Trojaner-Board - Verdacht auf Adware

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Verdacht auf Adware (https://www.trojaner-board.de/160203-verdacht-adware.html)

Verdacht auf Adware

Der letzte Laptop in der Reihe.

Nach den letzten beiden wollte ich sicherheitshalber meinen DELL noch mal überprüfen. Ich hatte nämlich ebenfalls merkwürdige Programme wie firejump ect drauf gehabt aber da ich den Laptop selten benutze aber ihn dennoch brauche muss ich ihn ebenfalls checken lassen. Die Programme habe schon vor monaten herunter geschmißen aber man weiß ja nie was sich da noch tummelt.

Danke für eure Hilfe.

Hier schon mal die FRST Files.

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01

Ran by Daniel (administrator) on PC-DANIEL on 29-10-2014 11:02:13

Running from C:\Users\Daniel2\Desktop

Loaded Profiles: Daniel & Daniel2 (Available profiles: Daniel & Daniel2)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Users\Daniel\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\3356edf7a88e475d88eac25e50bcafe7\AddonsHelper.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(KaiJet) C:\Users\Daniel2\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\WormholeKM.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-24] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\RunOnce: [NSIS.Library.RegTool.v3] => C:\Program Files (x86)\FileZilla FTP Client\NSIS.Library.RegTool.v3.{370B267E-14E1-4D08-A4B7-2D276822A9CE}.exe [5120 2009-09-28] ()

HKLM-x32\...\RunOnce: [Del19208418] => cmd.exe /Q /D /c del "C:\Users\Daniel\AppData\Local\Temp\0.del"

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\Steam.exe" -silent

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\RunOnce: [Del19208418] => cmd.exe /Q /D /c del "C:\Users\Daniel\AppData\Local\Temp\0.del" <===== ATTENTION

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\MountPoints2: {09a8501b-1691-11e1-af57-806e6f6e6963} - D:\autoRcd.exe

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\MountPoints2: {b78ee1be-1698-11e1-b0f2-806e6f6e6963} - D:\autorun.exe

HKU\S-1-5-21-659169849-3009408344-782031156-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

HKU\S-1-5-21-659169849-3009408344-782031156-1001\...\Run: [CS Dispatch] => C:\Users\Daniel2\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\WormholeKM.exe [437288 2012-02-01] (KaiJet)

HKU\S-1-5-21-659169849-3009408344-782031156-1001\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-659169849-3009408344-782031156-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-659169849-3009408344-782031156-1001\...\MountPoints2: E - E:\WKMLoader.exe

HKU\S-1-5-21-659169849-3009408344-782031156-1001\...\MountPoints2: {0252ad11-bae2-11e2-a1af-ed6ddaaf1ce8} - E:\Autorun.exe

HKU\S-1-5-21-659169849-3009408344-782031156-1001\...\MountPoints2: {0a3427c5-8bf3-11e2-b016-e067e5562354} - H:\iLinker.exe

HKU\S-1-5-21-659169849-3009408344-782031156-1001\...\MountPoints2: {50778863-52c6-11e3-9274-bb58a2151553} - E:\WKMLoader.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

GroupPolicyUsers\S-1-5-21-659169849-3009408344-782031156-1001\User: Group Policy restriction detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.firetab.org/?type=ds3nt

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com

URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

SearchScopes: HKLM-x32 - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}

SearchScopes: HKLM-x32 - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}

SearchScopes: HKCU - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}

SearchScopes: HKCU - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}

SearchScopes: HKCU - {9BBFD33A-CE27-4B4D-B1B0-FAFA6BB6A1A1} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3219a792-9b5c-4d87-8e86-0e6905f01fdb&apn_sauid=FF110D48-7947-487B-9F2A-2BFEC12CB36D

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Avira SearchFree Toolbar plus Web Protection -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default

FF DefaultSearchEngine: Search

FF SearchEngineOrder.1: Ask.com

FF SelectedSearchEngine: Search

FF Homepage: hxxp://www.firetab.org/?type=ds3hp

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\user.js

FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\searchplugins\abae529f-c014-4aee-a232-8f6c38e68bbc.xml

FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\searchplugins\askcom.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: PriceSparrow - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\extension@pricesparrow.com [2014-08-07]

FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\toolbar@ask.com [2012-08-16]

FF Extension: WOT - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-20]

FF Extension: NoScript - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-20]

FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-20]

FF HKLM-x32\...\Firefox\Extensions: [dnshelp@dnshelp.com] - C:\Users\Daniel\AppData\Roaming\Helper

FF Extension: Helper - C:\Users\Daniel\AppData\Roaming\Helper [2014-08-07]
 

Chrome: 

=======

CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AddonsHelper; C:\Users\Daniel\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\3356edf7a88e475d88eac25e50bcafe7\AddonsHelper.exe [896512 2014-08-07] () [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-24] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)

R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-10-03] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-10-03] ()

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-29 11:02 - 2014-10-29 11:02 - 00016303 _____ () C:\Users\Daniel2\Desktop\FRST.txt

2014-10-29 11:01 - 2014-10-29 11:02 - 00000000 ____D () C:\FRST

2014-10-29 11:01 - 2014-10-29 11:01 - 00000000 ____D () C:\Users\Daniel2\Desktop\Neuer Ordner (2)

2014-10-29 11:00 - 2014-10-29 11:00 - 01998336 _____ () C:\Users\Daniel2\Desktop\AdwCleaner_4.002.exe

2014-10-29 10:59 - 2014-10-29 10:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Daniel2\Desktop\mbam-setup-2.0.3.1025.exe

2014-10-29 10:53 - 2014-10-29 10:53 - 02113024 _____ (Farbar) C:\Users\Daniel2\Desktop\FRST64.exe

2014-10-24 12:55 - 2014-10-24 12:55 - 36254312 _____ () C:\Users\Daniel2\Downloads\Firefox_Setup_33.0.exe

