Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Der Windows-Sicherheitscenterdienst kann nicht geöffnet werden (https://www.trojaner-board.de/160919-windows-7-windows-sicherheitscenterdienst-geoeffnet.html)

philiboy96 19.11.2014 02:04
Windows 7: Der Windows-Sicherheitscenterdienst kann nicht geöffnet werden
 
Hallo,
ich habe warum auch immer lange Zeit ohne Viren-Programm gesurft. Auf einmal haben sich vielfach Fenster geöffnet die iwelche Adobe-Programme öffnen oder Speichern wollten, zudem ist das System sehr verlangsamt. Ich habe Avira Free heruntergeladen und es wurde vielfach, ca 44x Malware gefunden. Sie wurden in Quarantäne gebracht und ich trottel habe sie aus der Quarantäne gelöscht ohne Nachzudenken. Es war iwie ein "Dropper" und "kewaet".
Ich kann jedenfalls nicht mehr das Wartungscenter aufrufen. Es erscheint immer die o.g Nachricht. Also iwas ist hier im Busche. Ich habe mal OTL laufen lassen im Vollscan, hier der Log:

3,68 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 36,71% Memory free
7,35 Gb Paging File | 4,87 Gb Available in Paging File | 66,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,16 Gb Total Space | 303,67 Gb Free Space | 67,16% Space Free | Partition Type: NTFS

Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.11.19 01:42:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\Downloads\otl.exe
PRC - [2014.11.06 00:57:04 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014.10.23 14:02:28 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014.10.23 14:01:58 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.10.23 14:01:56 | 000,703,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.10.22 15:16:42 | 000,124,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014.10.22 15:16:38 | 000,164,656 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014.10.05 11:49:12 | 001,514,040 | ---- | M] (Spotify Ltd) -- C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014.09.04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.24 18:03:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011.08.24 18:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011.07.01 03:51:12 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.07.01 03:51:10 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.04.24 02:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011.04.24 02:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.09.16 02:13:16 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.09.16 02:13:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2014.11.06 00:57:02 | 014,910,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\PepperFlash\pepflashplayer.dll
MOD - [2014.11.06 00:57:01 | 008,911,176 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\pdf.dll
MOD - [2014.11.06 00:56:57 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\libglesv2.dll
MOD - [2014.11.06 00:56:55 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\libegl.dll
MOD - [2014.11.06 00:56:54 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\ffmpegsumo.dll
MOD - [2014.10.15 21:50:42 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll
MOD - [2014.10.15 21:50:04 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014.10.15 21:49:43 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014.10.15 21:49:01 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014.10.15 21:49:00 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\4df6733efc348c009a4a6e0adccc42a6\PresentationFramework-SystemData.ni.dll
MOD - [2014.10.15 16:58:37 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014.10.15 16:58:22 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014.10.15 16:58:16 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014.10.15 16:58:14 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014.10.15 16:58:12 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014.10.15 16:58:10 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014.10.15 16:58:09 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\5e84979fadb7eb63caedea9f4acefcc9\System.Data.Linq.ni.dll
MOD - [2014.10.15 16:58:08 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014.10.15 16:58:05 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014.10.15 16:58:05 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014.10.15 16:58:04 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014.10.15 16:58:04 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014.10.15 16:58:03 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014.10.15 16:58:00 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014.10.15 16:57:59 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014.10.15 16:57:58 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll
MOD - [2014.10.15 16:57:57 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014.02.28 16:34:22 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014.02.26 17:56:12 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\92e9bacef49552a4485fbb7523782133\CustomMarshalers.ni.dll
MOD - [2014.02.26 17:56:12 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014.02.26 17:56:11 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2011.08.24 18:03:42 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.08.24 18:03:42 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011.04.24 02:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014.11.06 04:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.11.14 00:20:46 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.10.23 14:02:28 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.10.23 14:01:58 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.10.22 15:16:38 | 000,164,656 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014.09.04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.04.03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.01.12 04:12:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.07.01 03:51:10 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.04.24 02:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.16 02:13:16 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.09.16 02:13:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.10.23 14:02:01 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2014.10.23 14:02:00 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014.10.23 14:01:57 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.08.03 14:06:00 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013.06.04 08:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.02.06 06:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.20 11:02:56 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011.09.20 11:02:56 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011.08.09 01:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.14 06:35:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.14 06:35:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.02 04:37:32 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.28 04:44:46 | 001,417,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.23 03:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.03.04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.12.01 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:48 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.02.26 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:22 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:06 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:56 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:34 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:30 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:24 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:32:00 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=U220DHP&pc=U220
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel-online.de"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: google.button%40mali37.net:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\cliqz@cliqz.com: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\extensions\cliqz@cliqz.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2014.11.18 02:02:49 | 000,000,000 | ---D | M]

[2013.06.12 19:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2014.11.18 15:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\z1tl3nmr.default\extensions
[2014.10.20 18:51:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\z1tl3nmr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014.11.18 02:03:23 | 000,000,000 | ---D | M] ("Download videos and MP3s from YouTube") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\z1tl3nmr.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}
[2014.11.14 00:02:07 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\z1tl3nmr.default\extensions\abs@avira.com
[2014.08.15 20:43:15 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\z1tl3nmr.default\extensions\adblockpopups@jessehakanen.net.xpi
[2014.11.16 20:30:39 | 000,898,063 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\z1tl3nmr.default\extensions\cliqz@cliqz.com.xpi
[2014.11.18 15:18:25 | 000,004,282 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\z1tl3nmr.default\extensions\google.button@mali37.net.xpi
[2014.11.12 22:02:43 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\z1tl3nmr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.10.18 00:26:12 | 000,006,057 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\z1tl3nmr.default\searchplugins\bingp.xml
[2014.10.01 20:44:28 | 000,000,663 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\z1tl3nmr.default\searchplugins\google-images.xml
[2014.10.01 20:44:28 | 000,002,307 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\z1tl3nmr.default\searchplugins\google-maps.xml

