International LLC ) C:\Users\NAME\Downloads\wzmp_10.exe
2015-05-18 00:32 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 00:32 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 22:43 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-17 22:43 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-17 22:43 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-17 22:43 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-17 22:42 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-17 22:42 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-17 22:42 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-17 22:42 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-17 22:42 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-17 22:42 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-17 22:42 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-17 22:42 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-17 22:42 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-17 22:42 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-17 22:42 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-17 22:42 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-17 22:42 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-17 22:42 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-17 22:42 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-17 22:42 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-17 22:42 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-17 22:42 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-17 22:42 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-17 22:42 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-17 22:42 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-17 22:42 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-17 22:42 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-17 22:42 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-17 22:42 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-17 22:42 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-17 22:42 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-17 22:42 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-17 22:42 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-17 22:42 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-17 22:42 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-17 22:42 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-17 22:42 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-17 22:42 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-17 22:42 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-17 22:42 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-17 22:42 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-17 22:42 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-17 22:42 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-17 22:42 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-17 22:42 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-17 22:42 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-17 22:42 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-17 22:42 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-17 22:42 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-17 22:42 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-17 22:42 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-17 22:42 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-17 22:42 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-17 22:42 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-17 22:42 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-17 22:42 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-17 22:42 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-17 22:42 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-17 22:42 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-17 22:42 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-17 22:42 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-17 22:42 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-17 22:42 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-17 22:42 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-17 22:41 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-17 22:41 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-17 22:41 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-17 22:41 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-17 22:41 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-17 22:41 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-17 22:41 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-17 22:41 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-17 22:41 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-17 22:41 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-17 22:41 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-17 22:41 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-17 22:41 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-17 22:41 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-17 22:41 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-17 22:41 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-17 22:41 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-17 22:41 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-17 22:41 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-17 22:41 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-17 22:41 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-17 22:41 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-17 22:41 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-17 22:41 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-17 22:41 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-17 22:41 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-17 22:41 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-17 22:41 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-17 22:41 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-17 22:41 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-17 22:40 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-17 22:40 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-17 22:40 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-17 22:40 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-17 22:40 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-17 22:40 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-17 22:40 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-17 22:40 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-17 22:40 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-17 22:40 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-17 22:39 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-17 22:39 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-17 22:39 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-17 22:39 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-17 22:39 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-17 22:39 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-17 22:39 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-17 22:39 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-06 23:33 - 2015-05-06 23:33 - 00036953 _____ () C:\Users\NAME\Downloads\Outlook.com.zip
2015-05-06 10:41 - 2015-05-06 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-05-06 10:38 - 2015-05-06 10:39 - 71647536 _____ (Apple Inc.) C:\Users\NAME\Downloads\icloudsetup.exe
2015-05-03 16:17 - 2015-05-06 22:12 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\Apple Computer
2015-05-03 16:17 - 2015-05-03 16:17 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-03 16:17 - 2015-05-03 16:17 - 00000000 ____D () C:\Users\NAME\AppData\Local\Apple Computer
2015-05-03 16:17 - 2015-05-03 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-03 16:16 - 2015-05-03 16:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-03 16:16 - 2015-05-03 16:16 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-03 16:16 - 2015-05-03 16:16 - 00000000 ____D () C:\Program Files\iTunes
2015-05-03 16:16 - 2015-05-03 16:16 - 00000000 ____D () C:\Program Files\iPod
2015-05-03 16:16 - 2015-05-03 16:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-03 16:16 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-05-03 15:06 - 2015-05-03 15:06 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-03 15:06 - 2015-05-03 15:06 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-03 15:06 - 2015-05-03 15:06 - 00000000 ____D () C:\Users\NAME\AppData\Local\Apple
2015-05-03 15:06 - 2015-05-03 15:06 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-03 15:04 - 2015-05-06 10:40 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-03 15:04 - 2015-05-03 15:04 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-03 15:04 - 2015-05-03 15:04 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-05-03 15:03 - 2015-05-03 16:17 - 00000000 ____D () C:\ProgramData\Apple
2015-05-03 14:58 - 2015-05-03 15:00 - 152362800 _____ (Apple Inc.) C:\Users\NAME\Downloads\iTunes6464Setup.exe
2015-05-03 10:03 - 2015-05-03 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-05-03 09:55 - 2015-05-18 00:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-03 09:55 - 2015-05-18 00:33 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-02 11:29 - 2015-05-02 11:29 - 00613255 _____ (CMI Limited) C:\Users\NAME\AppData\Local\nsnA018.tmp
2015-05-02 11:28 - 2014-11-24 23:09 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2015-05-02 08:15 - 2015-02-24 04:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-02 01:04 - 2015-05-02 18:42 - 00003288 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3322448490-314981258-3538992574-1001
2015-05-01 10:24 - 2015-05-01 10:24 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\AVAST Software
2015-05-01 10:23 - 2015-05-04 12:48 - 00000000 ____D () C:\Windows\System32\Tasks\AVAST Software
2015-05-01 10:23 - 2015-05-01 10:23 - 00001922 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-01 10:23 - 2015-05-01 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-01 10:22 - 2015-05-19 08:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-01 10:22 - 2015-05-01 10:22 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-01 10:22 - 2015-05-01 10:22 - 00356280 _____ (Dropbox, Inc.) C:\Users\Public\Desktop\DropboxInstallerAvast.exe
2015-05-01 10:22 - 2015-05-01 10:22 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-01 10:22 - 2015-05-01 10:22 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-01 10:20 - 2015-05-01 10:20 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-01 10:19 - 2015-05-01 10:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-01 10:18 - 2015-05-01 10:19 - 05481344 _____ (Avast Software s.r.o.) C:\Users\NAME\Downloads\avast_free_antivirus_setup_online_cbild.exe
2015-05-01 09:55 - 2015-05-01 09:55 - 00000000 ____D () C:\Users\NAME\AppData\Local\CrashRpt
2015-04-30 10:29 - 2015-04-30 10:29 - 00003164 _____ () C:\Windows\System32\Tasks\{D1A9DA31-EE25-4F9E-B14A-B80EBE196C87}
2015-04-30 08:15 - 2015-05-01 10:03 - 00000177 _____ () C:\Windows\SysWOW64\SetupComponents.exe
2015-04-30 00:46 - 2015-05-01 10:26 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\jellylam
2015-04-29 11:01 - 2015-04-29 11:01 - 00001219 _____ () C:\Users\NAME\Downloads\setup.website
2015-04-29 10:24 - 2015-04-29 10:24 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\Mozilla
2015-04-28 21:20 - 2015-04-28 21:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-04-28 13:47 - 2015-05-19 08:39 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-28 13:34 - 2015-04-28 13:34 - 00291976 _____ () C:\Windows\Minidump\042815-57845-01.dmp
2015-04-28 12:06 - 2015-04-28 12:06 - 00613255 _____ (CMI Limited) C:\Users\NAME\AppData\Local\nsb71E8.tmp
2015-04-28 11:54 - 2015-04-28 11:54 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-28 09:53 - 2015-04-28 09:53 - 00003170 _____ () C:\Windows\System32\Tasks\{758E9634-3C1E-47D3-81DF-495F72B94F5E}
2015-04-28 09:14 - 2015-04-28 09:13 - 00613255 _____ (CMI Limited) C:\Users\NAME\AppData\Local\nsn5EE3.tmp
2015-04-27 19:44 - 2015-04-28 08:44 - 00000069 _____ () C:\Users\NAME\AppData\Roaming\WB.CFG
2015-04-27 18:55 - 2015-04-27 18:55 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-04-27 18:53 - 2015-04-27 18:53 - 00613255 _____ (CMI Limited) C:\Users\NAME\AppData\Local\nseFCC6.tmp
2015-04-27 18:50 - 2015-05-03 09:49 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-27 18:25 - 2015-05-17 11:11 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\2A7D22F4-1430151929-11DF-AC85-7F8E9ACCAD4E
2015-04-27 18:25 - 2015-04-27 18:25 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\Opera Software
2015-04-27 18:25 - 2015-04-27 18:25 - 00000000 ____D () C:\Users\NAME\AppData\Local\Opera Software
2015-04-27 18:24 - 2015-05-19 08:42 - 00000336 _____ () C:\Windows\Tasks\KOUXJCT1.job
2015-04-27 18:24 - 2015-05-01 11:01 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\PDFConvert
2015-04-27 18:24 - 2015-05-01 10:26 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\Winsta
2015-04-27 18:24 - 2015-05-01 10:26 - 00000000 ____D () C:\ProgramData\8a1ad0e032bd458e9dd0923cb1927c1e
2015-04-27 18:24 - 2015-04-27 18:24 - 00002858 _____ () C:\Windows\System32\Tasks\KOUXJCT1
2015-04-27 18:24 - 2015-04-27 18:24 - 00000000 ____D () C:\ProgramData\69ae6312743247e0afc15073a8e79ffb
2015-04-27 18:23 - 2015-04-28 08:58 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-27 18:23 - 2015-04-27 18:23 - 00001706 _____ () C:\Users\NAME\Desktop\Continue Adobe Flash Player.lnk
2015-04-24 11:30 - 2015-04-24 11:30 - 05733212 _____ () C:\Users\NAME\Downloads\Schnorcheltipps.......zip
2015-04-24 10:08 - 2015-04-25 23:51 - 00000000 ____D () C:\Users\NAME\Documents\Müllkalender
2015-04-19 14:20 - 2015-05-01 11:01 - 00000626 _____ () C:\Users\NAME\AppData\Roaming\dmYnp2Y6h