2014-10-24 12:41 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-24 12:41 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-24 12:40 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-24 12:40 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-24 12:40 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-24 12:40 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-24 12:40 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-24 12:40 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-24 12:40 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-24 12:40 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-24 12:40 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-24 12:40 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-24 12:40 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-24 12:40 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-24 12:40 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-24 12:40 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-24 12:40 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-24 12:40 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-24 12:40 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-24 12:40 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-24 12:40 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-24 12:40 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-24 12:40 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-24 12:40 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-24 12:40 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-24 12:40 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-24 12:40 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-24 12:40 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-24 12:40 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-24 12:40 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-24 12:40 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-24 12:40 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-24 12:40 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-24 12:40 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-24 12:40 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-24 12:40 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-24 12:40 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-24 12:40 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-24 12:40 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-24 12:40 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-24 12:40 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-24 12:40 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-24 12:40 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-24 12:40 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-24 12:40 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-24 12:40 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-24 12:40 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-24 12:40 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-24 12:40 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-24 12:40 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-24 12:40 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-24 12:40 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-24 12:40 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-24 12:40 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-24 12:40 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-24 12:40 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-24 12:40 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-24 12:40 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-24 12:40 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-24 12:40 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-24 12:40 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-24 12:38 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-24 12:38 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-10-24 12:38 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-24 12:38 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-24 12:37 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-24 12:36 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-24 12:36 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-24 12:36 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-24 12:36 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-24 12:36 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-24 12:36 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-24 12:35 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-24 12:35 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-24 12:35 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-24 12:33 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-24 12:33 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-24 12:33 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-24 12:33 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-24 12:28 - 2014-10-24 12:28 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-10-24 12:28 - 2014-10-24 12:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-10-24 12:28 - 2014-10-24 12:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-10-24 12:28 - 2014-10-24 12:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-10-24 12:28 - 2014-10-24 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-24 12:11 - 2014-10-24 12:11 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-29 10:58 - 2009-07-14 05:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-29 10:58 - 2009-07-14 05:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-29 10:56 - 2011-11-24 12:43 - 01394093 _____ () C:\Windows\WindowsUpdate.log

2014-10-29 10:53 - 2011-11-24 21:38 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2014-10-29 10:53 - 2011-11-24 21:38 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2014-10-29 10:53 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-29 10:46 - 2013-04-04 11:11 - 00016523 _____ () C:\Windows\setupact.log

2014-10-29 10:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-24 19:35 - 2013-10-27 16:35 - 00000292 _____ () C:\Windows\Tasks\FoxTab.job

2014-10-24 19:20 - 2013-09-14 17:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-24 13:30 - 2011-11-24 12:51 - 00000000 ____D () C:\Users\Daniel

2014-10-24 13:24 - 2009-07-14 05:45 - 00408432 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-24 13:22 - 2013-05-14 18:41 - 00154044 _____ () C:\Windows\PFRO.log

2014-10-24 13:22 - 2012-04-26 15:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-10-24 13:21 - 2014-07-20 09:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-24 13:15 - 2011-11-24 14:34 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-24 13:10 - 2013-07-19 17:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-24 13:01 - 2012-03-12 09:49 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-24 12:57 - 2013-08-17 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-10-24 12:57 - 2011-11-24 14:08 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-10-24 12:57 - 2011-11-24 14:08 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-10-24 12:56 - 2014-07-20 09:19 - 00006461 _____ () C:\Windows\SecuniaPackage.log

2014-10-24 12:31 - 2013-09-14 17:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-24 12:31 - 2013-09-14 17:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-24 12:31 - 2013-09-14 17:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-10-24 12:28 - 2013-02-08 09:34 - 00000000 ____D () C:\Program Files\Java

2014-10-24 12:20 - 2014-07-20 09:20 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-10-24 12:11 - 2014-08-31 10:06 - 00000000 ____D () C:\ProgramData\Package Cache

2014-10-24 12:11 - 2013-03-26 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-10-24 12:10 - 2013-03-26 08:34 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-10-24 12:08 - 2013-05-07 17:21 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-10-24 12:08 - 2013-03-26 08:35 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-10-24 12:08 - 2013-03-26 08:35 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-10-02 14:53 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 

Some content of TEMP:

====================

C:\Users\Daniel\AppData\Local\Temp\21063uninstall.exe

C:\Users\Daniel\AppData\Local\Temp\BackupSetup.exe

C:\Users\Daniel\AppData\Local\Temp\ICReinstall_Movie-Maker.exe

C:\Users\Daniel\AppData\Local\Temp\Sqlite3.dll

C:\Users\Daniel2\AppData\Local\Temp\AskSLib.dll

C:\Users\Daniel2\AppData\Local\Temp\avgnt.exe

C:\Users\Daniel2\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Daniel2\AppData\Local\Temp\drm_dyndata_7370012.dll

C:\Users\Daniel2\AppData\Local\Temp\drm_dyndata_7380014.dll

C:\Users\Daniel2\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Daniel2\AppData\Local\Temp\ubi230B.tmp.exe

C:\Users\Daniel2\AppData\Local\Temp\ubiB470.tmp.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-01-24 18:06
 

==================== End Of Log ============================

--- --- ---

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01

Ran by Daniel at 2014-10-29 11:03:11

Running from C:\Users\Daniel2\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

Adobe Flash Player 15 ActiveX (HKLM-x32\...\{BC8AC77D-6A6F-491F-BEED-2958F09C6CAE}) (Version: 15.0.0.189 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\{AF82C1A9-56DC-4CCD-A36C-CAE56D541DFA}) (Version: 15.0.0.189 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)

Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)

Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION

Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)

Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION

CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)

CEP - Color Enable Package (HKLM-x32\...\CEP - Colour Enable Packages_is1) (Version: 6.0b (beta) - Numenor, for ModTheSims2)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Commander: Conquest of the Americas (HKLM-x32\...\Commander_is1) (Version:  - TopWare Interactive)

CSS3 Menu (HKLM-x32\...\CSS3 Menu_is1) (Version:  - )

Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)

Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )

Die Sims 2: Family Fun - Accessoires (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )

Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )

Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )

Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version:  - )

Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)

Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)

Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)

Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )

Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )

Die Sims™ 2 IKEA® Home-Accessoires (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version:  - Electronic Arts)

Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )

Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )

Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )

DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)

FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)

Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION

Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)

Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)

InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)

Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)

Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)

Malwarebytes Anti-Malware Version 1.61.0.1400 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)

NetBeans IDE 7.1.2 (HKLM-x32\...\nbi-nb-base-7.1.2.0.0) (Version: 7.1.2 - NetBeans.org)

NetBeans IDE 7.2 (HKLM\...\nbi-nb-base-7.2.0.0.201207301726) (Version: 7.2 - NetBeans.org)

Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)

Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Sims2Pack Clean Installer (HKLM-x32\...\Sims2Pack Clean Installer) (Version:  - )

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated)

Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )

Tomb Raider: Underworld 1.1 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

20-07-2014 10:39:26 Windows Update

07-08-2014 16:21:01 Windows Update

07-08-2014 17:51:55 Removed PriceSparrow

31-08-2014 09:08:56 Windows Update

31-08-2014 09:22:19 Windows Update

22-09-2014 11:20:38 Windows Update

22-09-2014 12:21:56 Windows Update

28-09-2014 12:08:48 Windows Update

28-09-2014 12:12:36 Windows Update

24-10-2014 11:34:06 Windows Update

24-10-2014 12:00:48 Windows Update

29-10-2014 09:53:23 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {2DDA9EBF-7510-4EF8-A590-032436C69AAC} - System32\Tasks\{AC43F26D-E017-4481-AFE9-C5166FB71FC9} => C:\Users\Daniel2\Downloads\ElsterFormular-14.3.20130522p.exe

Task: {30CF6DF7-DCB2-4F17-8F60-FCF24AB4A109} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24] (Adobe Systems Incorporated)