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid\4.2.781_0\
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.1_0\
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 22:00:28 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Flagfox) - {BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24} - C:\Users\Philipp\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKCU..\Run: [RSA3267033204] C:\Users\Philipp\AppData\Roaming\Microsoft\Crypto\RSA\RSA3267033204.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE605665-3965-42A0-8020-B66A15EC80F6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1c380f9b-719f-11e1-992c-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{1c380f9b-719f-11e1-992c-e840f22375b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1c380f9f-719f-11e1-992c-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{1c380f9f-719f-11e1-992c-e840f22375b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1c380fbe-719f-11e1-992c-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{1c380fbe-719f-11e1-992c-e840f22375b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a7cd3ee-5fd6-11e2-be02-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7cd3ee-5fd6-11e2-be02-e840f22375b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{51f59b13-a6c7-11e3-8b78-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{51f59b13-a6c7-11e3-8b78-e840f22375b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7cba5eab-b4d1-11e3-8a49-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{7cba5eab-b4d1-11e3-8a49-e840f22375b9}\Shell\AutoRun\command - "" = E:\LG_PC_Programs.exe
O33 - MountPoints2\{7dbede42-7428-11e1-9730-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{7dbede42-7428-11e1-9730-e840f22375b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a2758cfb-74de-11e1-be30-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{a2758cfb-74de-11e1-be30-e840f22375b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f099ba78-d5bc-11e1-bfff-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{f099ba78-d5bc-11e1-bfff-e840f22375b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f099ba7d-d5bc-11e1-bfff-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{f099ba7d-d5bc-11e1-bfff-e840f22375b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f099ba8c-d5bc-11e1-bfff-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{f099ba8c-d5bc-11e1-bfff-e840f22375b9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f099babd-d5bc-11e1-bfff-e840f22375b9}\Shell - "" = AutoRun
O33 - MountPoints2\{f099babd-d5bc-11e1-bfff-e840f22375b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.11.19 01:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014.11.19 01:30:04 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014.11.19 01:30:02 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Dropbox
[2014.11.19 01:26:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.11.19 01:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014.11.18 22:23:19 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\AVG
[2014.11.18 22:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014.11.18 22:23:03 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Avg
[2014.11.18 22:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014.11.18 22:17:26 | 000,043,064 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.11.18 15:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014.11.18 02:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Codec Pack
[2014.11.18 02:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2014.11.13 23:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.11.13 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Avira
[2014.11.13 23:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014.11.13 23:36:43 | 000,131,608 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.11.13 23:36:43 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.11.13 23:36:42 | 000,119,272 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.11.13 23:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014.11.13 23:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014.11.13 23:17:02 | 000,000,000 | -HSD | C] -- C:\Users\Philipp\AppData\Local\EmieBrowserModeList
[2014.11.12 23:05:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.11.12 23:05:00 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.11.12 23:05:00 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.11.12 23:05:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.11.12 23:05:00 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.11.12 23:05:00 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.11.12 23:05:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.11.12 23:04:59 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.11.12 23:04:59 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.11.12 23:04:58 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.11.12 23:04:58 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.11.12 23:04:57 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.11.12 23:04:56 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.11.12 23:04:56 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.11.12 23:04:56 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.11.12 23:04:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.11.12 23:04:56 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.11.12 23:04:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.11.12 23:04:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.11.12 23:04:55 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.11.12 23:04:55 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.11.12 23:04:54 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.11.12 23:04:53 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.11.12 23:04:53 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.11.12 23:04:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.11.12 23:04:53 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.11.12 23:04:52 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.11.12 23:04:52 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.11.12 23:04:51 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.11.12 23:04:51 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.11.12 23:04:51 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.11.12 23:04:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.11.12 23:04:50 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.11.12 23:04:50 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.11.12 23:04:50 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.11.12 22:52:34 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.11.12 22:52:34 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014.11.12 22:52:34 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.11.12 22:52:29 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014.11.12 22:52:29 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014.11.12 22:52:29 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014.11.12 22:52:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014.11.12 22:52:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014.11.12 22:47:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.11.12 22:47:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.11.12 22:47:33 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014.11.12 22:47:33 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014.11.12 22:47:32 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014.11.12 22:47:32 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014.11.12 22:47:32 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014.11.12 22:47:32 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014.11.12 22:47:32 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014.11.12 22:47:30 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014.11.12 22:47:23 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014.11.12 22:47:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014.11.12 22:47:19 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014.11.12 22:47:17 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014.11.12 00:38:35 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Ahpirox
[2014.11.11 23:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2 C:\Users\Philipp\Desktop\*.tmp files -> C:\Users\Philipp\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.11.19 01:36:05 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.11.19 01:31:53 | 000,000,299 | ---- | M] () -- C:\Windows\wininit.ini
[2014.11.19 01:29:27 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014.11.19 01:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.11.19 00:30:52 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.11.19 00:30:52 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.11.19 00:19:41 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.11.19 00:19:36 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014.11.19 00:19:35 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\LERSTNC.job
[2014.11.19 00:19:23 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2014.11.19 00:19:21 | 2960,805,888 | -HS- | M] () -- C:\hiberfil.sys
[2014.11.18 22:16:50 | 000,043,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.11.18 15:32:29 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.11.18 02:05:58 | 006,918,895 | ---- | M] () -- C:\Users\Philipp\Desktop\Ramsi Aliani - An meiner Seite.mp3
[2014.11.18 02:05:43 | 007,384,502 | ---- | M] () -- C:\Users\Philipp\Desktop\Adesse feat. Olson - Eine Minute (Live-Version).mp3
[2014.11.18 02:05:18 | 007,030,908 | ---- | M] () -- C:\Users\Philipp\Desktop\Adesse - Feuer (Live-Version).mp3
[2014.11.18 02:03:10 | 000,001,404 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2014.11.18 02:03:10 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2014.11.18 00:51:14 | 000,005,632 | ---- | M] () -- C:\graph.grf
[2014.11.14 23:00:39 | 012,303,630 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.11.14 23:00:39 | 004,190,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.11.14 23:00:39 | 003,899,744 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.11.14 23:00:39 | 003,508,360 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.11.14 23:00:39 | 000,006,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.11.14 00:20:45 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.11.14 00:20:45 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.11.13 23:49:49 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2014.11.13 23:14:29 | 000,409,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.11.06 05:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.11.06 04:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.11.06 04:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.11.06 04:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.11.06 04:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.11.06 04:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.11.06 04:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.11.06 04:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.11.06 04:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.11.06 04:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.11.06 04:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.11.06 04:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.11.06 04:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.11.06 04:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.11.06 04:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.11.06 04:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.11.06 04:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.11.06 04:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.11.06 04:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.11.06 04:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.11.06 04:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.11.06 03:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.11.06 03:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.11.06 03:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.11.06 03:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.11.06 03:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.11.06 03:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.11.06 03:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.11.06 03:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.11.06 03:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.11.06 03:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.11.06 03:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.11.06 03:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.11.06 02:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.11.06 02:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.11.05 18:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014.11.05 18:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.11.05 18:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.10.25 02:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014.10.25 02:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014.10.23 14:02:01 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.10.23 14:02:00 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.10.23 14:01:57 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2 C:\Users\Philipp\Desktop\*.tmp files -> C:\Users\Philipp\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.11.18 15:32:29 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.11.18 15:31:46 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.11.18 15:31:46 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.11.18 02:05:46 | 006,918,895 | ---- | C] () -- C:\Users\Philipp\Desktop\Ramsi Aliani - An meiner Seite.mp3
[2014.11.18 02:05:30 | 007,384,502 | ---- | C] () -- C:\Users\Philipp\Desktop\Adesse feat. Olson - Eine Minute (Live-Version).mp3
[2014.11.18 02:05:04 | 007,030,908 | ---- | C] () -- C:\Users\Philipp\Desktop\Adesse - Feuer (Live-Version).mp3
[2014.11.18 02:03:10 | 000,001,404 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2014.11.18 02:03:10 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2014.11.13 23:49:49 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2014.09.30 15:12:41 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2014.07.31 23:09:47 | 000,000,206 | ---- | C] () -- C:\Users\Philipp\SecurityKISSTunnel.config
[2014.07.22 16:38:36 | 000,002,609 | ---- | C] () -- C:\Users\Philipp\AppData\Local\recently-used.xbel
[2014.05.21 20:37:01 | 000,000,001 | R--- | C] () -- C:\Users\Philipp\serverport
[2014.02.05 14:41:42 | 000,000,153 | ---- | C] () -- C:\Windows\sapgrph.ini
[2014.01.12 21:20:15 | 000,135,168 | RHS- | C] () -- C:\Windows\SysWow64\winrssrvv.dll
[2013.11.20 23:07:09 | 000,000,059 | ---- | C] () -- C:\Windows\saproute.ini
[2013.06.12 19:32:20 | 000,000,299 | ---- | C] () -- C:\Windows\wininit.ini
[2012.08.07 10:59:31 | 000,006,656 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009.07.14 05:55:02 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< >