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 21:22 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 21:22 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 20:54 - 2009-12-15 09:20 - 01986459 _____ () C:\Windows\WindowsUpdate.log
2015-05-19 20:39 - 2015-03-04 09:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 09:46 - 2015-03-04 09:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 09:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-19 08:42 - 2010-03-04 14:54 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-05-19 08:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 08:41 - 2009-12-16 02:29 - 00705254 _____ () C:\Windows\PFRO.log
2015-05-19 08:41 - 2009-07-14 06:51 - 00046523 _____ () C:\Windows\setupact.log
2015-05-19 08:39 - 2015-03-04 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-19 08:39 - 2010-03-04 15:16 - 00001001 _____ () C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-18 09:51 - 2009-12-15 23:59 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2015-05-18 09:51 - 2009-12-15 23:59 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2015-05-18 09:51 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 09:44 - 2009-07-14 06:45 - 00348664 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 09:40 - 2009-12-15 23:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-18 09:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-18 09:39 - 2015-03-25 01:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-18 09:39 - 2015-03-25 01:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 00:43 - 2010-03-04 15:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-18 00:32 - 2015-03-25 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-17 09:29 - 2015-03-04 09:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 09:29 - 2015-03-04 09:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-03 10:02 - 2010-03-04 15:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-05-02 07:58 - 2009-12-15 09:34 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-02 07:58 - 2009-12-15 09:34 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-02 07:55 - 2015-03-14 15:56 - 00000000 ____D () C:\Users\Emel
2015-05-01 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-28 13:34 - 2015-03-04 09:26 - 00000000 ____D () C:\Windows\Minidump
2015-04-28 13:33 - 2015-03-04 09:26 - 440823047 _____ () C:\Windows\MEMORY.DMP
2015-04-28 12:07 - 2009-12-15 09:50 - 00000000 ____D () C:\Program Files (x86)\AnyPC Client
2015-04-27 18:50 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-27 18:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-27 18:24 - 2010-03-04 14:59 - 00000000 ____D () C:\Users\NAME\AppData\Local\Adobe
2015-04-26 09:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

==================== Files in the root of some directories =======

2015-04-19 14:20 - 2015-05-01 11:01 - 0000626 _____ () C:\Users\NAME\AppData\Roaming\dmYnp2Y6h
2015-04-27 19:44 - 2015-04-28 08:44 - 0000069 _____ () C:\Users\NAME\AppData\Roaming\WB.CFG
2015-04-28 12:06 - 2015-04-28 12:06 - 0613255 _____ (CMI Limited) C:\Users\NAME\AppData\Local\nsb71E8.tmp
2015-04-27 18:53 - 2015-04-27 18:53 - 0613255 _____ (CMI Limited) C:\Users\NAME\AppData\Local\nseFCC6.tmp
2015-04-28 09:14 - 2015-04-28 09:13 - 0613255 _____ (CMI Limited) C:\Users\NAME\AppData\Local\nsn5EE3.tmp
2015-05-02 11:29 - 2015-05-02 11:29 - 0613255 _____ (CMI Limited) C:\Users\NAME\AppData\Local\nsnA018.tmp
2009-12-15 09:29 - 2009-12-15 09:29 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-12-15 09:27 - 2009-12-15 09:28 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2009-12-15 09:24 - 2009-12-15 09:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-12-15 09:28 - 2009-12-15 09:29 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2009-12-15 09:24 - 2009-12-15 09:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-12-15 09:25 - 2009-12-15 09:27 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\NAME\AppData\Local\Temp\8FFD427E-F52C-37D3-608D-352F36983F31.dll
C:\Users\NAME\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\NAME\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\NAME\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\NAME\AppData\Local\Temp\optprosetup.exe
C:\Users\NAME\AppData\Local\Temp\ReimageExpressSetup.exe
C:\Users\NAME\AppData\Local\Temp\ReimagePackage.exe
C:\Users\NAME\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\NAME\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-17 08:44

==================== End Of Log ============================
         
--- --- ---


Alt 20.05.2015, 16:32   #6
M-K-D-B
/// TB-Ausbilder
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)



Zukünftig bitte beachten:
Zitat:
Running from C:\Users\NAME\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)

Alt 20.05.2015, 17:34   #7
Kasandra
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)