Task: {C1B3891D-6FA0-4809-8468-2EDF762D6593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)

Task: {E9141A67-D726-4ABB-AC95-731610CADF42} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-06-20] () <==== ATTENTION

Task: {EA1AB4F0-CF4A-4E66-BF04-8B36D98AA883} - System32\Tasks\FoxTab => C:\Users\Daniel\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {F86261EC-62FC-4EB5-9E03-966A261A1DD6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Daniel\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 

==================== Loaded Modules (whitelisted) =============
 

2014-08-07 17:30 - 2014-08-07 17:30 - 00896512 _____ () C:\Users\Daniel\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\3356edf7a88e475d88eac25e50bcafe7\AddonsHelper.exe

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-11-21 17:07 - 2011-06-14 08:07 - 00036688 ____N () C:\Users\Daniel2\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\OSW08.dll

2013-11-21 17:07 - 2011-04-28 08:50 - 00039760 ____N () C:\Users\Daniel2\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\2208KM_HID.dll

2013-11-21 17:07 - 2010-06-10 13:39 - 00073728 ____N () C:\Users\Daniel2\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\ProdLic.DLL

2014-10-24 19:31 - 2014-10-24 19:31 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9419a7c2030ade01725f8fd9344e218d\IsdiInterop.ni.dll

2011-11-24 13:33 - 2010-06-08 10:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-659169849-3009408344-782031156-500 - Administrator - Disabled)

Daniel (S-1-5-21-659169849-3009408344-782031156-1000 - Administrator - Enabled) => C:\Users\Daniel

Daniel2 (S-1-5-21-659169849-3009408344-782031156-1001 - Limited - Enabled) => C:\Users\Daniel2

Gast (S-1-5-21-659169849-3009408344-782031156-501 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/29/2014 10:48:28 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/24/2014 07:21:05 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/24/2014 01:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/24/2014 01:24:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/24/2014 00:04:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/28/2014 00:58:54 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/22/2014 01:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/22/2014 00:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/02/2014 08:40:55 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/31/2014 11:39:35 AM) (Source: MsiInstaller) (EventID: 1024) (User: PC-Daniel)

Description: Produkt: Adobe Reader XI (11.0.07) - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 
 

System errors:

=============

Error: (10/24/2014 01:25:23 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)

Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
 

Error: (10/24/2014 01:21:50 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 

Error: (10/24/2014 00:21:02 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (10/24/2014 00:09:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (10/24/2014 00:09:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Installer erreicht.
 

Error: (10/24/2014 00:09:00 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}
 

Error: (09/22/2014 01:39:30 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 

Error: (09/22/2014 00:08:47 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
 

Error: (09/22/2014 00:08:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
 

Error: (08/31/2014 02:07:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1069
 
 

Microsoft Office Sessions:

=========================

Error: (10/29/2014 10:48:28 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/24/2014 07:21:05 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/24/2014 01:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/24/2014 01:24:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/24/2014 00:04:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/28/2014 00:58:54 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/22/2014 01:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/22/2014 00:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (09/02/2014 08:40:55 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/31/2014 11:39:35 AM) (Source: MsiInstaller) (EventID: 1024) (User: PC-Daniel)

Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz

Percentage of memory in use: 45%

Total physical RAM: 2934.68 MB

Available physical RAM: 1600.09 MB

Total Pagefile: 5867.55 MB

Available Pagefile: 4071.8 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:297.99 GB) (Free:193.18 GB) NTFS

Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:232.88 GB) (Free:155.45 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7C12E647)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 232.9 GB) (Disk ID: 1200EC56)

Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

hi,

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Ask Toolbar

Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION

Google Update Helper
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo Schrauber,

also ich habe die beiden ersten Programme mit dem RevoUninstaller entfernen können.
Aber Google Update Helper war nicht mehr zu finden.

AntiMalware läuft gerade und gleichzeitig hat Antivir etws gefunden.
C:\Users\name\..\ICReinstall_Movie-maker.exe mit dem VIrus oder dem unerwünschten Program ´Adware/InstallCore.Gen7´wurde blokiert.
Ich hoffe nur es war kein Fehler auf entfernen zu geklickt zu haben.

Edit1: Hallo Schrauber. Suchlauf wurde beendet und ich habe neu gestartet aber das Anwendungsprotokoll ist leer. Einzig was ich habe ist Schutz-Protokoll. Ich muss wohl morgen noch mal durchlaufen lassen.

Gruß
DK85B

Edit2-30.10.2014
Hallo Schrauber,

also ich habe nochmal durchlaufen lassen aber er hat natürlich nichts mehr gefunden weil alles in der Quarantäne ist. Der von gestern ist nicht richtig gespeichert worden und somit ist das Protokoll von MWAMWB leer.
Soll ich mit Schritt 3 weiter machen?

Gruß und danke
DK85B

Ja einfach weiter machen :)

hallo Schrauber,

so habe jetzt alles bisherige erledigt.

Code:

# AdwCleaner v4.002 - Bericht erstellt am 31/10/2014 um 09:57:00

# Aktualisiert 27/10/2014 von Xplode

# Datenbank : 2014-10-26.6

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Daniel - PC-DANIEL

# Gestartet von : C:\Users\Daniel\Desktop\AdwCleaner_4.002.exe

# Option : Suchen
 

***** [ Dienste ] *****
 

Dienst Gefunden : AddonsHelper
 

***** [ Dateien / Ordner ] *****
 

Datei Gefunden : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\searchplugins\Askcom.xml

Datei Gefunden : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\user.js

Datei Gefunden : C:\Users\Daniel2\AppData\Roaming\Mozilla\Firefox\Profiles\8j4j69ax.default\user.js

Datei Gefunden : C:\Windows\System32\roboot64.exe

Ordner Gefunden : C:\Program Files (x86)\MyPC Backup

Ordner Gefunden : C:\ProgramData\DNSErrorHelper

Ordner Gefunden : C:\Users\Daniel\AppData\Local\Temp\BatBrowse

Ordner Gefunden : C:\Users\Daniel\AppData\Local\Temp\OCS

Ordner Gefunden : C:\Users\Daniel\AppData\Roaming\FoxTab

Ordner Gefunden : C:\Users\Daniel\AppData\Roaming\Helper

Ordner Gefunden : C:\Users\Daniel\AppData\Roaming\HELPER

Ordner Gefunden : C:\Users\Daniel\AppData\Roaming\OCS

Ordner Gefunden : C:\Users\Daniel\AppData\Roaming\Systweak

Ordner Gefunden : C:\Users\Daniel2\AppData\Local\AskToolbar

Ordner Gefunden : C:\Users\Daniel2\AppData\Roaming\Helper

Ordner Gefunden : C:\Users\Daniel2\AppData\Roaming\HELPER
 

***** [ Tasks ] *****
 

Task Gefunden : FoxTab
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gefunden : HKCU\Software\Ciuvo