< :Commands >

< [purity] >

< [resethosts] >

< End of report >
________________________
Vielleicht kann mir jemand helfen:-)

Besten Dank :dankeschoen:

cosinus 19.11.2014 02:07
Hallo und :hallo:

Zitat:
ich habe warum auch immer lange Zeit ohne Viren-Programm gesurft.
Wenn du dir mal die Threads hier anschauen würdest, eigentlich alle Hilfesuchenden mit Virenbefall hatten einen Virenscanner am laufen. Was sagt dir das?


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

philiboy96 19.11.2014 02:11
Das die kacke am Dampfen ist. Finde bei Avira keine Logs... Starte nun mal das von dir empfohlene...

cosinus 19.11.2014 02:12
Lies doch bitte mal alles => http://www.trojaner-board.de/125889-...tml#post941520

philiboy96 19.11.2014 02:51
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Philipp (administrator) on PHILIPP-PC on 19-11-2014 02:13:21
Running from C:\Users\Philipp\Desktop\Downloads
Loaded Profile: Philipp (Available profiles: Philipp)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Spotify Ltd) C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\Run: [RSA3267033204] => C:\Windows\system32\rundll32.exe "C:\Users\Philipp\AppData\Roaming\Microsoft\Crypto\RSA\RSA3267033204.dll",DllInitialize <===== ATTENTION
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {1c380f9b-719f-11e1-992c-e840f22375b9} - E:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {1c380f9f-719f-11e1-992c-e840f22375b9} - E:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {1c380fbe-719f-11e1-992c-e840f22375b9} - E:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {2a7cd3ee-5fd6-11e2-be02-e840f22375b9} - E:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {51f59b13-a6c7-11e3-8b78-e840f22375b9} - E:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {7cba5eab-b4d1-11e3-8a49-e840f22375b9} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {7dbede42-7428-11e1-9730-e840f22375b9} - E:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {a2758cfb-74de-11e1-be30-e840f22375b9} - E:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {f099ba78-d5bc-11e1-bfff-e840f22375b9} - E:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {f099ba7d-d5bc-11e1-bfff-e840f22375b9} - E:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {f099ba8c-d5bc-11e1-bfff-e840f22375b9} - F:\AutoRun.exe
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\MountPoints2: {f099babd-d5bc-11e1-bfff-e840f22375b9} - E:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKU\S-1-5-21-1658154791-1668127106-4246982286-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1658154791-1668127106-4246982286-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Flagfox -> {BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24} -> C:\Users\Philipp\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.spiegel-online.de
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1658154791-1668127106-4246982286-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\user.js
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\abs@avira.com [2014-11-14]
FF Extension: Yahoo! Toolbar - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-20]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-18]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-08-15]
FF Extension: Cliqz Beta - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\cliqz@cliqz.com.xpi [2014-10-01]
FF Extension: Google Button for Firefox with dropdown menu for the most important Google services - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\google.button@mali37.net.xpi [2014-11-18]
FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://n24.de/
CHR StartupUrls: Default -> "hxxp://n24.de/"
CHR Profile: C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-18]
CHR Extension: (Google Docs) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-18]
CHR Extension: (Google Drive) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-18]
CHR Extension: (YouTube) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-18]
CHR Extension: (Flagfox) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid [2014-11-18]
CHR Extension: (Google-Suche) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-18]
CHR Extension: (Google Tabellen) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-18]
CHR Extension: (Avira Browser Safety) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-18]
CHR Extension: (Google Wallet) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-18]
CHR Extension: (Google Mail) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-18]
CHR HKLM-x32\...\Chrome\Extension: [cfdfamfnacokbbbnmpdfmhonipnhmbid] - C:\Users\Philipp\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx [2013-04-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 02:12 - 2014-11-19 02:13 - 00000000 ____D () C:\FRST
2014-11-19 01:30 - 2014-11-19 01:30 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox
2014-11-19 01:30 - 2014-11-19 01:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-19 01:15 - 2014-11-19 01:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-19 00:37 - 2014-11-19 00:37 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2014-11-18 22:23 - 2014-11-18 22:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\AVG
2014-11-18 22:23 - 2014-11-18 22:23 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Avg
2014-11-18 22:23 - 2014-11-18 22:23 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-18 22:22 - 2014-11-18 22:24 - 00000000 ____D () C:\ProgramData\AVG
2014-11-18 22:17 - 2014-11-18 22:16 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-11-18 15:32 - 2014-11-18 15:32 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-18 15:32 - 2014-11-18 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-18 15:31 - 2014-11-19 01:36 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 15:31 - 2014-11-19 00:19 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 15:31 - 2014-11-18 15:31 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 15:31 - 2014-11-18 15:31 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-18 11:04 - 2014-11-18 16:35 - 00002588 _____ () C:\Windows\PFRO.log
2014-11-18 02:03 - 2014-11-18 02:03 - 00001404 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-11-18 02:03 - 2014-11-18 02:03 - 00001207 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-11-18 02:02 - 2014-11-18 02:02 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2014-11-15 18:46 - 2014-11-19 00:19 - 00000560 _____ () C:\Windows\setupact.log
2014-11-15 18:46 - 2014-11-15 18:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-13 23:56 - 2014-11-14 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-13 23:55 - 2014-11-13 23:55 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Avira
2014-11-13 23:49 - 2014-11-14 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-13 23:49 - 2014-11-13 23:49 - 00002074 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-13 23:36 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-13 23:36 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-13 23:36 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-13 23:31 - 2014-11-14 17:21 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-13 23:31 - 2014-11-13 23:59 - 00000000 ____D () C:\ProgramData\Avira
2014-11-13 23:17 - 2014-11-13 23:17 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieBrowserModeList
2014-11-12 23:05 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 23:05 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 23:05 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 23:05 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 23:05 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 23:05 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 23:05 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 23:05 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 23:05 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 23:05 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 23:04 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 23:04 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 23:04 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 23:04 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 23:04 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 23:04 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 23:04 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 23:04 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 23:04 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 23:04 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 23:04 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 23:04 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 23:04 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 23:04 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 23:04 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 23:04 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 23:04 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 