Code:
ATTFilter
ComboFix 15-05-19.01 - NAME 20.05.2015  18:17:23.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3950.2268 [GMT 2:00]
ausgeführt von:: c:\users\NAME\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\NAME\AppData\Local\nsb71E8.tmp
c:\users\NAME\AppData\Local\nseFCC6.tmp
c:\users\NAME\AppData\Local\nsn5EE3.tmp
c:\users\NAME\AppData\Local\nsnA018.tmp
c:\windows\SysWow64\SetupComponents.exe
F:\autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-20 bis 2015-05-20  ))))))))))))))))))))))))))))))
.
.
2015-05-20 16:26 . 2015-05-20 16:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-20 16:25 . 2015-05-20 16:25	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{554EC274-C0E1-4D11-B120-2B86B2DED713}\offreg.3724.dll
2015-05-20 07:40 . 2015-05-20 07:40	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{554EC274-C0E1-4D11-B120-2B86B2DED713}\offreg.2844.dll
2015-05-19 21:24 . 2015-05-19 21:24	--------	d-----w-	c:\windows\Migration
2015-05-19 19:22 . 2015-05-19 19:24	--------	d-----w-	C:\FRST
2015-05-19 18:50 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{554EC274-C0E1-4D11-B120-2B86B2DED713}\mpengine.dll
2015-05-19 06:52 . 2015-05-19 06:52	--------	d-----w-	C:\RegBackup
2015-05-19 06:25 . 2015-05-20 15:53	--------	d-----w-	C:\AdwCleaner
2015-05-18 12:14 . 2015-05-20 12:48	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-18 12:14 . 2015-05-18 12:14	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-05-18 12:14 . 2015-05-18 12:14	--------	d-----w-	c:\programdata\Malwarebytes
2015-05-18 12:14 . 2015-04-14 07:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-05-18 12:14 . 2015-04-14 07:37	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-18 12:14 . 2015-04-14 07:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-05-17 22:32 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 22:32 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 20:43 . 2015-05-05 01:29	342016	----a-w-	c:\windows\system32\schannel.dll
2015-05-17 20:43 . 2015-05-05 01:12	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-17 20:43 . 2015-04-18 03:10	460800	----a-w-	c:\windows\system32\certcli.dll
2015-05-17 20:43 . 2015-04-18 02:56	342016	----a-w-	c:\windows\SysWow64\certcli.dll
2015-05-17 20:41 . 2015-04-13 03:28	328704	----a-w-	c:\windows\system32\services.exe
2015-05-17 20:40 . 2015-04-20 03:17	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-05-17 20:39 . 2015-02-18 07:04	142336	----a-w-	c:\windows\system32\poqexec.exe
2015-05-17 20:39 . 2015-03-04 04:41	6656	----a-w-	c:\windows\system32\shimeng.dll
2015-05-17 20:39 . 2015-03-04 04:41	72192	----a-w-	c:\windows\system32\aelupsvc.dll
2015-05-17 20:39 . 2015-03-04 04:41	342016	----a-w-	c:\windows\system32\apphelp.dll
2015-05-17 20:39 . 2015-03-04 04:41	23552	----a-w-	c:\windows\system32\sdbinst.exe
2015-05-17 20:39 . 2015-03-04 04:11	5120	----a-w-	c:\windows\SysWow64\shimeng.dll
2015-05-17 20:39 . 2015-03-04 04:10	295936	----a-w-	c:\windows\SysWow64\apphelp.dll
2015-05-17 20:39 . 2015-03-04 04:10	20992	----a-w-	c:\windows\SysWow64\sdbinst.exe
2015-05-03 14:17 . 2015-05-06 20:12	--------	d-----w-	c:\users\NAME\AppData\Roaming\Apple Computer
2015-05-03 14:17 . 2015-05-03 14:17	--------	d-----w-	c:\users\NAME\AppData\Local\Apple Computer
2015-05-03 14:16 . 2012-10-03 14:14	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2015-05-03 14:16 . 2015-05-03 14:16	--------	d-----w-	c:\program files\iPod
2015-05-03 14:16 . 2015-05-03 14:16	--------	d-----w-	c:\program files (x86)\iTunes
2015-05-03 14:16 . 2015-05-03 14:16	--------	d-----w-	c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-03 14:16 . 2015-05-03 14:16	--------	d-----w-	c:\program files\iTunes
2015-05-03 14:16 . 2015-05-03 14:16	--------	d-----w-	c:\programdata\Apple Computer
2015-05-03 13:06 . 2015-05-03 13:06	--------	d-----w-	c:\users\NAME\AppData\Local\Apple
2015-05-03 13:06 . 2015-05-03 13:06	--------	d-----w-	c:\program files (x86)\Apple Software Update
2015-05-03 13:04 . 2015-05-06 08:40	--------	d-----w-	c:\program files\Common Files\Apple
2015-05-03 13:04 . 2015-05-03 13:04	--------	d-----w-	c:\program files\Bonjour
2015-05-03 13:04 . 2015-05-03 13:04	--------	d-----w-	c:\program files (x86)\Bonjour
2015-05-03 13:03 . 2015-05-06 08:40	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2015-05-03 13:03 . 2015-05-03 14:17	--------	d-----w-	c:\programdata\Apple
2015-05-03 07:55 . 2015-05-17 22:43	--------	d-----w-	c:\windows\system32\MRT
2015-05-02 09:28 . 2014-11-24 21:09	20872	----a-w-	c:\windows\SysWow64\drivers\DrvAgent64.SYS
2015-05-02 06:15 . 2015-02-24 02:17	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-05-01 08:24 . 2015-05-01 08:24	--------	d-----w-	c:\users\NAME\AppData\Roaming\AVAST Software
2015-05-01 08:22 . 2015-05-01 08:22	137288	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-05-01 08:22 . 2015-05-01 08:22	272248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-05-01 08:22 . 2015-05-01 08:22	93528	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-05-01 08:22 . 2015-05-01 08:22	89944	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-05-01 08:22 . 2015-05-01 08:22	65736	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-05-01 08:22 . 2015-05-01 08:22	442264	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-05-01 08:22 . 2015-05-01 08:22	29168	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-05-01 08:22 . 2015-05-01 08:22	1047320	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-05-01 08:22 . 2015-05-01 08:22	364472	----a-w-	c:\windows\system32\aswBoot.exe
2015-05-01 08:22 . 2015-05-01 08:22	43112	----a-w-	c:\windows\avastSS.scr
2015-05-01 08:20 . 2015-05-01 08:20	--------	d-----w-	c:\program files\AVAST Software
2015-05-01 08:19 . 2015-05-01 08:19	--------	d-----w-	c:\programdata\AVAST Software
2015-05-01 07:55 . 2015-05-01 07:55	--------	d-----w-	c:\users\NAME\AppData\Local\Installer
2015-05-01 07:55 . 2015-05-01 07:55	--------	d-----w-	c:\users\NAME\AppData\Local\CrashRpt
2015-04-29 22:46 . 2015-05-01 08:26	--------	d-----w-	c:\users\NAME\AppData\Roaming\jellylam
2015-04-28 19:26 . 2015-04-28 19:26	--------	d-----w-	c:\users\NAME\AppData\Local\ElevatedDiagnostics
2015-04-27 16:55 . 2015-04-27 16:55	--------	d-----w-	c:\windows\SysWow64\Flash
2015-04-27 16:38 . 2015-04-27 16:38	--------	d-----w-	c:\users\NAME\AppData\Local\Programs
2015-04-27 16:25 . 2015-05-17 09:11	--------	d-----w-	c:\users\NAME\AppData\Roaming\2A7D22F4-1430151929-11DF-AC85-7F8E9ACCAD4E
2015-04-27 16:25 . 2015-04-27 16:25	--------	d-----w-	c:\users\NAME\AppData\Local\Opera Software
2015-04-27 16:25 . 2015-04-27 16:25	--------	d-----w-	c:\users\NAME\AppData\Roaming\Opera Software
2015-04-27 16:24 . 2015-05-01 08:26	--------	d-----w-	c:\programdata\8a1ad0e032bd458e9dd0923cb1927c1e
2015-04-27 16:24 . 2015-04-27 16:24	--------	d-----w-	c:\programdata\69ae6312743247e0afc15073a8e79ffb
2015-04-27 16:24 . 2015-05-01 08:26	--------	d-----w-	c:\users\NAME\AppData\Roaming\Winsta
2015-04-27 16:24 . 2015-05-01 09:01	--------	d-----w-	c:\users\NAME\AppData\Roaming\PDFConvert
2015-04-27 16:23 . 2015-04-28 06:58	--------	d-----w-	c:\program files (x86)\Opera
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-27 19:04 . 2015-05-17 20:41	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-25 03:24 . 2015-04-15 06:57	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 06:57	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 06:57	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 06:57	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 06:57	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 06:57	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 06:57	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 06:57	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 06:57	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 06:57	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 06:57	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 06:57	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 06:57	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 06:57	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 06:57	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 06:57	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 06:57	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 06:57	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 06:57	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 06:57	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 06:57	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 06:57	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 06:57	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 06:57	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-10 07:13 . 2015-03-10 07:13	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2015-03-10 07:13 . 2015-03-10 07:13	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2015-03-10 07:13 . 2015-03-10 07:13	235008	----a-w-	c:\windows\system32\elshyph.dll
2015-03-10 07:13 . 2015-03-10 07:13	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-03-10 07:13 . 2015-03-10 07:13	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2015-03-10 07:13 . 2015-03-10 07:13	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2015-03-10 07:13 . 2015-03-10 07:13	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2015-03-10 07:13 . 2015-03-10 07:13	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2015-03-10 07:13 . 2015-03-10 07:13	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2015-03-10 07:13 . 2015-03-10 07:13	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2015-03-10 07:13 . 2015-03-10 07:13	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2015-03-10 07:13 . 2015-03-10 07:13	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2015-03-10 07:13 . 2015-03-10 07:13	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2015-03-10 07:13 . 2015-03-10 07:13	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2015-03-10 07:13 . 2015-03-10 07:13	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2015-03-10 07:13 . 2015-03-10 07:13	942592	----a-w-	c:\windows\system32\jsIntl.dll
2015-03-10 07:13 . 2015-03-10 07:13	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2015-03-10 07:13 . 2015-03-10 07:13	247808	----a-w-	c:\windows\system32\msls31.dll
2015-03-10 07:13 . 2015-03-10 07:13	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2015-03-10 07:13 . 2015-03-10 07:13	77312	----a-w-	c:\windows\system32\tdc.ocx
2015-03-10 07:13 . 2015-03-10 07:13	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2015-03-10 07:13 . 2015-03-10 07:13	48640	----a-w-	c:\windows\system32\mshtmler.dll
2015-03-10 07:13 . 2015-03-10 07:13	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2015-03-10 07:13 . 2015-03-10 07:13	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2015-03-10 07:13 . 2015-03-10 07:13	105984	----a-w-	c:\windows\system32\iesysprep.dll
2015-03-10 07:13 . 2015-03-10 07:13	81408	----a-w-	c:\windows\system32\icardie.dll
2015-03-10 07:13 . 2015-03-10 07:13	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2015-03-10 07:13 . 2015-03-10 07:13	235520	----a-w-	c:\windows\system32\url.dll
2015-03-10 07:13 . 2015-03-10 07:13	62464	----a-w-	c:\windows\system32\pngfilt.dll
2015-03-10 07:13 . 2015-03-10 07:13	48128	----a-w-	c:\windows\system32\imgutil.dll
2015-03-10 07:13 . 2015-03-10 07:13	30208	----a-w-	c:\windows\system32\licmgr10.dll
2015-03-10 07:13 . 2015-03-10 07:13	243200	----a-w-	c:\windows\system32\webcheck.dll
2015-03-10 07:13 . 2015-03-10 07:13	167424	----a-w-	c:\windows\system32\iexpress.exe
2015-03-10 07:13 . 2015-03-10 07:13	147968	----a-w-	c:\windows\system32\occache.dll
2015-03-10 07:13 . 2015-03-10 07:13	143872	----a-w-	c:\windows\system32\wextract.exe
2015-03-10 07:13 . 2015-03-10 07:13	13824	----a-w-	c:\windows\system32\mshta.exe
2015-03-10 07:13 . 2015-03-10 07:13	135680	----a-w-	c:\windows\system32\iepeers.dll
2015-03-10 07:13 . 2015-03-10 07:13	101376	----a-w-	c:\windows\system32\inseng.dll
2015-03-10 03:25 . 2015-04-15 06:56	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 06:56	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 06:56	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 06:56	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-03-09 15:06 . 2015-03-09 15:06	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2015-03-09 15:06 . 2015-03-09 15:06	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2015-03-09 15:06 . 2015-03-09 15:06	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-03-09 15:06 . 2015-03-09 15:06	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2015-03-09 15:06 . 2015-03-09 15:06	363008	----a-w-	c:\windows\system32\dxgi.dll
2015-03-09 15:06 . 2015-03-09 15:06	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2015-03-09 15:06 . 2015-03-09 15:06	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2015-03-09 15:06 . 2015-03-09 15:06	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2015-03-09 15:06 . 2015-03-09 15:06	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2015-03-09 15:06 . 2015-03-09 15:06	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2015-03-09 15:06 . 2015-03-09 15:06	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2015-03-09 15:06 . 2015-03-09 15:06	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2015-03-09 15:06 . 2015-03-09 15:06	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2015-03-09 15:06 . 2015-03-09 15:06	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2015-03-09 15:06 . 2015-03-09 15:06	296960	----a-w-	c:\windows\system32\d3d10core.dll
2015-03-09 15:06 . 2015-03-09 15:06	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files (x86)\AnyPC Client\APLangApp.exe" [2009-10-20 13312]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-17 5515496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 cpuz134;cpuz134;c:\users\NAME\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\NAME\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-17 07:36	988488	----a-w-	c:\program files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-04 07:35]
.
2015-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-04 07:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-01 08:22	722400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 16407656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mSearch Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
mDefault_Page_URL = hxxp://www.google.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-20  18:29:16
ComboFix-quarantined-files.txt  2015-05-20 16:29
.
Vor Suchlauf: 11 Verzeichnis(se), 260.686.163.968 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 261.412.446.208 Bytes frei
.
- - End Of File - - D06D823DE8DDFEC576C8FEA26F5A997C
         

Alt 20.05.2015, 18:26   #8
M-K-D-B
/// TB-Ausbilder
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 20.05.2015, 22:48   #9
Kasandra
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)



Code:
ATTFilter
# AdwCleaner v4.204 - Bericht erstellt 20/05/2015 um 21:37:37
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : NAME - NAME-PC
# Gestarted von : C:\Users\NAME\Desktop\AdwCleaner_4.204.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Google Chrome v42.0.2311.152