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}

Schlüssel Gefunden : HKCU\Software\OCS

Schlüssel Gefunden : [x64] HKCU\Software\Ciuvo

Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}

Schlüssel Gefunden : [x64] HKCU\Software\OCS

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}

Schlüssel Gefunden : HKLM\SOFTWARE\systweak

Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com]
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17344
 

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.firetab.org/?type=ds3nt
 

-\\ Mozilla Firefox v33.0 (x86 de)
 
 

-\\ Google Chrome v
 
 

*************************
 

AdwCleaner[R0].txt - [2899 octets] - [31/10/2014 09:57:00]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2959 octets] ##########

Code:

# AdwCleaner v4.002 - Bericht erstellt am 31/10/2014 um 10:00:02

# DB v2014-10-26.6

# Aktualisiert 27/10/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Daniel - PC-DANIEL

# Gestartet von : C:\Users\Daniel\Desktop\AdwCleaner_4.002.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

Dienst Gelöscht : AddonsHelper
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Users\Daniel2\AppData\Local\AskToolbar

Ordner Gelöscht : C:\Users\Daniel\AppData\Local\Temp\BatBrowse

Ordner Gelöscht : C:\ProgramData\DNSErrorHelper

Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\FoxTab

Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\HELPER

Ordner Gelöscht : C:\Users\Daniel2\AppData\Roaming\HELPER

Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup

Ordner Gelöscht : C:\Users\Daniel\AppData\Local\Temp\OCS

Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\OCS

Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\Systweak

Datei Gelöscht : C:\Windows\System32\roboot64.exe

Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\searchplugins\Askcom.xml

Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\user.js

Datei Gelöscht : C:\Users\Daniel2\AppData\Roaming\Mozilla\Firefox\Profiles\8j4j69ax.default\user.js
 

***** [ Tasks ] *****
 

Task Gelöscht : FoxTab
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}

Schlüssel Gelöscht : HKCU\Software\Ciuvo

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17344
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 

-\\ Mozilla Firefox v33.0 (x86 de)
 
 

-\\ Google Chrome v
 
 

*************************
 

AdwCleaner[R0].txt - [3051 octets] - [31/10/2014 09:57:00]

AdwCleaner[S0].txt - [2603 octets] - [31/10/2014 10:00:02]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2663 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.3 (10.21.2014:1)

OS: Windows 7 Home Premium x64

Ran by Daniel on 31.10.2014 at 10:08:02,87

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BBFD33A-CE27-4B4D-B1B0-FAFA6BB6A1A1}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\6prk3rgq.default\extensions\staged

Successfully deleted the following from C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\6prk3rgq.default\prefs.js
 

user_pref("browser.search.order.1", "Ask.com");

user_pref("browser.startup.homepage", "hxxp://www.firetab.org/?type=ds3hp");

Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\6prk3rgq.default\minidumps [10 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 31.10.2014 at 10:11:54,27

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01

Ran by Daniel (administrator) on PC-DANIEL on 31-10-2014 10:12:38

Running from C:\Users\Daniel\Desktop

Loaded Profile: Daniel (Available profiles: Daniel & Daniel2)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-24] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\Steam.exe" -silent

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\MountPoints2: {09a8501b-1691-11e1-af57-806e6f6e6963} - D:\autoRcd.exe

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\MountPoints2: {b78ee1be-1698-11e1-b0f2-806e6f6e6963} - D:\autorun.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

GroupPolicyUsers\S-1-5-21-659169849-3009408344-782031156-1001\User: Group Policy restriction detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default

FF DefaultSearchEngine: Search

FF SelectedSearchEngine: Search

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\searchplugins\abae529f-c014-4aee-a232-8f6c38e68bbc.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: WOT - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-20]

FF Extension: PriceSparrow - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\extension@pricesparrow.com.xpi [2014-10-30]

FF Extension: NoScript - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-20]

FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-20]
 

Chrome: 

=======

CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-24] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)

R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-10-03] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-10-03] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-31] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-31 10:12 - 2014-10-31 10:13 - 00012793 _____ () C:\Users\Daniel\Desktop\FRST.txt

2014-10-31 10:12 - 2014-10-31 10:12 - 00000000 ____D () C:\Users\Daniel\Desktop\FRST-OlderVersion

2014-10-31 10:11 - 2014-10-31 10:11 - 00001283 _____ () C:\Users\Daniel\Desktop\JRT.txt

2014-10-31 10:08 - 2014-10-31 10:08 - 00000000 ____D () C:\Windows\ERUNT

2014-10-31 10:07 - 2014-10-31 10:01 - 00002743 _____ () C:\Users\Daniel\Desktop\AdwCleaner[S0].txt

2014-10-31 10:07 - 2014-10-31 09:59 - 00003051 _____ () C:\Users\Daniel\Desktop\AdwCleaner[R0].txt

2014-10-31 09:56 - 2014-10-31 10:01 - 00000000 ____D () C:\AdwCleaner

2014-10-30 11:24 - 2014-10-30 11:24 - 01706144 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe

2014-10-30 11:23 - 2014-10-31 10:12 - 02113536 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe

2014-10-30 11:23 - 2014-10-29 11:00 - 01998336 _____ () C:\Users\Daniel\Desktop\AdwCleaner_4.002.exe

2014-10-30 10:49 - 2014-10-30 10:49 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Avira

2014-10-29 12:14 - 2014-10-29 12:04 - 00000049 _____ () C:\Users\Daniel2\Desktop\mbam.txt

2014-10-29 11:35 - 2014-10-31 10:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-29 11:34 - 2014-10-29 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-29 11:34 - 2014-10-29 11:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-29 11:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-29 11:34 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-29 11:23 - 2014-10-29 11:23 - 00001264 _____ () C:\Users\Daniel\Desktop\Revo Uninstaller.lnk

2014-10-29 11:23 - 2014-10-29 11:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-10-29 11:22 - 2014-10-29 11:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Daniel2\Desktop\revosetup95.exe

2014-10-29 11:03 - 2014-10-29 11:04 - 00024983 _____ () C:\Users\Daniel2\Desktop\Addition.txt

2014-10-29 11:02 - 2014-10-29 11:04 - 00033025 _____ () C:\Users\Daniel2\Desktop\FRST.txt

2014-10-29 11:01 - 2014-10-31 10:12 - 00000000 ____D () C:\FRST

2014-10-29 11:01 - 2014-10-29 11:01 - 00000000 ____D () C:\Users\Daniel2\Desktop\Neuer Ordner (2)

2014-10-29 11:00 - 2014-10-29 11:00 - 01998336 _____ () C:\Users\Daniel2\Desktop\AdwCleaner_4.002.exe

2014-10-29 10:59 - 2014-10-29 10:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Daniel2\Desktop\mbam-setup-2.0.3.1025.exe

2014-10-29 10:53 - 2014-10-29 10:53 - 02113024 _____ (Farbar) C:\Users\Daniel2\Desktop\FRST64.exe