23:04 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 23:04 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 23:04 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 23:04 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 23:04 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 23:04 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 23:04 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 23:04 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 23:04 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 23:04 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 23:04 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 23:04 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 23:04 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 23:04 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 23:04 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 23:04 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 23:04 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 23:04 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 23:04 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 23:04 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 23:04 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 23:04 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 23:04 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 23:04 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 23:04 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 23:04 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 23:04 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 23:04 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 23:04 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 22:52 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 22:52 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 22:52 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 22:52 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 22:52 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 22:52 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 22:52 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 22:52 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 22:52 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 22:52 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 22:52 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 22:52 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 22:47 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 22:47 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 22:47 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 22:47 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 22:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 22:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 22:47 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 22:47 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 22:47 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 22:47 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 22:47 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 22:47 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 22:47 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 22:47 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 22:47 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 22:47 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 22:47 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 22:47 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 22:47 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 22:47 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 22:47 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 00:38 - 2014-11-14 00:14 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Ahpirox
2014-11-11 23:58 - 2014-11-11 23:58 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 02:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-11-19 01:31 - 2013-06-12 19:32 - 00000299 _____ () C:\Windows\wininit.ini
2014-11-19 01:29 - 2014-05-27 10:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-19 01:29 - 2014-05-27 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-19 01:28 - 2013-07-02 23:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-19 01:26 - 2011-10-27 13:10 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-19 01:20 - 2013-03-21 22:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 01:05 - 2012-01-12 04:04 - 01423423 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 00:37 - 2014-07-22 16:29 - 00000000 ____D () C:\Users\Philipp\.thumbnails
2014-11-19 00:37 - 2013-11-18 11:48 - 00000000 ____D () C:\Users\Philipp\Desktop\Bruno
2014-11-19 00:37 - 2013-11-08 16:15 - 00000000 ____D () C:\Users\Philipp\Desktop\Master IIM IW
2014-11-19 00:37 - 2013-07-17 10:30 - 00000000 ___RD () C:\Users\Philipp\Desktop\Programme
2014-11-19 00:37 - 2012-06-10 13:13 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Microsoft Help
2014-11-19 00:37 - 2012-04-20 11:40 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Skype
2014-11-19 00:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-11-19 00:30 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 00:30 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 00:21 - 2012-03-18 02:43 - 00000000 ____D () C:\ProgramData\clear.fi
2014-11-19 00:19 - 2014-01-12 21:20 - 00000316 _____ () C:\Windows\Tasks\LERSTNC.job
2014-11-19 00:19 - 2013-07-25 21:14 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-19 00:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 17:13 - 2013-04-09 21:49 - 00000000 ____D () C:\Users\Philipp\AppData\Local\CrashDumps
2014-11-18 15:32 - 2013-05-17 00:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-18 15:32 - 2012-03-17 12:05 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Google
2014-11-18 15:31 - 2012-03-17 12:04 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Deployment
2014-11-18 02:03 - 2014-01-18 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-18 02:03 - 2012-06-10 13:54 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-11-18 02:02 - 2012-06-10 13:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\DVDVideoSoft
2014-11-18 00:51 - 2013-05-25 13:30 - 00005632 _____ () C:\graph.grf
2014-11-18 00:49 - 2012-05-03 14:23 - 00000000 ____D () C:\Users\Philipp\Desktop\IIM
2014-11-17 17:11 - 2014-07-29 15:35 - 00000000 ____D () C:\Users\Philipp\Desktop\VFV-Bilder Fußball
2014-11-15 23:26 - 2012-03-21 15:16 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Spotify
2014-11-15 22:33 - 2012-03-21 15:28 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Spotify
2014-11-15 22:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 01:10 - 2012-12-05 10:00 - 00000000 ____D () C:\Windows\Minidump
2014-11-14 23:00 - 2012-01-12 12:53 - 12303630 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 23:00 - 2012-01-12 12:53 - 03899744 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 23:00 - 2009-07-14 06:13 - 00006512 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 21:03 - 2012-10-16 00:25 - 00000000 ____D () C:\Users\Philipp\Desktop\Musik
2014-11-14 00:50 - 2012-04-04 11:24 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-11-14 00:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-14 00:49 - 2012-04-04 11:25 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\SoftGrid Client
2014-11-14 00:49 - 2012-01-12 04:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-14 00:48 - 2014-03-08 14:48 - 00000000 ____D () C:\ProgramData\DatacardService
2014-11-14 00:44 - 2014-07-31 23:09 - 00000000 ____D () C:\Program Files\SecurityKISS Tunnel
2014-11-14 00:33 - 2013-11-27 00:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-14 00:33 - 2012-03-17 13:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-14 00:21 - 2013-03-21 22:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-14 00:20 - 2013-03-21 22:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-14 00:20 - 2011-10-27 13:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-13 23:28 - 2012-03-17 11:57 - 00111704 _____ () C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 23:14 - 2009-07-14 05:45 - 00409976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 23:12 - 2014-05-06 22:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 02:40 - 2012-06-10 13:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 02:35 - 2013-03-15 13:12 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 00:21 - 2013-11-14 13:11 - 00000000 ____D () C:\Program Files (x86)\SAP
2014-11-12 17:15 - 2013-11-04 15:04 - 00000000 ____D () C:\Users\Philipp\AppData\Local\TSVNCache
2014-11-07 13:29 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Philipp\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Philipp\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Philipp\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Philipp\AppData\Local\Temp\TUUUninstallHelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 22:08