[C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www-searching.com/search.aspx?site=chremote&pid=s&shr=d&s=F51ztutdk0003,99791f2f-436f-4894-b1be-fb961f92d4aa,&q={searchTerms}

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [924 Bytes] - [20/05/2015 21:37:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [982 Bytes] ##########
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.05.2015
Suchlauf-Zeit: 23:00:01
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.20.05
Rootkit Datenbank: v2015.05.16.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: NAME

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgebrochen
Durchsuchte Objekte: 0
(Keine schädliche Elemente gefunden)
Verstrichene Zeit: 0 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.5 (05.20.2015:1)
OS: Windows 7 Home Premium x64
Ran by NAME on 20.05.2015 at 23:28:11,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.05.2015 at 23:31:45,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
[CODEFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by NAME at 2015-05-20 23:40:17
Running from C:\Users\NAME\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3322448490-314981258-3538992574-500 - Administrator - Disabled)
Gast (S-1-5-21-3322448490-314981258-3538992574-501 - Limited - Disabled)
NAME (S-1-5-21-3322448490-314981258-3538992574-1001 - Administrator - Enabled) => C:\Users\NAME
HomeGroupUser$ (S-1-5-21-3322448490-314981258-3538992574-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AnyPC Client (HKLM-x32\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.23 - Doctorsoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
BatteryLifeExtender (HKLM-x32\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.41 - Samsung)
Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM-x32\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.206 - McAfee, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-05-2015 14:08:10 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-20 18:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01B3D1E1-F657-4E81-867A-16FD5F494970} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {01B8ADB4-248B-4798-BF1E-2D56A5EDA83B} - System32\Tasks\APSchedulerC => C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe [2009-10-20] (DoctorSoft)
Task: {031780A1-A51C-4DA2-8E54-3CECC0706A7E} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {28ACB30E-A847-4E15-A67F-DA1B35F6A38D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3322448490-314981258-3538992574-1001
Task: {30E32EEE-EDD6-4638-AD26-F332E4BB5A67} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {3FDECC49-44E8-44D9-8445-52133D8C528F} - System32\Tasks\avastBCLRestartS-1-5-21-3322448490-314981258-3538992574-1001 => Chrome.exe 
Task: {6692E917-223F-4293-81BC-E133696F2111} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-10-07] (SEC)
Task: {6883BD0A-AED7-4D86-8845-E5AF2957517A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-04] (Google Inc.)
Task: {73F02508-5C8E-4BD6-BF44-E123243B084C} - \EasySpeedUpManager No Task File <==== ATTENTION
Task: {898ED0F6-303E-44DA-9093-36FBE7FAF0D8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {8F4CAFB5-A3FE-47BC-9066-397859A9ACCF} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {9D8B0ACB-56E3-4A25-9895-0A6B6D6CFC2E} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {9E496484-1215-4EAE-8435-ADF72B705743} - System32\Tasks\{758E9634-3C1E-47D3-81DF-495F72B94F5E} => pcalua.exe -a C:\Users\NAME\AppData\Roaming\luckysearches\UninstallManager.exe -c  -ptid=cmi
Task: {A1727EC6-EDCB-4560-87A7-EC49EFA537BE} - System32\Tasks\{D1A9DA31-EE25-4F9E-B14A-B80EBE196C87} => pcalua.exe -a C:\Users\NAME\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=cmi
Task: {B05B30E4-B963-49EE-A44A-EDD7D864A398} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {CBB9A4E2-AE7F-4D27-BF3C-CED0AD0AE498} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-04] (Google Inc.)
Task: {D8579408-D95A-40D0-9DEA-326DF25B90B8} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {FF241637-A579-4205-B881-F94B92877445} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-20 08:01 - 2015-02-20 08:01 - 00022528 _____ () C:\Windows\System32\us001lm.dll
2015-05-01 10:22 - 2015-05-01 10:22 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-01 10:22 - 2015-05-01 10:22 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-20 17:19 - 2015-05-20 17:19 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15052000\algo.dll
2015-05-01 10:22 - 2015-05-01 10:22 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-10 19:07 - 2013-07-10 19:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-05-17 09:59 - 2015-05-05 06:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-17 09:59 - 2015-05-05 06:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-05-17 09:59 - 2015-05-05 06:06 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3322448490-314981258-3538992574-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{46A5C8BE-819C-4EC5-BAC6-59457121FB46}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{0DE907FE-1D4B-4A73-8014-9FEBA20F0B01}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{25E6A57C-38CD-414E-AAB5-2D93A2E7B902}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{A3E55C8D-F260-4AC7-815C-C39CB809EFCA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5FE27080-4047-4082-833F-7B36F0193119}] => (Allow) svchost.exe
FirewallRules: [{82A8B5F4-D027-4EB7-A749-E1F2A794B4B8}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{FC147D5D-5515-44D6-9FD0-A11FD16B1AD2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04751780-22CC-4D60-9C93-56B7D955C90C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCCFDAC5-2058-4F12-9038-4C06293BB663}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AACC3901-C074-40D7-BA4C-B21BFC67555B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{61FB8DAE-442D-46AD-8F43-98E07E577E87}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EA68CF91-EA64-45A1-84D6-1B37AD67759D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 06:50:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NAME-PC.local already in use; will try NAME-PC-2.local instead

Error: (05/20/2015 06:50:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 NAME-PC.local. Addr 192.168.178.27

Error: (05/20/2015 06:50:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353    4 Name-PC.local. Addr 192.168.178.22

Error: (05/20/2015 04:04:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NAME-PC.local already in use; will try NAME-PC-2.local instead

Error: (05/20/2015 04:04:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 NAME-PC.local. Addr 192.168.178.27

Error: (05/20/2015 04:04:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353    4 Name-PC.local. Addr 192.168.178.22

Error: (05/20/2015 04:04:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NAME-PC.local already in use; will try NAME-PC-2.local instead

Error: (05/20/2015 04:04:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 NAME-PC.local. Addr 192.168.178.27

Error: (05/20/2015 04:04:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.22:5353    4 Name-PC.local. Addr 192.168.178.22

Error: (05/20/2015 04:04:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1656840


System errors:
=============
Error: (05/20/2015 11:28:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 11:28:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 11:28:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/20/2015 11:28:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 11:28:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 11:28:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Rezip" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 11:28:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McAfee SiteAdvisor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 11:28:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/20/2015 11:28:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2015 11:28:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-20 18:25:48.670
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-20 18:25:48.584
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 3949.63 MB
Available physical RAM: 2399.01 MB
Total Pagefile: 7897.46 MB
Available Pagefile: 6218.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:347.01 GB) (Free:243.26 GB) NTFS
Drive d: () (Fixed) (Total:103.65 GB) (Free:91.59 GB) NTFS
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:175.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 250885B1)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0004A9A0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
][/CODE]


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by NAME (administrator) on NAME-PC on 20-05-2015 23:39:29
Running from C:\Users\NAME\Desktop
Loaded Profiles: NAME (Available profiles: NAME)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] => C:\Program Files (x86)\AnyPC Client\APLangApp.exe [13312 2009-10-20] (DoctorSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-17] (Avast Software s.r.o.)
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-03-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {07A8D34C-AAC5-4365-AE17-2006B9692B2A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE532D20091215&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {A7DD207A-40C4-4935-8536-BCABE2857E89} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-06] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-01] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg64.dll [2015-03-07] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2009-12-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-01]

Chrome: 
=======
CHR Profile: C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-28]
CHR Extension: (Google Wallet) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-28]
CHR Extension: (Google Quick Scroll) - C:\Users\NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-04-30]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-21]
CHR HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]