2014-10-24 12:55 - 2014-10-24 12:55 - 36254312 _____ () C:\Users\Daniel2\Downloads\Firefox_Setup_33.0.exe

2014-10-24 12:41 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-24 12:41 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-24 12:40 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-24 12:40 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-24 12:40 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-24 12:40 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-24 12:40 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-24 12:40 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-24 12:40 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-24 12:40 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-24 12:40 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-24 12:40 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-24 12:40 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-24 12:40 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-24 12:40 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-24 12:40 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-24 12:40 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-24 12:40 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-24 12:40 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-24 12:40 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-24 12:40 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-24 12:40 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-24 12:40 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-24 12:40 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-24 12:40 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-24 12:40 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-24 12:40 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-24 12:40 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-24 12:40 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-24 12:40 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-24 12:40 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-24 12:40 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-24 12:40 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-24 12:40 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-24 12:40 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-24 12:40 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-24 12:40 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-24 12:40 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-24 12:40 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-24 12:40 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-24 12:40 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-24 12:40 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-24 12:40 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-24 12:40 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-24 12:40 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-24 12:40 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-24 12:40 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-24 12:40 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-24 12:40 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-24 12:40 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-24 12:40 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-24 12:40 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-24 12:40 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-24 12:40 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-24 12:40 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-24 12:40 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-24 12:40 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-24 12:40 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-24 12:40 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-24 12:40 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-24 12:40 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-24 12:38 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-24 12:38 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-10-24 12:38 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-24 12:38 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-24 12:37 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-24 12:36 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-24 12:36 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-24 12:36 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-24 12:36 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-24 12:36 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-24 12:36 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-24 12:35 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-24 12:35 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-24 12:35 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-24 12:33 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-24 12:33 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-24 12:33 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-24 12:33 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-24 12:28 - 2014-10-24 12:28 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-10-24 12:28 - 2014-10-24 12:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-10-24 12:28 - 2014-10-24 12:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-10-24 12:28 - 2014-10-24 12:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-10-24 12:28 - 2014-10-24 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-24 12:11 - 2014-10-24 12:11 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-31 10:12 - 2009-07-14 05:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-31 10:12 - 2009-07-14 05:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-31 10:11 - 2011-11-24 21:38 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2014-10-31 10:11 - 2011-11-24 21:38 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2014-10-31 10:11 - 2011-11-24 12:43 - 01483888 _____ () C:\Windows\WindowsUpdate.log

2014-10-31 10:11 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-31 10:03 - 2013-05-14 18:41 - 00159578 _____ () C:\Windows\PFRO.log

2014-10-31 10:03 - 2013-04-04 11:11 - 00016747 _____ () C:\Windows\setupact.log

2014-10-31 10:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-30 11:36 - 2013-08-17 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-10-30 11:20 - 2013-09-14 17:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-30 10:41 - 2013-04-13 10:26 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client

2014-10-29 12:15 - 2013-07-18 17:40 - 00000680 __RSH () C:\Users\Daniel\ntuser.pol

2014-10-29 12:15 - 2011-11-24 12:51 - 00001421 _____ () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-10-29 12:15 - 2011-11-24 12:51 - 00000000 ____D () C:\Users\Daniel

2014-10-29 12:15 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-10-29 11:35 - 2012-02-04 12:32 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Malwarebytes

2014-10-29 11:35 - 2012-02-04 12:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-29 11:34 - 2012-02-04 12:32 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-24 13:24 - 2009-07-14 05:45 - 00408432 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-24 13:22 - 2012-04-26 15:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-10-24 13:21 - 2014-07-20 09:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-24 13:15 - 2011-11-24 14:34 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-24 13:10 - 2013-07-19 17:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-24 13:01 - 2012-03-12 09:49 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-24 12:57 - 2011-11-24 14:08 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-10-24 12:57 - 2011-11-24 14:08 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-10-24 12:56 - 2014-07-20 09:19 - 00006461 _____ () C:\Windows\SecuniaPackage.log

2014-10-24 12:31 - 2013-09-14 17:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-24 12:31 - 2013-09-14 17:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-24 12:31 - 2013-09-14 17:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-10-24 12:28 - 2013-02-08 09:34 - 00000000 ____D () C:\Program Files\Java

2014-10-24 12:20 - 2014-07-20 09:20 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-10-24 12:11 - 2014-08-31 10:06 - 00000000 ____D () C:\ProgramData\Package Cache

2014-10-24 12:11 - 2013-03-26 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-10-24 12:10 - 2013-03-26 08:34 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-10-24 12:08 - 2013-05-07 17:21 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-10-24 12:08 - 2013-03-26 08:35 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-10-24 12:08 - 2013-03-26 08:35 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-10-01 11:11 - 2012-02-04 12:32 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 

Some content of TEMP:

====================

C:\Users\Daniel\AppData\Local\Temp\21063uninstall.exe

C:\Users\Daniel\AppData\Local\Temp\avgnt.exe

C:\Users\Daniel\AppData\Local\Temp\BackupSetup.exe

C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe

C:\Users\Daniel\AppData\Local\Temp\Sqlite3.dll

C:\Users\Daniel2\AppData\Local\Temp\AskSLib.dll

C:\Users\Daniel2\AppData\Local\Temp\avgnt.exe

C:\Users\Daniel2\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Daniel2\AppData\Local\Temp\drm_dyndata_7370012.dll

C:\Users\Daniel2\AppData\Local\Temp\drm_dyndata_7380014.dll

C:\Users\Daniel2\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Daniel2\AppData\Local\Temp\ubi230B.tmp.exe

C:\Users\Daniel2\AppData\Local\Temp\ubiB470.tmp.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-01-24 18:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01

Ran by Daniel at 2014-10-31 10:13:48

Running from C:\Users\Daniel\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

Adobe Flash Player 15 ActiveX (HKLM-x32\...\{BC8AC77D-6A6F-491F-BEED-2958F09C6CAE}) (Version: 15.0.0.189 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\{AF82C1A9-56DC-4CCD-A36C-CAE56D541DFA}) (Version: 15.0.0.189 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)

Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)

Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)

CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)

CEP - Color Enable Package (HKLM-x32\...\CEP - Colour Enable Packages_is1) (Version: 6.0b (beta) - Numenor, for ModTheSims2)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Commander: Conquest of the Americas (HKLM-x32\...\Commander_is1) (Version:  - TopWare Interactive)

CSS3 Menu (HKLM-x32\...\CSS3 Menu_is1) (Version:  - )

Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)

Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )

Die Sims 2: Family Fun - Accessoires (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )

Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )

Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )

Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version:  - )

Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)

Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)

Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)

Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )

Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )

Die Sims™ 2 IKEA® Home-Accessoires (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version:  - Electronic Arts)

Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )

Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )

Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )

DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)

FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)

Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION

Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)

Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)

InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)

Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)

Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)

Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)