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Philipp at 2014-11-19 02:14:09
Running from C:\Users\Philipp\Desktop\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3GP Media Player 1.0.1 (HKLM-x32\...\3GP Media Player_is1) (Version:  - vsevensoft.com)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 8 v.8.4.0 (HKLM-x32\...\Ashampoo Photo Commander 8_is1) (Version: 8.4.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CBL Daten-Shredder (HKLM-x32\...\{560E96B3-356D-4572-9FE3-B44F9AB92622}) (Version: 1.0.0 - CBL Datenrettung GmbH)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogaléria (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotogràfica (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.122 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{54B0845F-5540-4492-9939-CD8880ABABF0}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
ODT Viewer version 1.0 (HKLM-x32\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 4.2.0.1 - ASCOMP Software GmbH)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1A3DBF-CA98-4F5D-BD46-90BF1D93A652} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {0EC79D67-81D0-44D1-9120-DC1A7C3C9D9C} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {134BF376-0697-442C-BD60-F624198855AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
Task: {15DED422-52E4-4583-8B67-2615AEB7047F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {19683853-5D39-4F92-9F53-746B61743C1E} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe
Task: {2BDAAC91-1D83-4426-A2F9-4873AC9F50B1} - System32\Tasks\{41911B14-D3A2-489D-8A25-DAEBFB8E8C2C} => C:\Program Files (x86)\EA GAMES\MOHAA\eReg\Medal of Honor Allied Assault_eReg.exe
Task: {46CA188C-65CE-445A-BD0C-C66DA054753C} - System32\Tasks\LERSTNC => Rundll32.exe "C:\Windows\SysWOW64\winrssrvv.dll",DUYDBYKB
Task: {4E3955B2-02E8-4419-A879-B37A4BF4F7AC} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {5804D741-353F-4517-A0BC-CDF888B5723C} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {5D463131-87EE-4AC3-95DD-2D5DF391E8BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
Task: {64D3560C-13B6-4204-9942-E9DD27A4413F} - System32\Tasks\{4EF1F030-0E36-42A8-94C9-BE41AAE0C320} => C:\Program Files (x86)\EA GAMES\MOHAA\MOHAA.exe
Task: {6D7473A7-76BD-4ABD-8184-A948D80395F5} - System32\Tasks\{BB0FFD67-0D4C-4778-89A1-404548616AE5} => C:\Program Files (x86)\EA GAMES\MOHAA\MOHAA.exe
Task: {7B959B97-4B6F-4774-A03D-5C86B6FA19F1} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {98E94D04-309E-4F59-8238-797781884AE9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E668BA9-350C-48BC-AB89-D45EFC787321} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe
Task: {AD29B219-CA6B-4B14-A929-CE911FCBC3E3} - System32\Tasks\{B0BD27D6-7D96-4D24-AAC4-26BF00207074} => C:\Program Files (x86)\EA GAMES\MOHAA\MOHAA.exe
Task: {C2463ED7-F0E9-4D87-8977-2029CC559F37} - System32\Tasks\{AB2A0DBD-AC96-4571-96BB-10D4039A18BC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?page=tsProgressBar
Task: {E2696059-62A9-4137-90E5-91040E4D77A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-14] (Adobe Systems Incorporated)
Task: {E3B9A6AA-A8EC-4D5B-BCB8-4C31A942539B} - System32\Tasks\{E3A2AA61-0E24-4080-825A-0B4590686815} => C:\Program Files (x86)\EA GAMES\MOHAA\MOHAA.exe
Task: {E917CC71-6AD7-4AFD-AD9F-F4003AD2440F} - System32\Tasks\{B77B57C3-5AAB-40CF-B217-A67C113290FE} => C:\Program Files (x86)\EA GAMES\MOHAA\MOHAA.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LERSTNC.job => C:\Windows\SysWOW64\winrssrvv.dll