Opera: 
=======
OPR Extension: (Browser Good) - C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn [2015-04-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-04-10] (McAfee, Inc.)
S2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\NAME\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 23:39 - 2015-05-20 23:39 - 00017577 _____ () C:\Users\NAME\Desktop\FRST.txt
2015-05-20 23:38 - 2015-05-20 23:38 - 02107904 _____ (Farbar) C:\Users\NAME\Desktop\FRST64.exe
2015-05-20 23:31 - 2015-05-20 23:31 - 00000603 _____ () C:\Users\NAME\Desktop\JRT.txt
2015-05-20 23:27 - 2015-05-20 23:27 - 02720149 _____ (Thisisu) C:\Users\NAME\Desktop\JRT.exe
2015-05-20 23:21 - 2015-05-20 23:21 - 00001242 _____ () C:\Users\NAME\Desktop\mbam.txt
2015-05-20 23:19 - 2015-05-20 23:19 - 00010860 _____ () C:\malware 2.txt
2015-05-20 23:18 - 2015-05-20 23:18 - 00001255 _____ () C:\antimalware.txt 1.txt
2015-05-20 21:49 - 2015-05-20 23:00 - 18325417 _____ (Malwarebytes Corporation ) C:\Users\NAME\Downloads\Nicht bestätigt 581030.crdownload
2015-05-20 21:49 - 2015-05-20 21:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\NAME\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-20 21:37 - 2015-05-20 21:38 - 00000000 ____D () C:\AdwCleaner
2015-05-20 21:24 - 2015-05-20 21:24 - 02209792 _____ () C:\Users\NAME\Desktop\AdwCleaner_4.204.exe
2015-05-20 18:29 - 2015-05-20 18:29 - 00029293 _____ () C:\ComboFix.txt
2015-05-20 18:15 - 2015-05-20 18:29 - 00000000 ____D () C:\Qoobox
2015-05-20 18:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-20 18:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-20 18:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-20 18:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-20 18:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-20 18:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-20 18:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-20 18:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-20 18:14 - 2015-05-20 18:28 - 00000000 ____D () C:\Windows\erdnt
2015-05-20 17:54 - 2015-05-20 17:55 - 05627500 ____R (Swearware) C:\Users\NAME\Downloads\ComboFix.exe
2015-05-20 17:54 - 2015-05-20 17:55 - 05627500 _____ (Swearware) C:\Users\NAME\Downloads\ComboFix (1).exe
2015-05-20 09:28 - 2015-05-20 09:29 - 01223176 _____ () C:\Users\NAME\Downloads\setup.exe
2015-05-19 22:39 - 2015-05-19 22:39 - 00000000 ____D () C:\Users\NAME\Desktop\ay
2015-05-19 21:24 - 2015-05-19 21:24 - 00027738 _____ () C:\Users\NAME\Downloads\Addition.txt
2015-05-19 21:23 - 2015-05-19 21:24 - 00062678 _____ () C:\Users\NAME\Downloads\FRST.txt
2015-05-19 21:22 - 2015-05-20 23:39 - 00000000 ____D () C:\FRST
2015-05-19 21:19 - 2015-05-19 21:20 - 02107904 _____ (Farbar) C:\Users\NAME\Downloads\FRST64.exe
2015-05-19 10:11 - 2015-05-19 10:12 - 02347384 _____ (ESET) C:\Users\NAME\Downloads\esetsmartinstaller_deu.exe
2015-05-19 08:52 - 2015-05-19 08:52 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NAME-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-19 08:52 - 2015-05-19 08:52 - 00000000 ____D () C:\RegBackup
2015-05-19 08:51 - 2015-05-19 08:52 - 02720186 _____ (Thisisu) C:\Users\NAME\Downloads\JRT.exe
2015-05-19 08:44 - 2015-05-19 08:45 - 00010440 _____ () C:\Users\NAME\Documents\adwcleanerergebnis.txt
2015-05-19 08:15 - 2015-05-19 08:15 - 00004622 _____ () C:\antimalware.txt
2015-05-18 14:14 - 2015-05-20 23:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 14:14 - 2015-05-20 23:13 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-18 14:14 - 2015-05-20 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-18 14:14 - 2015-05-20 23:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-18 14:14 - 2015-05-18 14:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-18 14:14 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 14:14 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 14:14 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 14:11 - 2015-05-18 14:11 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\NAME\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-18 14:08 - 2015-05-18 14:08 - 04798152 _____ (WinZip International LLC ) C:\Users\NAME\Downloads\wzmp_10.exe
2015-05-18 00:32 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 00:32 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 22:43 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-17 22:43 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-17 22:43 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-17 22:43 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-17 22:42 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-17 22:42 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-17 22:42 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-17 22:42 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-17 22:42 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-17 22:42 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-17 22:42 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-17 22:42 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-17 22:42 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-17 22:42 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-17 22:42 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-17 22:42 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-17 22:42 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-17 22:42 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-17 22:42 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-17 22:42 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-17 22:42 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-17 22:42 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-17 22:42 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-17 22:42 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-17 22:42 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-17 22:42 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-17 22:42 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-17 22:42 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-17 22:42 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-17 22:42 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-17 22:42 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-17 22:42 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-17 22:42 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-17 22:42 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-17 22:42 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-17 22:42 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-17 22:42 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-17 22:42 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-17 22:42 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-17 22:42 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-17 22:42 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-17 22:42 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-17 22:42 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-17 22:42 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-17 22:42 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-17 22:42 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-17 22:42 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-17 22:42 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-17 22:42 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-17 22:42 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-17 22:42 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-17 22:42 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-17 22:42 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-17 22:42 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-17 22:42 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-17 22:42 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-17 22:42 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-17 22:42 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-17 22:42 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-17 22:42 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-17 22:42 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-17 22:42 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-17 22:42 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-17 22:42 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-17 22:41 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-17 22:41 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-17 22:41 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-17 22:41 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-17 22:41 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-17 22:41 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-17 22:41 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-17 22:41 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-17 22:41 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-17 22:41 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-17 22:41 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-17 22:41 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-17 22:41 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-17 22:41 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-17 22:41 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-17 22:41 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-17 22:41 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-17 22:41 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-17 22:41 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-17 22:41 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-17 22:41 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-17 22:41 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-17 22:41 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-17 22:41 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-17 22:41 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-17 22:41 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-17 22:41 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-17 22:41 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-17 22:41 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-17 22:41 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-17 22:41 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-17 22:41 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-17 22:41 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-17 22:41 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-17 22:40 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-17 22:40 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-17 22:40 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-17 22:40 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-17 22:40 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-17 22:40 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-17 22:40 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-17 22:40 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-17 22:40 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-17 22:40 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-17 22:39 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-17 22:39 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-17 22:39 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-17 22:39 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-17 22:39 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-17 22:39 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-17 22:39 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-17 22:39 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-06 23:33 - 2015-05-06 23:33 - 00036953 _____ () C:\Users\NAME\Downloads\Outlook.com.zip
2015-05-06 10:41 - 2015-05-06 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-05-06 10:38 - 2015-05-06 10:39 - 71647536 _____ (Apple Inc.) C:\Users\NAME\Downloads\icloudsetup.exe
2015-05-03 16:17 - 2015-05-06 22:12 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\Apple Computer
2015-05-03 16:17 - 2015-05-03 16:17 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-03 16:17 - 2015-05-03 16:17 - 00000000 ____D () C:\Users\NAME\AppData\Local\Apple Computer
2015-05-03 16:17 - 2015-05-03 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-03 16:16 - 2015-05-03 16:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-03 16:16 - 2015-05-03 16:16 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-03 16:16 - 2015-05-03 16:16 - 00000000 ____D () C:\Program Files\iTunes
2015-05-03 16:16 - 2015-05-03 16:16 - 00000000 ____D () C:\Program Files\iPod
2015-05-03 16:16 - 2015-05-03 16:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-03 16:16 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-05-03 15:06 - 2015-05-03 15:06 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-03 15:06 - 2015-05-03 15:06 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-03 15:06 - 2015-05-03 15:06 - 00000000 ____D () C:\Users\NAME\AppData\Local\Apple
2015-05-03 15:06 - 2015-05-03 15:06 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-03 15:04 - 2015-05-06 10:40 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-03 15:04 - 2015-05-03 15:04 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-03 15:04 - 2015-05-03 15:04 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-05-03 15:03 - 2015-05-03 16:17 - 00000000 ____D () C:\ProgramData\Apple
2015-05-03 14:58 - 2015-05-03 15:00 - 152362800 _____ (Apple Inc.) C:\Users\NAME\Downloads\iTunes6464Setup.exe
2015-05-03 10:03 - 2015-05-03 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-05-03 09:55 - 2015-05-18 00:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-03 09:55 - 2015-05-18 00:33 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-02 11:28 - 2014-11-24 23:09 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2015-05-02 08:15 - 2015-02-24 04:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-02 01:04 - 2015-05-02 18:42 - 00003288 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3322448490-314981258-3538992574-1001
2015-05-01 10:24 - 2015-05-01 10:24 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\AVAST Software
2015-05-01 10:23 - 2015-05-04 12:48 - 00000000 ____D () C:\Windows\System32\Tasks\AVAST Software
2015-05-01 10:23 - 2015-05-01 10:23 - 00001922 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-01 10:23 - 2015-05-01 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-01 10:22 - 2015-05-19 08:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-01 10:22 - 2015-05-01 10:22 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-01 10:22 - 2015-05-01 10:22 - 00356280 _____ (Dropbox, Inc.) C:\Users\Public\Desktop\DropboxInstallerAvast.exe
2015-05-01 10:22 - 2015-05-01 10:22 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-01 10:22 - 2015-05-01 10:22 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-01 10:22 - 2015-05-01 10:22 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-01 10:20 - 2015-05-01 10:20 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-01 10:19 - 2015-05-01 10:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-01 10:18 - 2015-05-01 10:19 - 05481344 _____ (Avast Software s.r.o.) C:\Users\NAME\Downloads\avast_free_antivirus_setup_online_cbild.exe
2015-05-01 09:55 - 2015-05-01 09:55 - 00000000 ____D () C:\Users\NAME\AppData\Local\CrashRpt
2015-04-30 10:29 - 2015-04-30 10:29 - 00003164 _____ () C:\Windows\System32\Tasks\{D1A9DA31-EE25-4F9E-B14A-B80EBE196C87}
2015-04-30 00:46 - 2015-05-01 10:26 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\jellylam
2015-04-29 11:01 - 2015-04-29 11:01 - 00001219 _____ () C:\Users\NAME\Downloads\setup.website
2015-04-29 10:24 - 2015-04-29 10:24 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\Mozilla
2015-04-28 21:20 - 2015-04-28 21:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-04-28 13:47 - 2015-05-19 08:39 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-28 13:34 - 2015-04-28 13:34 - 00291976 _____ () C:\Windows\Minidump\042815-57845-01.dmp
2015-04-28 11:54 - 2015-04-28 11:54 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-28 09:53 - 2015-04-28 09:53 - 00003170 _____ () C:\Windows\System32\Tasks\{758E9634-3C1E-47D3-81DF-495F72B94F5E}
2015-04-27 19:44 - 2015-04-28 08:44 - 00000069 _____ () C:\Users\NAME\AppData\Roaming\WB.CFG
2015-04-27 18:55 - 2015-04-27 18:55 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-04-27 18:25 - 2015-05-17 11:11 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\2A7D22F4-1430151929-11DF-AC85-7F8E9ACCAD4E
2015-04-27 18:25 - 2015-04-27 18:25 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\Opera Software
2015-04-27 18:25 - 2015-04-27 18:25 - 00000000 ____D () C:\Users\NAME\AppData\Local\Opera Software
2015-04-27 18:24 - 2015-05-01 11:01 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\PDFConvert
2015-04-27 18:24 - 2015-05-01 10:26 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\Winsta
2015-04-27 18:24 - 2015-05-01 10:26 - 00000000 ____D () C:\ProgramData\8a1ad0e032bd458e9dd0923cb1927c1e
2015-04-27 18:24 - 2015-04-27 18:24 - 00000000 ____D () C:\ProgramData\69ae6312743247e0afc15073a8e79ffb
2015-04-27 18:23 - 2015-04-28 08:58 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-27 18:23 - 2015-04-27 18:23 - 00001706 _____ () C:\Users\NAME\Desktop\Continue Adobe Flash Player.lnk
2015-04-24 11:30 - 2015-04-24 11:30 - 05733212 _____ () C:\Users\NAME\Downloads\Schnorcheltipps.......zip
2015-04-24 10:08 - 2015-04-25 23:51 - 00000000 ____D () C:\Users\NAME\Documents\Müllkalender