NetBeans IDE 7.1.2 (HKLM-x32\...\nbi-nb-base-7.1.2.0.0) (Version: 7.1.2 - NetBeans.org)

NetBeans IDE 7.2 (HKLM\...\nbi-nb-base-7.2.0.0.201207301726) (Version: 7.2 - NetBeans.org)

Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Sims2Pack Clean Installer (HKLM-x32\...\Sims2Pack Clean Installer) (Version:  - )

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated)

Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )

Tomb Raider: Underworld 1.1 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

07-08-2014 16:21:01 Windows Update

07-08-2014 17:51:55 Removed PriceSparrow

31-08-2014 09:08:56 Windows Update

31-08-2014 09:22:19 Windows Update

22-09-2014 11:20:38 Windows Update

22-09-2014 12:21:56 Windows Update

28-09-2014 12:08:48 Windows Update

28-09-2014 12:12:36 Windows Update

24-10-2014 11:34:06 Windows Update

24-10-2014 12:00:48 Windows Update

29-10-2014 09:53:23 Windows Update

29-10-2014 10:24:15 Revo Uninstaller's restore point - Ask Toolbar

29-10-2014 10:27:47 Revo Uninstaller's restore point - Avira SearchFree Toolbar plus Web Protection Updater
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {2DDA9EBF-7510-4EF8-A590-032436C69AAC} - System32\Tasks\{AC43F26D-E017-4481-AFE9-C5166FB71FC9} => C:\Users\Daniel2\Downloads\ElsterFormular-14.3.20130522p.exe

Task: {30CF6DF7-DCB2-4F17-8F60-FCF24AB4A109} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24] (Adobe Systems Incorporated)

Task: {C1B3891D-6FA0-4809-8468-2EDF762D6593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)

Task: {F86261EC-62FC-4EB5-9E03-966A261A1DD6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-10-24 19:31 - 2014-10-24 19:31 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9419a7c2030ade01725f8fd9344e218d\IsdiInterop.ni.dll

2011-11-24 13:33 - 2010-06-08 10:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-659169849-3009408344-782031156-500 - Administrator - Disabled)

Daniel (S-1-5-21-659169849-3009408344-782031156-1000 - Administrator - Enabled) => C:\Users\Daniel

Daniel2 (S-1-5-21-659169849-3009408344-782031156-1001 - Limited - Enabled) => C:\Users\Daniel2

Gast (S-1-5-21-659169849-3009408344-782031156-501 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz

Percentage of memory in use: 60%

Total physical RAM: 2934.68 MB

Available physical RAM: 1167.79 MB

Total Pagefile: 5867.55 MB

Available Pagefile: 3621.2 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:297.99 GB) (Free:192.94 GB) NTFS

Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:232.88 GB) (Free:155.45 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7C12E647)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 232.9 GB) (Disk ID: 1200EC56)

Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Das waren sie. Danke dir weiterhin.

Offensichtlich versteckt sich der Google Update Helper aber immer noch.

Gruß
DK85B

Das ist nur noch der Registrywert, den killen wir im Anschluss.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo Schrauber,

das werden wir halt sehen. Bisher keine jedenfalls.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=b0dee521735b1e4381d599b7585145d9

# engine=20894

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-11-02 05:40:15

# local_time=2014-11-02 06:40:15 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 100 10703 280373305 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 206539 166579865 0 0

# scanned=231679

# found=7

# cleaned=0

# scan_time=6526

sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Daniel\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"

sh=1DA7E55B7B8609994368D0C56A7B76474F882B6A ft=1 fh=6342ba6251261b43 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"

sh=0837DEAF90452ABAE86528A81AD6CB00A30006AA ft=1 fh=c067c727a90638cf vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JRST8I6\Setup[1].exe"

sh=3A359EA1EB16365419389CAF6C778C747C77509C ft=1 fh=abcfbb2b4643ef49 vn="Variante von Win32/DealPly.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel\AppData\Local\Temp\UpdateTask.exe.19379130"

sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel\AppData\Local\Temp\is1293689599\19157671_stp\wajam_validate.exe"

sh=CF04AC24DA32C1B5649F9A84097DC21A780A7BDF ft=1 fh=56dc46d4b0fba726 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel2\Downloads\Firefox - CHIP-Downloader.exe"

sh=10A58D7E7A9BD03B55E994EB2581254F96A8FEE7 ft=1 fh=8a993113278888e1 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Daniel2\Downloads\Firefox - CHIP-Installer.exe"

Code:

 Results of screen317's Security Check version 0.99.89  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Secunia PSI (2.0.0.4003)   

 Adobe Flash Player 15.0.0.189  

 Adobe Reader XI  

 Mozilla Firefox (33.0.2) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

 Malwarebytes Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014

Ran by Daniel (administrator) on PC-DANIEL on 02-11-2014 18:54:21

Running from C:\Users\Daniel\Desktop

Loaded Profile: Daniel (Available profiles: Daniel & Daniel2)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-24] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\Steam.exe" -silent

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\MountPoints2: {09a8501b-1691-11e1-af57-806e6f6e6963} - D:\autoRcd.exe

HKU\S-1-5-21-659169849-3009408344-782031156-1000\...\MountPoints2: {b78ee1be-1698-11e1-b0f2-806e6f6e6963} - D:\autorun.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

GroupPolicyUsers\S-1-5-21-659169849-3009408344-782031156-1001\User: Group Policy restriction detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default

FF DefaultSearchEngine: Search

FF SelectedSearchEngine: Search

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\searchplugins\abae529f-c014-4aee-a232-8f6c38e68bbc.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: WOT - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-20]

FF Extension: PriceSparrow - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\extension@pricesparrow.com.xpi [2014-10-30]

FF Extension: NoScript - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-20]

FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\6prk3rgq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-20]
 

Chrome: 

=======

CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-24] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-24] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)

R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-10-03] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-10-03] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-02 18:53 - 2014-11-02 18:53 - 00000903 _____ () C:\Users\Daniel\Desktop\checkup.txt

2014-11-02 18:48 - 2014-11-02 18:48 - 00854448 _____ () C:\Users\Daniel\Desktop\SecurityCheck.exe

2014-11-02 16:46 - 2014-11-02 16:46 - 00000857 _____ () C:\Users\Daniel\Desktop\Downloads.lnk

2014-11-02 16:44 - 2014-11-02 16:46 - 02347384 _____ (ESET) C:\Users\Daniel\Desktop\esetsmartinstaller_deu.exe

2014-10-31 10:13 - 2014-10-31 10:14 - 00015851 _____ () C:\Users\Daniel\Desktop\Addition.txt

2014-10-31 10:12 - 2014-11-02 18:54 - 00012698 _____ () C:\Users\Daniel\Desktop\FRST.txt

2014-10-31 10:12 - 2014-11-02 18:54 - 00000000 ____D () C:\Users\Daniel\Desktop\FRST-OlderVersion