==================== Loaded Modules (whitelisted) =============

2011-10-27 13:06 - 2011-08-09 00:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-11-18 15:32 - 2014-11-06 00:56 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\libglesv2.dll
2014-11-18 15:32 - 2014-11-06 00:56 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\libegl.dll
2014-11-18 15:32 - 2014-11-06 00:57 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\pdf.dll
2014-11-18 15:32 - 2014-11-06 00:56 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\ffmpegsumo.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Spotify => "C:\Users\Philipp\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1658154791-1668127106-4246982286-500 - Administrator - Disabled)
Gast (S-1-5-21-1658154791-1668127106-4246982286-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1658154791-1668127106-4246982286-1002 - Limited - Enabled)
Philipp (S-1-5-21-1658154791-1668127106-4246982286-1000 - Administrator - Enabled) => C:\Users\Philipp

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2014 01:15:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/19/2014 01:15:38 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/19/2014 00:19:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 05:12:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.17420, Zeitstempel: 0x545ae63c
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0014d2bc
ID des fehlerhaften Prozesses: 0x330
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3

Error: (11/18/2014 04:35:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 02:11:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000dbf1
ID des fehlerhaften Prozesses: 0x11ec
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3

Error: (11/18/2014 02:09:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 11:05:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 10:34:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 04:11:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/19/2014 01:05:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1079

Error: (11/19/2014 00:38:03 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (11/19/2014 00:25:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (11/18/2014 09:36:56 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/18/2014 09:13:49 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/18/2014 07:58:40 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/18/2014 07:18:36 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (11/18/2014 06:22:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/18/2014 01:29:44 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/18/2014 00:34:47 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 72%
Total physical RAM: 3764.86 MB
Available physical RAM: 1024.19 MB
Total Pagefile: 7527.9 MB
Available Pagefile: 4626.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.16 GB) (Free:303.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6BD4400C)
Partition 1: (Not Active) - (Size=13.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Ja, habe ich gelesen, werde ich durchführen

Hier die Avira:
Code:
Exportierte Ereignisse:

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Content.IE5\CUQLO0CH\installer_adobe_flash_player_German[1].exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0f5cbd45.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Content.IE5\HXX8L0YL\i47iklxv8e[1].htm'
      enthielt einen Virus oder unerwünschtes Programm 'JS/Axpergle.AH.20' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6e389c20.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Content.IE5\T11MQHRI\4dio2ok19a[1].htm'
      enthielt einen Virus oder unerwünschtes Programm 'JS/Axpergle.AH.12' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3b4eda44.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Suche
      Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
      Anzahl Dateien:        802733
      Anzahl Verzeichnisse:        37244
      Anzahl Malware:        375
      Anzahl Warnungen:        335

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\Windows Genuine
      Advantage\{0B12586D-1DAA-4905-8B23-6D582449429F}\msiexec.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Inject.xbbeidm' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0f318b74.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\Windows Genuine
      Advantage\{6F8D0A5C-2391-4CC1-82DF-33A1EF2AEB58}\api-ms-win-system-secproc-l1-1-
      0.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.93533'
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6ae6ffd0.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\27e454d1-7d5
      e2a4b'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Dldr.Obfshlp.JC' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3bf58561.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3de4bc12-788
      80162'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.kst.19' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '726fa0b5.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\1b14cd00-2b7e
      80c2'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.sgf.27' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1b60dec6.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\2a201e90-275
      3718a'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.SFE.28' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '603d8d66.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7191b4c-2792
      a5fc'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.TRL.9' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7378a483.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\6f45facd-4e0
      5b847'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.SAP.46' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '510ff320.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\50762fcf-1c3
      1c77e'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-1493.A.532'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0684815e.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\5437932e-584
      cca3c'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-2423.HV'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '510ab631.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\40d20b70-390
      fbd7b'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-1493.A.293'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5f4186ea.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ec2d345-1f61
      4c19'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.hfx.21' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2ef9bfb4.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\52241628-6ed
      84fe1'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.nsz.34' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4566d2b3.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\17fea82d-445
      77499'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.SAP.46' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1d7bcbdd.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7c4fe9ad-4aa
      8fb5d'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-2423.HG'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1422cfa2.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\2eab875-253a
      bcda'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-1493.A.293'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0a81c703.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3c6641b6-3ec
      2086f'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.TRL.9' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4664eb4f.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3c6641b6-775
      5b77f'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.TRL.9' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '397fd92e.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ec2d345-6c9e
      cc14'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.hfx.21' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '42a59384.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6d2ebf2-2e88
      a5a9'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-1493.A.524'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5b92a819.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\6c62ee74-773
      2f3eb'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/JAVA.Rafold.V.Gen'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '76c48755.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2131a4da-3c1
      df77a'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.kst.19' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3e739cb8.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4ae5c39b-2ae
      60de9'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-1493.QT'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6b5998a3.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\a95981c-534c
      24f5'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.wzf.8' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1525945c.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\c0bf393-3e52
      301b'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.rsg.24' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e34b448.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5fed0c56-65d
      aab1e'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.dsc.7' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2feaf94c.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bd06a17-180
      f9126'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.SAP.1' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '33b4ed41.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\2f239f25-3a6
      30278'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-2423.A.407'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3462e002.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\265586a6-32b
      ff214'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.rsg.24' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5761cba1.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\625863a7-32e
      63b7b'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.SAP.1' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '699fab7f.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1347cde-5ca2
      dc87'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-2423.HV'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2a75f013.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\25435de1-32e
      ac118'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.SAP.46' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2030db6b.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5d8d75a3-70a
      255b9'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-2423.HP'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '12a0a019.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\21741908-6413
      135c'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.hfx.21' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4894e1f7.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Tempor
      ary Internet Files\Content.IE5\vuiempe2jv[1].htm'
      enthielt einen Virus oder unerwünschtes Programm 'JS/Axpergle.AH.7' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5051ce8c.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\5e20d4b9-7fd
      4abce'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Buffy.edqwz.13' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7cf7f411.qua'
      verschoben!