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 23:34 - 2015-03-04 09:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 23:10 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 23:10 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 23:07 - 2009-12-15 09:20 - 01083913 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 23:03 - 2015-03-04 09:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 23:02 - 2010-03-04 14:54 - 00000000 ____D () C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-05-20 23:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 23:02 - 2009-07-14 06:51 - 00046915 _____ () C:\Windows\setupact.log
2015-05-20 18:37 - 2009-12-16 02:29 - 00705800 _____ () C:\Windows\PFRO.log
2015-05-20 18:29 - 2015-03-14 15:56 - 00000000 ____D () C:\Users\Emel
2015-05-20 18:26 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-19 23:24 - 2015-04-05 10:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-19 23:24 - 2015-04-05 10:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 09:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-19 08:39 - 2015-03-04 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-19 08:39 - 2010-03-04 15:16 - 00001001 _____ () C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-18 09:51 - 2009-12-15 23:59 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2015-05-18 09:51 - 2009-12-15 23:59 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2015-05-18 09:51 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 09:44 - 2009-07-14 06:45 - 00348664 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 09:40 - 2009-12-15 23:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-18 09:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-18 09:39 - 2015-03-25 01:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-18 09:39 - 2015-03-25 01:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 00:43 - 2010-03-04 15:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-18 00:32 - 2015-03-25 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-17 09:29 - 2015-03-04 09:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 09:29 - 2015-03-04 09:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-03 10:02 - 2010-03-04 15:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-05-02 07:58 - 2009-12-15 09:34 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-02 07:58 - 2009-12-15 09:34 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-01 11:01 - 2015-04-19 14:20 - 00000626 _____ () C:\Users\NAME\AppData\Roaming\dmYnp2Y6h
2015-05-01 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-28 13:34 - 2015-03-04 09:26 - 00000000 ____D () C:\Windows\Minidump
2015-04-28 13:33 - 2015-03-04 09:26 - 440823047 _____ () C:\Windows\MEMORY.DMP
2015-04-28 12:07 - 2009-12-15 09:50 - 00000000 ____D () C:\Program Files (x86)\AnyPC Client
2015-04-27 18:50 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-27 18:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-27 18:24 - 2010-03-04 14:59 - 00000000 ____D () C:\Users\NAME\AppData\Local\Adobe
2015-04-26 09:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

==================== Files in the root of some directories =======

2015-04-19 14:20 - 2015-05-01 11:01 - 0000626 _____ () C:\Users\NAME\AppData\Roaming\dmYnp2Y6h
2015-04-27 19:44 - 2015-04-28 08:44 - 0000069 _____ () C:\Users\NAME\AppData\Roaming\WB.CFG
2009-12-15 09:29 - 2009-12-15 09:29 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-12-15 09:27 - 2009-12-15 09:28 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2009-12-15 09:24 - 2009-12-15 09:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-12-15 09:28 - 2009-12-15 09:29 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2009-12-15 09:24 - 2009-12-15 09:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-12-15 09:25 - 2009-12-15 09:27 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-17 08:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 21.05.2015, 16:59   #10
M-K-D-B
/// TB-Ausbilder
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {07A8D34C-AAC5-4365-AE17-2006B9692B2A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE532D20091215&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {A7DD207A-40C4-4935-8536-BCABE2857E89} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
OPR Extension: (Browser Good) - C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn [2015-04-27]
C:\Users\NAME\Desktop\Continue Adobe Flash Player.lnk
C:\Users\NAME\AppData\Roaming\dmYnp2Y6h
Task: {28ACB30E-A847-4E15-A67F-DA1B35F6A38D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3322448490-314981258-3538992574-1001
Task: {73F02508-5C8E-4BD6-BF44-E123243B084C} - \EasySpeedUpManager No Task File <==== ATTENTION
C:\Users\Name\Downloads\*.exe
Task: {9E496484-1215-4EAE-8435-ADF72B705743} - System32\Tasks\{758E9634-3C1E-47D3-81DF-495F72B94F5E} => pcalua.exe -a C:\Users\NAME\AppData\Roaming\luckysearches\UninstallManager.exe -c  -ptid=cmi
Task: {A1727EC6-EDCB-4560-87A7-EC49EFA537BE} - System32\Tasks\{D1A9DA31-EE25-4F9E-B14A-B80EBE196C87} => pcalua.exe -a C:\Users\NAME\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=cmi
Folder: C:\ProgramData\69ae6312743247e0afc15073a8e79ffb
Folder: C:\ProgramData\8a1ad0e032bd458e9dd0923cb1927c1e
Folder: C:\Program Files\Common Files\System
RemoveProxy:
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 22.05.2015, 00:30   #11
Kasandra
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

Fixlog.txt.



Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by NAME at 2015-05-21 22:48:58 Run:1
Running from C:\Users\NAME\Desktop
Loaded Profiles: NAME (Available profiles: NAME)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {07A8D34C-AAC5-4365-AE17-2006B9692B2A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE532D20091215&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {A7DD207A-40C4-4935-8536-BCABE2857E89} URL = 
SearchScopes: HKU\S-1-5-21-3322448490-314981258-3538992574-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
OPR Extension: (Browser Good) - C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn [2015-04-27]
C:\Users\NAME\Desktop\Continue Adobe Flash Player.lnk
C:\Users\NAME\AppData\Roaming\dmYnp2Y6h
Task: {28ACB30E-A847-4E15-A67F-DA1B35F6A38D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3322448490-314981258-3538992574-1001
Task: {73F02508-5C8E-4BD6-BF44-E123243B084C} - \EasySpeedUpManager No Task File <==== ATTENTION
C:\Users\Name\Downloads\*.exe
Task: {9E496484-1215-4EAE-8435-ADF72B705743} - System32\Tasks\{758E9634-3C1E-47D3-81DF-495F72B94F5E} => pcalua.exe -a C:\Users\NAME\AppData\Roaming\luckysearches\UninstallManager.exe -c  -ptid=cmi
Task: {A1727EC6-EDCB-4560-87A7-EC49EFA537BE} - System32\Tasks\{D1A9DA31-EE25-4F9E-B14A-B80EBE196C87} => pcalua.exe -a C:\Users\NAME\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=cmi
Folder: C:\ProgramData\69ae6312743247e0afc15073a8e79ffb
Folder: C:\ProgramData\8a1ad0e032bd458e9dd0923cb1927c1e
Folder: C:\Program Files\Common Files\System
RemoveProxy:
EmptyTemp:
end
         
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key Deleted successfully.
"HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => value Deleted successfully.
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value Deleted successfully.
"HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => Key Deleted successfully.
"HKCR\Wow6432Node\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => Key Deleted successfully.
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key Deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key Deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key Deleted successfully.
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key Deleted successfully.
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
"HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07A8D34C-AAC5-4365-AE17-2006B9692B2A}" => Key Deleted successfully.
HKCR\CLSID\{07A8D34C-AAC5-4365-AE17-2006B9692B2A} => Key not found. 
"HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key Deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A7DD207A-40C4-4935-8536-BCABE2857E89}" => Key Deleted successfully.
HKCR\CLSID\{A7DD207A-40C4-4935-8536-BCABE2857E89} => Key not found. 
"HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key Deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key Deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn directory not found.
"C:\Users\NAME\Desktop\Continue Adobe Flash Player.lnk" => File/Directory not found.
"C:\Users\NAME\AppData\Roaming\dmYnp2Y6h" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{28ACB30E-A847-4E15-A67F-DA1B35F6A38D}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28ACB30E-A847-4E15-A67F-DA1B35F6A38D}" => Key Deleted successfully.
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3322448490-314981258-3538992574-1001 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3322448490-314981258-3538992574-1001" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73F02508-5C8E-4BD6-BF44-E123243B084C}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73F02508-5C8E-4BD6-BF44-E123243B084C}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasySpeedUpManager" => Key Deleted successfully.
"C:\Users\Name\Downloads\*.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E496484-1215-4EAE-8435-ADF72B705743}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E496484-1215-4EAE-8435-ADF72B705743}" => Key Deleted successfully.
C:\Windows\System32\Tasks\{758E9634-3C1E-47D3-81DF-495F72B94F5E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{758E9634-3C1E-47D3-81DF-495F72B94F5E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1727EC6-EDCB-4560-87A7-EC49EFA537BE}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1727EC6-EDCB-4560-87A7-EC49EFA537BE}" => Key Deleted successfully.
C:\Windows\System32\Tasks\{D1A9DA31-EE25-4F9E-B14A-B80EBE196C87} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D1A9DA31-EE25-4F9E-B14A-B80EBE196C87}" => Key Deleted successfully.