2014-10-31 10:11 - 2014-10-31 10:11 - 00001283 _____ () C:\Users\Daniel\Desktop\JRT.txt

2014-10-31 10:08 - 2014-10-31 10:08 - 00000000 ____D () C:\Windows\ERUNT

2014-10-31 10:07 - 2014-10-31 10:01 - 00002743 _____ () C:\Users\Daniel\Desktop\AdwCleaner[S0].txt

2014-10-31 10:07 - 2014-10-31 09:59 - 00003051 _____ () C:\Users\Daniel\Desktop\AdwCleaner[R0].txt

2014-10-31 09:56 - 2014-10-31 10:01 - 00000000 ____D () C:\AdwCleaner

2014-10-30 11:36 - 2014-10-30 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-10-30 11:24 - 2014-10-30 11:24 - 01706144 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe

2014-10-30 11:23 - 2014-11-02 18:54 - 02114560 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe

2014-10-30 11:23 - 2014-10-29 11:00 - 01998336 _____ () C:\Users\Daniel\Desktop\AdwCleaner_4.002.exe

2014-10-30 10:49 - 2014-10-30 10:49 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Avira

2014-10-29 12:14 - 2014-10-29 12:04 - 00000049 _____ () C:\Users\Daniel2\Desktop\mbam.txt

2014-10-29 11:35 - 2014-11-02 16:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-29 11:34 - 2014-10-29 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-29 11:34 - 2014-10-29 11:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-29 11:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-29 11:34 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-29 11:23 - 2014-10-29 11:23 - 00001264 _____ () C:\Users\Daniel\Desktop\Revo Uninstaller.lnk

2014-10-29 11:23 - 2014-10-29 11:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-10-29 11:22 - 2014-10-29 11:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Daniel2\Desktop\revosetup95.exe

2014-10-29 11:03 - 2014-10-29 11:04 - 00024983 _____ () C:\Users\Daniel2\Desktop\Addition.txt

2014-10-29 11:02 - 2014-10-29 11:04 - 00033025 _____ () C:\Users\Daniel2\Desktop\FRST.txt

2014-10-29 11:01 - 2014-11-02 18:54 - 00000000 ____D () C:\FRST

2014-10-29 11:01 - 2014-10-29 11:01 - 00000000 ____D () C:\Users\Daniel2\Desktop\Neuer Ordner (2)

2014-10-29 11:00 - 2014-10-29 11:00 - 01998336 _____ () C:\Users\Daniel2\Desktop\AdwCleaner_4.002.exe

2014-10-29 10:59 - 2014-10-29 10:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Daniel2\Desktop\mbam-setup-2.0.3.1025.exe

2014-10-29 10:53 - 2014-10-29 10:53 - 02113024 _____ (Farbar) C:\Users\Daniel2\Desktop\FRST64.exe

2014-10-24 12:55 - 2014-10-24 12:55 - 36254312 _____ () C:\Users\Daniel2\Downloads\Firefox_Setup_33.0.exe

2014-10-24 12:41 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-24 12:41 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-24 12:41 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-24 12:40 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-24 12:40 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-24 12:40 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-24 12:40 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-24 12:40 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-24 12:40 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-24 12:40 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-24 12:40 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-24 12:40 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-24 12:40 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-24 12:40 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-24 12:40 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-24 12:40 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-24 12:40 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-24 12:40 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-24 12:40 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-24 12:40 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-24 12:40 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-24 12:40 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-24 12:40 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-24 12:40 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-24 12:40 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-24 12:40 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-24 12:40 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-24 12:40 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-24 12:40 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-24 12:40 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-24 12:40 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-24 12:40 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-24 12:40 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-24 12:40 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-24 12:40 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-24 12:40 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-24 12:40 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-24 12:40 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-24 12:40 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-24 12:40 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-24 12:40 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-24 12:40 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-24 12:40 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-24 12:40 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-24 12:40 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-24 12:40 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-24 12:40 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-24 12:40 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-24 12:40 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-24 12:40 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-24 12:40 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-24 12:40 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-24 12:40 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-24 12:40 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-24 12:40 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-24 12:40 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-24 12:40 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-24 12:40 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-24 12:40 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-24 12:40 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-24 12:40 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-24 12:40 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-24 12:38 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-24 12:38 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-10-24 12:38 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-24 12:38 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-24 12:37 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-24 12:36 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-24 12:36 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-24 12:36 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-24 12:36 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-24 12:36 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-24 12:36 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-24 12:36 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-24 12:35 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-24 12:35 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-24 12:35 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-24 12:33 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-24 12:33 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-24 12:33 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-24 12:33 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-24 12:28 - 2014-10-24 12:28 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-10-24 12:28 - 2014-10-24 12:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-10-24 12:28 - 2014-10-24 12:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-10-24 12:28 - 2014-10-24 12:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-10-24 12:28 - 2014-10-24 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-24 12:11 - 2014-10-24 12:11 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-02 18:20 - 2013-09-14 17:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-02 16:52 - 2009-07-14 05:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-02 16:52 - 2009-07-14 05:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-02 16:49 - 2011-11-24 12:43 - 01517185 _____ () C:\Windows\WindowsUpdate.log

2014-11-02 16:42 - 2011-11-24 21:38 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2014-11-02 16:42 - 2011-11-24 21:38 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2014-11-02 16:42 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-02 16:34 - 2013-04-04 11:11 - 00016803 _____ () C:\Windows\setupact.log

2014-11-02 16:34 - 2012-04-26 15:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-11-02 16:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-31 10:03 - 2013-05-14 18:41 - 00159578 _____ () C:\Windows\PFRO.log

2014-10-30 10:41 - 2013-04-13 10:26 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client

2014-10-29 12:15 - 2013-07-18 17:40 - 00000680 __RSH () C:\Users\Daniel\ntuser.pol

2014-10-29 12:15 - 2011-11-24 12:51 - 00001421 _____ () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-10-29 12:15 - 2011-11-24 12:51 - 00000000 ____D () C:\Users\Daniel

2014-10-29 12:15 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-10-29 11:35 - 2012-02-04 12:32 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Malwarebytes

2014-10-29 11:35 - 2012-02-04 12:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-29 11:34 - 2012-02-04 12:32 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-24 13:24 - 2009-07-14 05:45 - 00408432 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-24 13:21 - 2014-07-20 09:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-24 13:15 - 2011-11-24 14:34 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-24 13:10 - 2013-07-19 17:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-24 13:01 - 2012-03-12 09:49 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-24 12:57 - 2011-11-24 14:08 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-10-24 12:57 - 2011-11-24 14:08 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-10-24 12:56 - 2014-07-20 09:19 - 00006461 _____ () C:\Windows\SecuniaPackage.log

2014-10-24 12:31 - 2013-09-14 17:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-24 12:31 - 2013-09-14 17:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-24 12:31 - 2013-09-14 17:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-10-24 12:28 - 2013-02-08 09:34 - 00000000 ____D () C:\Program Files\Java