14.11.2014 03:51 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4b135ebc-6aa
      6eaeb'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.lta.8' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1ac1bbd0.qua'
      verschoben!

14.11.2014 00:56 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Philipp\AppData\Local\Temp\security systems\Setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/AgentCV.A.6831'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '504ed689.qua'
      verschoben!

14.11.2014 00:56 [System-Scanner] Suche
      Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
      Anzahl Dateien:        993
      Anzahl Verzeichnisse:        0
      Anzahl Malware:        1
      Anzahl Warnungen:        0

14.11.2014 00:53 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Local\Temp\security systems\Setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/AgentCV.A.6831' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:53 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Local\Temp\security systems\Setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/AgentCV.A.6831' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

14.11.2014 00:22 [System-Scanner] Suche
      Suchlauf beendet [Der Suchlauf wurde abgebrochen!].
      Anzahl Dateien:        0
      Anzahl Verzeichnisse:        0
      Anzahl Malware:        0
      Anzahl Warnungen:        0

14.11.2014 00:21 [Planer] Auftrag gestartet
      Auftrag "Vollständige Systemprüfung"
      wurde erfolgreich gestartet.

14.11.2014 00:21 [Planer] Auftrag gestartet
      Auftrag "ReSystemScan"
      wurde erfolgreich gestartet.

14.11.2014 00:17 [Echtzeit-Scanner] Dienst gestartet
      Der Dienst wurde gestartet.
      Dienst Version:        14.0.7.310
      Engine Version:       
      VDF Version:       

14.11.2014 00:17 [Hilfsdienst] Dienst gestartet
      Der Dienst wurde gestartet.
      Dienst Version:        14.0.7.310
      Engine Version:        8.3.26.8
      VDF Version:        8.11.185.104

14.11.2014 00:16 [Planer] Dienst gestartet
      Der Dienst wurde gestartet.
      Dienst Version 14.0.7.310

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:12 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:12 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:12 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:09 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:08 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:08 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:08 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:07 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:07 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:07 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:07 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Eine Instanz der ARK Library läuft bereits.
      Der Registrierungseintrag
      <HKEY_USERS\S-1-5-21-1658154791-1668127106-4246982286-1000\SOFTWARE\Microsoft\Wi
      ndows\CurrentVersion\Run\Rucyne> konnte nicht repariert werden.
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.

14.11.2014 00:07 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:06 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:06 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:05 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:05 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:05 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:05 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:05 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

14.11.2014 00:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Philipp\AppData\Roaming\Ahpirox\kewaet.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19.11.2014
Scan Time: 02:29:25
Logfile: log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.18.09
Rootkit Database: v2014.11.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Philipp

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325814
Time Elapsed: 20 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.6, , [ff422518f983d066fdbcfa6da65d946c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1658154791-1668127106-4246982286-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [a49d55e87705979f743fb2ecc53f2ad6],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1658154791-1668127106-4246982286-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [2b16a19c82fada5c5536194a877c1fe1],

Registry Values: 1
Trojan.CryptoRSA, HKU\S-1-5-21-1658154791-1668127106-4246982286-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|RSA3267033204, C:\Windows\system32\rundll32.exe "C:\Users\Philipp\AppData\Roaming\Microsoft\Crypto\RSA\RSA3267033204.dll",DllInitialize, , [0c350835730984b2dce4006fc93a8779]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy, , [e75a320bfa8248eec4735fa8af5402fe],
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy\EFFDACB90C614AF5BF133CBEE42AA566, , [e75a320bfa8248eec4735fa8af5402fe],
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy\OpenCandy_EFFDACB90C614AF5BF133CBEE42AA566, , [e75a320bfa8248eec4735fa8af5402fe],

Files: 5
Trojan.Ransom.ED, C:\ProgramData\Windows Genuine Advantage\{48AF13A1-BD89-4D81-8F77-010AD600FEB6}\msiexec.exe, , [8eb3e954e696270f752ef0f344bda759],
Trojan.CryptoRSA, C:\Users\Philipp\AppData\Roaming\Microsoft\Crypto\RSA\RSA3267033204.dll, , [0c350835730984b2dce4006fc93a8779],
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy\EFFDACB90C614AF5BF133CBEE42AA566\TuneUp_OpenCandy_PC_2.4.4.3_CMPID_319.exe, , [e75a320bfa8248eec4735fa8af5402fe],
PUP.Optional.OpenCandy, C:\Users\Philipp\AppData\Roaming\OpenCandy\EFFDACB90C614AF5BF133CBEE42AA566\TuneUp_OpenCandy_PC_2.4.4.3_CMPID_319_p10v0.exe, , [e75a320bfa8248eec4735fa8af5402fe],
PUP.Optional.CrossRider.A, C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "1461048f47608776d43c068914a0bfe3");), ,[f05196a72d4fad899660cdb618ed38c8]

Physical Sectors: 0
(No malicious items detected)


(end)