========================= Folder: C:\ProgramData\69ae6312743247e0afc15073a8e79ffb ========================

2015-04-27 18:24 - 2015-05-18 13:37 - 0008256 _____ () C:\ProgramData\69ae6312743247e0afc15073a8e79ffb\db67c91d2bd24419a7a46a4b1069e9bd

====== End of Folder: ======


========================= Folder: C:\ProgramData\8a1ad0e032bd458e9dd0923cb1927c1e ========================


====== End of Folder: ======


========================= Folder: C:\Program Files\Common Files\System ========================

2009-07-14 01:57 - 2009-07-14 03:40 - 0029184 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\DirectDB.dll
2015-03-08 20:33 - 2011-10-01 07:45 - 0886784 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\wab32.dll
2009-07-14 01:58 - 2009-07-14 03:33 - 1098752 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\wab32res.dll
2009-07-14 05:20 - 2015-03-09 17:43 - 0000000 ____D () C:\Program Files\Common Files\System\ado
2009-07-14 00:31 - 2009-07-13 22:50 - 0014610 _____ () C:\Program Files\Common Files\System\ado\adojavas.inc
2009-07-14 00:31 - 2009-07-13 22:50 - 0014951 _____ () C:\Program Files\Common Files\System\ado\adovbs.inc
2009-07-14 02:28 - 2009-07-14 03:29 - 0008192 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msader15.dll
2015-03-08 20:15 - 2012-06-06 08:05 - 1499136 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msado15.dll
2015-03-08 20:15 - 2012-06-06 06:37 - 0057344 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msado20.tlb
2015-03-08 20:15 - 2012-06-06 06:37 - 0057344 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msado21.tlb
2015-03-08 20:15 - 2012-06-06 06:37 - 0073728 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msado25.tlb
2015-03-08 20:15 - 2012-06-06 06:37 - 0073728 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msado26.tlb
2015-03-08 20:15 - 2012-06-06 06:37 - 0077824 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msado27.tlb
2015-03-08 20:15 - 2012-06-06 06:37 - 0073728 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msado28.tlb
2015-03-08 20:15 - 2012-06-06 06:37 - 0073728 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msado60.tlb
2015-03-08 20:15 - 2012-06-06 08:05 - 0466944 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msadomd.dll
2015-03-08 20:15 - 2012-06-06 06:37 - 0020480 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msadomd28.tlb
2015-03-08 20:15 - 2012-06-06 08:05 - 0061440 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msador15.dll
2015-03-08 20:15 - 2012-06-06 06:37 - 0040960 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msador28.tlb
2015-03-08 20:15 - 2012-06-06 08:05 - 0495616 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msadox.dll
2009-07-14 02:28 - 2009-07-14 02:28 - 0028672 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msadox28.tlb
2009-07-14 02:28 - 2009-07-14 03:41 - 0106496 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\msadrh15.dll
2009-12-15 23:59 - 2009-12-15 23:59 - 0000000 ____D () C:\Program Files\Common Files\System\ado\de-DE
2009-12-15 23:58 - 2009-12-15 23:58 - 0020480 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui
2009-12-15 23:59 - 2009-12-15 23:59 - 0000000 ____D () C:\Program Files\Common Files\System\de-DE
2009-12-15 23:58 - 2009-12-15 23:58 - 0103936 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui
2009-07-14 05:20 - 2015-03-09 17:43 - 0000000 ____D () C:\Program Files\Common Files\System\msadc
2009-07-14 00:31 - 2009-07-13 22:50 - 0000630 _____ () C:\Program Files\Common Files\System\msadc\adcjavas.inc
2009-07-14 00:31 - 2009-07-13 22:50 - 0000623 _____ () C:\Program Files\Common Files\System\msadc\adcvbs.inc
2009-06-10 22:36 - 2009-06-10 22:36 - 0000518 _____ () C:\Program Files\Common Files\System\msadc\handler.reg
2009-07-13 22:49 - 2009-06-10 22:36 - 0000588 _____ () C:\Program Files\Common Files\System\msadc\handsafe.reg
2015-03-07 22:05 - 2010-11-20 15:27 - 0749568 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msadce.dll
2009-07-14 02:28 - 2009-07-14 03:29 - 0008192 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msadcer.dll
2015-03-07 22:04 - 2010-11-20 15:27 - 0114688 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msadcf.dll
2009-07-14 02:28 - 2009-07-14 03:29 - 0008192 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msadcfr.dll
2015-03-08 20:15 - 2012-06-06 08:05 - 0258048 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msadco.dll
2009-07-14 02:28 - 2009-07-14 03:29 - 0008192 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msadcor.dll
2015-03-07 22:04 - 2010-11-20 15:27 - 0098304 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msadcs.dll
2009-07-14 02:28 - 2009-07-14 03:41 - 0303104 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msadds.dll
2009-07-14 02:28 - 2009-07-14 03:29 - 0008192 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msaddsr.dll
2009-07-14 02:28 - 2009-07-14 03:29 - 0008192 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msdaprsr.dll
2009-07-14 02:28 - 2009-07-14 03:41 - 0389120 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msdaprst.dll
2015-03-07 22:03 - 2010-11-20 15:27 - 0249856 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msdarem.dll
2009-07-14 02:28 - 2009-07-14 03:29 - 0008192 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msdaremr.dll
2015-03-07 22:03 - 2010-11-20 15:27 - 0057344 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\msdfmap.dll
2009-12-15 23:59 - 2009-12-15 23:59 - 0000000 ____D () C:\Program Files\Common Files\System\msadc\de-DE
2009-12-15 23:58 - 2009-12-15 23:58 - 0011776 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui
2009-12-15 23:58 - 2009-12-15 23:58 - 0006144 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui
2009-12-15 23:58 - 2009-12-15 23:58 - 0006656 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui
2009-12-15 23:58 - 2009-12-15 23:58 - 0016384 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui
2009-12-15 23:58 - 2009-12-15 23:58 - 0008704 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui
2009-12-15 23:58 - 2009-12-15 23:58 - 0006144 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui
2009-07-14 05:20 - 2015-03-10 09:50 - 0000000 ____D () C:\Program Files\Common Files\System\Ole DB
2015-03-08 20:33 - 2011-06-15 11:59 - 0126976 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2009-07-14 02:28 - 2009-07-14 03:41 - 0434176 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaps.dll
2015-03-07 22:03 - 2010-11-20 15:27 - 0745472 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdasql.dll
2009-07-14 02:28 - 2009-07-14 03:29 - 0061440 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll
2009-07-14 02:28 - 2009-07-14 03:41 - 0131072 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdatl3.dll
2009-07-14 02:28 - 2009-07-14 03:41 - 0036864 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msxactps.dll
2015-03-07 22:05 - 2010-11-20 15:27 - 1101824 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\oledb32.dll
2009-07-14 02:28 - 2009-07-14 03:31 - 0081920 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
2009-07-14 00:31 - 2009-07-14 00:31 - 0009804 _____ () C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc
2009-07-14 00:31 - 2009-07-14 00:31 - 0009975 _____ () C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc
2015-03-07 22:04 - 2010-11-20 15:27 - 1212416 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\sqloledb.dll
2009-07-14 02:28 - 2009-07-14 02:28 - 0016384 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\sqloledb.rll
2009-07-14 02:29 - 2009-07-14 03:41 - 0364544 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll
2009-07-14 02:28 - 2009-07-14 02:28 - 0008192 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll
2009-12-15 23:59 - 2009-12-15 23:59 - 0000000 ____D () C:\Program Files\Common Files\System\Ole DB\de-DE
2009-12-15 23:58 - 2009-12-15 23:58 - 0006144 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui
2009-12-15 23:58 - 2009-12-15 23:58 - 0057344 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui
2009-12-15 23:58 - 2009-12-15 23:58 - 0048640 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui
2009-12-15 23:58 - 2009-12-15 23:58 - 0020992 _____ (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui

====== End of Folder: ======


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Deleted successfully.
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Deleted successfully.
HKU\S-1-5-21-3322448490-314981258-3538992574-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 544.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 22:49:18 ====
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ad2c371ff8da9a4d9e3a9d91caeab567
# engine=23960
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-21 10:56:13
# local_time=2015-05-22 12:56:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 399075 1780615 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 90951 183878823 0 0
# scanned=191523
# found=26
# cleaned=0
# scan_time=6221
sh=66F59F946B116D84B2787EE2010CE6D1CC2635D9 ft=1 fh=fc91a06500238816 vn="Win32/DownloadAdmin.H evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name1\Downloads\hotspotshield-setup_540.exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name1\Downloads\HSS-3.42-install-hss-600-conduit (1).exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name1\Downloads\HSS-3.42-install-hss-600-conduit.exe"
sh=16714534232C63B22C439E8A69DD083E1EC2A846 ft=1 fh=40849a6985947c00 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name1\Downloads\HSS-3.42-install-hss-691-conduit.exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name1\Downloads\ReimageRepair (1).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name1\Downloads\ReimageRepair (2).exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\C Drive\Users\Name1\Downloads\ReimageRepair.exe"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\NAME\AppData\Local\nsb71E8.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\NAME\AppData\Local\nseFCC6.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\NAME\AppData\Local\nsn5EE3.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\NAME\AppData\Local\nsnA018.tmp.vir"
sh=66F59F946B116D84B2787EE2010CE6D1CC2635D9 ft=1 fh=fc91a06500238816 vn="Win32/DownloadAdmin.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name1\Downloads\hotspotshield-setup_540.exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name1\Downloads\HSS-3.42-install-hss-600-conduit (1).exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name1\Downloads\HSS-3.42-install-hss-600-conduit.exe"
sh=16714534232C63B22C439E8A69DD083E1EC2A846 ft=1 fh=40849a6985947c00 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name1\Downloads\HSS-3.42-install-hss-691-conduit.exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name1\Downloads\ReimageRepair (1).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name1\Downloads\ReimageRepair (2).exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Name1\Downloads\ReimageRepair.exe"
sh=0825A760BE993A9ED8E57D0C88DB46F0881215E9 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn\1.0.1_0\background.js"
sh=548687E45072FD4FC27B37D4EB56893E33C9118A ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn\1.0.1_0\content.js"
sh=CBD0206F32E434DC0E8EA8723610540F34A7B03A ft=1 fh=5b854bb7a7893104 vn="Win32/OutBrowse.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\Downloads\setup.exe"
sh=2D44DFDC38A6DDE1D93656451D5996F29F9DCD27 ft=1 fh=7c272d3303659065 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\NAME\Downloads\wzmp_10.exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\HSS-3.42-install-hss-600-conduit (1).exe"
sh=24F2D80708A35F88188D52FFDD81FC0A71C7D6C9 ft=1 fh=6ec999985f609117 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\HSS-3.42-install-hss-600-conduit.exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\ReimageRepair (1).exe"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\ReimageRepair.exe"
         