2014-10-24 12:20 - 2014-07-20 09:20 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-10-24 12:11 - 2014-08-31 10:06 - 00000000 ____D () C:\ProgramData\Package Cache

2014-10-24 12:11 - 2013-03-26 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-10-24 12:10 - 2013-03-26 08:34 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-10-24 12:08 - 2013-05-07 17:21 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-10-24 12:08 - 2013-03-26 08:35 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-10-24 12:08 - 2013-03-26 08:35 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
 

Some content of TEMP:

====================

C:\Users\Daniel\AppData\Local\Temp\21063uninstall.exe

C:\Users\Daniel\AppData\Local\Temp\avgnt.exe

C:\Users\Daniel\AppData\Local\Temp\BackupSetup.exe

C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe

C:\Users\Daniel\AppData\Local\Temp\Sqlite3.dll

C:\Users\Daniel2\AppData\Local\Temp\AskSLib.dll

C:\Users\Daniel2\AppData\Local\Temp\avgnt.exe

C:\Users\Daniel2\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Daniel2\AppData\Local\Temp\drm_dyndata_7370012.dll

C:\Users\Daniel2\AppData\Local\Temp\drm_dyndata_7380014.dll

C:\Users\Daniel2\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Daniel2\AppData\Local\Temp\ubi230B.tmp.exe

C:\Users\Daniel2\AppData\Local\Temp\ubiB470.tmp.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-01-24 18:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014

Ran by Daniel at 2014-11-02 18:55:19

Running from C:\Users\Daniel\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

Adobe Flash Player 15 ActiveX (HKLM-x32\...\{BC8AC77D-6A6F-491F-BEED-2958F09C6CAE}) (Version: 15.0.0.189 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\{AF82C1A9-56DC-4CCD-A36C-CAE56D541DFA}) (Version: 15.0.0.189 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)

Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)

Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)

CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)

CEP - Color Enable Package (HKLM-x32\...\CEP - Colour Enable Packages_is1) (Version: 6.0b (beta) - Numenor, for ModTheSims2)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Commander: Conquest of the Americas (HKLM-x32\...\Commander_is1) (Version:  - TopWare Interactive)

CSS3 Menu (HKLM-x32\...\CSS3 Menu_is1) (Version:  - )

Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)

Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )

Die Sims 2: Family Fun - Accessoires (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )

Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )

Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )

Die Sims 2: Wilde Campus-Jahre (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version:  - )

Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)

Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)

Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)

Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )

Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )

Die Sims™ 2 IKEA® Home-Accessoires (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version:  - Electronic Arts)

Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )

Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )

Die Sims™ 2: Glamour-Accessoires (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )

DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)

FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)

Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION

Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)

Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)

InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)

Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)

Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)

Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)

NetBeans IDE 7.1.2 (HKLM-x32\...\nbi-nb-base-7.1.2.0.0) (Version: 7.1.2 - NetBeans.org)

NetBeans IDE 7.2 (HKLM\...\nbi-nb-base-7.2.0.0.201207301726) (Version: 7.2 - NetBeans.org)

Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Sims2Pack Clean Installer (HKLM-x32\...\Sims2Pack Clean Installer) (Version:  - )

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated)

Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )

Tomb Raider: Underworld 1.1 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-659169849-3009408344-782031156-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel2\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

07-08-2014 16:21:01 Windows Update

07-08-2014 17:51:55 Removed PriceSparrow

31-08-2014 09:08:56 Windows Update

31-08-2014 09:22:19 Windows Update

22-09-2014 11:20:38 Windows Update

22-09-2014 12:21:56 Windows Update

28-09-2014 12:08:48 Windows Update

28-09-2014 12:12:36 Windows Update

24-10-2014 11:34:06 Windows Update

24-10-2014 12:00:48 Windows Update

29-10-2014 09:53:23 Windows Update

29-10-2014 10:24:15 Revo Uninstaller's restore point - Ask Toolbar

29-10-2014 10:27:47 Revo Uninstaller's restore point - Avira SearchFree Toolbar plus Web Protection Updater
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {2DDA9EBF-7510-4EF8-A590-032436C69AAC} - System32\Tasks\{AC43F26D-E017-4481-AFE9-C5166FB71FC9} => C:\Users\Daniel2\Downloads\ElsterFormular-14.3.20130522p.exe

Task: {30CF6DF7-DCB2-4F17-8F60-FCF24AB4A109} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24] (Adobe Systems Incorporated)

Task: {C1B3891D-6FA0-4809-8468-2EDF762D6593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)

Task: {F86261EC-62FC-4EB5-9E03-966A261A1DD6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-10-24 19:31 - 2014-10-24 19:31 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9419a7c2030ade01725f8fd9344e218d\IsdiInterop.ni.dll

2011-11-24 13:33 - 2010-06-08 10:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-659169849-3009408344-782031156-500 - Administrator - Disabled)

Daniel (S-1-5-21-659169849-3009408344-782031156-1000 - Administrator - Enabled) => C:\Users\Daniel

Daniel2 (S-1-5-21-659169849-3009408344-782031156-1001 - Limited - Enabled) => C:\Users\Daniel2

Gast (S-1-5-21-659169849-3009408344-782031156-501 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (11/02/2014 06:46:29 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (11/02/2014 04:46:58 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (11/02/2014 04:46:51 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (11/02/2014 04:46:46 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (11/02/2014 04:46:42 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (11/02/2014 04:46:35 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (11/02/2014 04:36:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (11/02/2014 04:41:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (11/02/2014 04:41:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.
 

Error: (11/02/2014 04:36:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1070
 

Error: (11/02/2014 04:36:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.
 

Error: (10/31/2014 10:39:48 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 

Microsoft Office Sessions:

=========================

Error: (11/02/2014 06:46:29 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 

Error: (11/02/2014 04:46:58 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Daniel\Desktop\esetsmartinstaller_deu.exe
 

Error: (11/02/2014 04:46:51 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Daniel\Desktop\esetsmartinstaller_deu.exe
 

Error: (11/02/2014 04:46:46 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Daniel\Desktop\esetsmartinstaller_deu.exe
 

Error: (11/02/2014 04:46:42 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Daniel\Desktop\esetsmartinstaller_deu.exe
 

Error: (11/02/2014 04:46:35 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Daniel\Downloads\esetsmartinstaller_deu.exe
 

Error: (11/02/2014 04:36:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz

Percentage of memory in use: 53%

Total physical RAM: 2934.68 MB

Available physical RAM: 1378.84 MB

Total Pagefile: 5867.55 MB

Available Pagefile: 3822.95 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:297.99 GB) (Free:192.2 GB) NTFS

Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:232.88 GB) (Free:155.45 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7C12E647)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 232.9 GB) (Disk ID: 1200EC56)

Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Danke dir für deine Hilfe.

Gruß
DK85B

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.