Code:
ATTFilter
Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SiteAdvisor     
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome (42.0.2311.152) 
 Google Chrome (43.0.2357.65) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 22.05.2015, 13:35   #12
M-K-D-B
/// TB-Ausbilder
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)



Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
C:\ProgramData\8a1ad0e032bd458e9dd0923cb1927c1e
C:\ProgramData\69ae6312743247e0afc15073a8e79ffb
C:\C Drive\Users\Name1\Downloads\*.exe
C:\C Drive\Users\Name1\Downloads\Reimage*.exe
C:\Users\Name1\Downloads\*.exe
C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn
C:\Users\NAME\Downloads\setup.exe
C:\Users\NAME\Downloads\wzmp_10.exe
D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\*conduit*.exe
D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\Reimage*.exe
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!







Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 
 


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 22.05.2015, 13:52   #13
Kasandra
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

Fixlog.txt.



Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by NAME at 2015-05-22 14:44:07 Run:2
Running from C:\Users\NAME\Desktop
Loaded Profiles: NAME (Available profiles: NAME)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\ProgramData\8a1ad0e032bd458e9dd0923cb1927c1e
C:\ProgramData\69ae6312743247e0afc15073a8e79ffb
C:\C Drive\Users\Name1\Downloads\*.exe
C:\C Drive\Users\Name1\Downloads\Reimage*.exe
C:\Users\Name1\Downloads\*.exe
C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn
C:\Users\NAME\Downloads\setup.exe
C:\Users\NAME\Downloads\wzmp_10.exe
D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\*conduit*.exe
D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\Reimage*.exe
EmptyTemp:
end
         
*****************

Processes closed successfully.
C:\ProgramData\8a1ad0e032bd458e9dd0923cb1927c1e => Moved successfully.
C:\ProgramData\69ae6312743247e0afc15073a8e79ffb => Moved successfully.
"C:\C Drive\Users\Name1\Downloads\*.exe" => File/Directory not found.
"C:\C Drive\Users\Name1\Downloads\Reimage*.exe" => File/Directory not found.
"C:\Users\Name1\Downloads\*.exe" => File/Directory not found.
"C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn" => File/Directory not found.
"C:\Users\NAME\Downloads\setup.exe" => File/Directory not found.
"C:\Users\NAME\Downloads\wzmp_10.exe" => File/Directory not found.
"D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\*conduit*.exe" => File/Directory not found.
"D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\Reimage*.exe" => File/Directory not found.
EmptyTemp: => Removed 320.1 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 14:44:16 ====
         

Alt 22.05.2015, 13:54   #14
M-K-D-B
/// TB-Ausbilder
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)



Servus,


Ja du musst "NAME" und "NAME1" schon durch deine richtigen Benutzernamen ersetzen, sonst wird das mit dem FRST-Fix nichts....

Gleich nochmal bitte.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 22.05.2015, 14:52   #15
Kasandra
 
avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Standard

Noch mal fixlog.text



Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015
Ran by NAME at 2015-05-22 15:30:25 Run:1
Running from C:\Users\NAME\Desktop
Loaded Profiles: NAME (Available profiles: NAME)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
C:\ProgramData\8a1ad0e032bd458e9dd0923cb1927c1e
C:\ProgramData\69ae6312743247e0afc15073a8e79ffb
C:\C Drive\Users\Name1\Downloads\*.exe
C:\C Drive\Users\Name1\Downloads\Reimage*.exe
C:\Users\Name1\Downloads\*.exe
C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn
C:\Users\NAME\Downloads\setup.exe
C:\Users\NAME\Downloads\wzmp_10.exe
D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\*conduit*.exe
D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\Reimage*.exe
EmptyTemp:
end

*****************

Processes closed successfully.
"C:\ProgramData\8a1ad0e032bd458e9dd0923cb1927c1e" => File/Folder not found.
"C:\ProgramData\69ae6312743247e0afc15073a8e79ffb" => File/Folder not found.
C:\C Drive\Users\Name1\Downloads\*.exe => Moved successfully.
"C:\C Drive\Users\Name1\Downloads\Reimage*.exe" => File/Folder not found.
C:\Users\Name1\Downloads\*.exe => Moved successfully.
C:\Users\NAME\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofplglpkkkggfjdkembepnejbcpkimmn => Moved successfully.
C:\Users\NAME\Downloads\setup.exe => Moved successfully.
C:\Users\NAME\Downloads\wzmp_10.exe => Moved successfully.
D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\*conduit*.exe => Moved successfully.
D:\SamsungRecovery\SamsungData\DataBackup#(2015-01-17.101456)\C Drive\Users\Name1\Downloads\Reimage*.exe => Moved successfully.
EmptyTemp: => Removed 28.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:30:31 ====
         
Code:
ATTFilter
# DelFix v1.010 - Datei am 22/05/2015 um 15:46:12 erstellt
# Aktualisiert am 26/04/2015 von Xplode
# Benutzer : NAME - NAME-PC
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\Users\NAME\Desktop\Fixlog.txt
Gelöscht : C:\Users\NAME\Desktop\FRST64.exe
Gelöscht : C:\Users\NAME\Downloads\FRST64 (1).exe
Gelöscht : C:\Users\NAME\Downloads\FRST64.exe

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #66 [Ende der Bereinigung | 05/22/2015 13:14:26]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
         

Antwort

Themen zu avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)
antivirus, anwendung, appdata, avast, datensicherung, downloader, escan, gdata, gen, google, internet, log, microsoft, neuer, onlinescan, opera, ordner, roaming, service, software, trojaner, update, version, win, win32/adware.vonteera.l, win32/anyprotect.g, win32/anyprotect.h, win32/downloadadmin.h, windows



Ähnliche Themen: avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)


  1. Avast schlägt immer an svchost.exe blackled.info / reddie.net
    Plagegeister aller Art und deren Bekämpfung - 21.05.2015 (3)
  2. viren befall ?? oder malware oder unerwuenschte software ?? oder ....
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (6)
  3. Avast meldet Malewareinfektion, epictory.com
    Log-Analyse und Auswertung - 20.05.2015 (29)
  4. Avast meldet blackfight.info-Virus
    Log-Analyse und Auswertung - 13.05.2015 (9)
  5. Avast meldet Malewareinfektion, epictory.com
    Alles rund um Windows - 08.05.2015 (1)
  6. Trojaner oder Virus adultyum.info
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (78)
  7. Avast 2015 Gut oder Schlecht ?
    Alles rund um Windows - 07.02.2015 (8)
  8. Avast-Virusmeldung ja oder nein ?
    Plagegeister aller Art und deren Bekämpfung - 05.01.2015 (3)
  9. Windows 7: Avast meldet Bedrohungen
    Log-Analyse und Auswertung - 28.10.2014 (29)
  10. Avast oder Malwarebytes?
    Antiviren-, Firewall- und andere Schutzprogramme - 06.09.2014 (6)
  11. AVG oder das empfohlene Avast
    Antiviren-, Firewall- und andere Schutzprogramme - 27.03.2014 (24)
  12. Info: avast! blockiert URL und meldet bösartige website
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (11)
  13. Avira, Avast! oder Kaspersky?
    Antiviren-, Firewall- und andere Schutzprogramme - 10.10.2012 (45)
  14. Passwortsicherheit: Passwörter speichern oder jedes mal eingeben?
    Diskussionsforum - 08.05.2012 (2)
  15. PC verseucht oder bedroht? Erkennt F-Secure nicht alle Viren/Bedrohungen?
    Antiviren-, Firewall- und andere Schutzprogramme - 02.12.2010 (5)
  16. Avast oder Avira? Spybot oder Ad-Aware?
    Antiviren-, Firewall- und andere Schutzprogramme - 11.08.2009 (33)

Zum Thema avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) - Hallo Trojanar-Bord Hilfer, ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=ad2c371ff8da9a4d9e3a9d91caeab567 # engine=23915 # end=finished # remove_checked=false # archives_checked=true # - avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com)...
Archiv
Du betrachtest: avast meldet jedes Mal 20 Bedrohungen (u.a. blackfight.info/3131 oder reddie.net/3131 oder epictory.com) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.