cosinus 19.11.2014 10:28
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

philiboy96 19.11.2014 16:03
Code:
ComboFix 14-11-17.01 - Philipp 19.11.2014  12:15:42.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3765.2657 [GMT 1:00]
ausgeführt von:: c:\users\Philipp\Desktop\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\Tasks\LERSTNC.job
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-10-19 bis 2014-11-19  ))))))))))))))))))))))))))))))
.
.
2014-11-19 11:28 . 2014-11-19 11:28        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-11-19 01:29 . 2014-11-19 02:29        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-19 01:28 . 2014-11-19 01:28        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-19 01:28 . 2014-11-19 01:28        --------        d-----w-        c:\programdata\Malwarebytes
2014-11-19 01:28 . 2014-10-01 10:11        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-11-19 01:28 . 2014-10-01 10:11        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-11-19 01:28 . 2014-10-01 10:11        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-11-19 01:12 . 2014-11-19 01:14        --------        d-----w-        C:\FRST
2014-11-19 00:30 . 2014-11-19 00:30        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-11-19 00:30 . 2014-11-19 00:29        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-19 00:30 . 2014-11-19 10:52        --------        d-----w-        c:\users\Philipp\AppData\Roaming\Dropbox
2014-11-18 21:23 . 2014-11-18 21:23        --------        d-----w-        c:\users\Philipp\AppData\Roaming\AVG
2014-11-18 21:23 . 2014-11-18 21:23        --------        d-----w-        c:\program files (x86)\AVG
2014-11-18 21:23 . 2014-11-18 21:23        --------        d-----w-        c:\users\Philipp\AppData\Local\Avg
2014-11-18 21:22 . 2014-11-18 21:24        --------        d-----w-        c:\programdata\AVG
2014-11-18 01:02 . 2014-11-18 01:02        --------        d-----w-        c:\program files (x86)\Free Codec Pack
2014-11-18 01:02 . 2014-11-18 01:03        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2014-11-13 22:31 . 2014-11-19 11:08        --------        d-----w-        c:\program files (x86)\Avira
2014-11-13 22:17 . 2014-11-13 22:17        --------        d-sh--w-        c:\users\Philipp\AppData\Local\EmieBrowserModeList
2014-11-12 22:04 . 2014-11-06 03:50        666624        ----a-w-        c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-11-12 21:52 . 2014-11-05 17:56        304640        ----a-w-        c:\windows\system32\generaltel.dll
2014-11-12 21:52 . 2014-11-05 17:56        228864        ----a-w-        c:\windows\system32\aepdu.dll
2014-11-12 21:52 . 2014-11-05 17:52        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-11-12 21:52 . 2014-10-14 02:16        155064        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 21:52 . 2014-10-14 02:13        683520        ----a-w-        c:\windows\system32\termsrv.dll
2014-11-12 21:52 . 2014-10-14 02:12        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-11-12 21:52 . 2014-10-14 02:07        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-11-12 21:52 . 2014-10-14 01:46        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll
2014-11-12 21:52 . 2014-10-14 02:09        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-11-12 21:52 . 2014-10-14 01:50        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-11-12 21:52 . 2014-10-14 01:49        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-11-12 21:52 . 2014-10-14 01:47        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2014-11-11 23:38 . 2014-11-13 23:14        --------        d-----w-        c:\users\Philipp\AppData\Roaming\Ahpirox
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 23:20 . 2013-03-21 21:05        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-13 23:20 . 2011-10-27 12:12        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-13 01:35 . 2013-03-15 12:12        103374192        ----a-w-        c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-10-01 19:55        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 19:55        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 10:55        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 10:55        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-15 21:39        424448        ----a-w-        c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 21:39        372736        ----a-w-        c:\windows\SysWow64\rastls.dll
2014-08-30 10:38 . 2011-03-29 01:36        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 12:52        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 12:52        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}]
2013-04-28 13:24        269312        ----a-w-        c:\users\Philipp\AppData\LocalLow\Flagfox\IE\Flagfox.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-11 13:07        323752        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-18 14:32        1089352        ----a-w-        c:\program files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 23:20]
.
2014-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18 14:31]
.
2014-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18 14:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-07 17:08        357376        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-15 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-15 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-19  12:31:54
ComboFix-quarantined-files.txt  2014-11-19 11:31
.
Vor Suchlauf: 7 Verzeichnis(se), 325.902.139.392 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 325.833.027.584 Bytes frei
.
- - End Of File - - 55E8AB57B7A0FF5BEA9F8855F38C6852
Wartungscenter kann immer noch nicht gestartet werden:-(

Habe Avira vorher deinstalliert und Combo hat trotzdem erst noch gemeckert.

cosinus 19.11.2014 16:04
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


philiboy96 19.11.2014 16:29
Code:
# AdwCleaner v4.101 - Bericht erstellt am 19/11/2014 um 16:09:25
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Philipp - PHILIPP-PC
# Gestartet von : C:\Users\Philipp\Desktop\Downloads\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\smart pc cleaner
Ordner Gelöscht : C:\Users\Philipp\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Philipp\AppData\LocalLow\FlagFox
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\smart pc cleaner
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gelöscht : C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid
Datei Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v


-\\ Google Chrome v38.0.2125.122


*************************

AdwCleaner[R0].txt - [3464 octets] - [19/11/2014 16:05:59]
AdwCleaner[S0].txt - [3225 octets] - [19/11/2014 16:09:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3285 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Philipp on 19.11.2014 at 16:17:09,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{01903AD0-B1F6-41D8-8EDF-C344968286D9}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{0195C4C5-21AA-4772-B201-9A2ADE0059DA}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{0283DB2F-4209-482C-9303-F1DC5A987390}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{034D6EC9-E59F-40F7-A7AA-BB85D4FC8BD6}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{038706E3-4144-4281-92E8-A8AADD89B32A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{03F262E2-679F-4F48-8A11-A0ADD872D64C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{048253F7-5745-479D-A33F-C120D3EA4BD0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{04C56ADB-C7D3-4B35-9E97-28ED27D595E6}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{05637BF0-5E36-4028-92B5-127BFCF5EF25}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{07567933-036D-4F63-9C52-F90E37A2166F}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{082076FA-2391-49BB-815F-F826EEFE768A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{083B3EE9-F774-4A2A-A053-784335259CC1}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{0BBCF851-5192-487E-AD24-93F6A839DF08}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{0D91E0B6-2D2F-4CD3-81FD-E93E5E891D1F}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{0DB63F4C-212D-4A75-B656-BFA245B83AB3}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{10AA1321-F44B-4EB6-9602-4E3697B93085}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1133BDB4-C17F-4C58-B790-934BEFF87E65}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{13204839-BA90-4C45-8E87-18D1EF5660C2}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{133D09AA-AF34-4B30-BB94-78F8DC87D3A3}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1539E22D-2126-4C35-A4E7-191A8E96F5B6}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1561F28E-C2CB-4C95-B133-B71C8A0D65A3}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{157CAA0D-C5E0-4EE6-873F-C0F1F539903B}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{157D5872-CC79-40DC-A1E6-455F7DB765E7}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{15B4B42C-33C1-43AE-AF9E-D37A87A38ACB}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1642C8FC-8863-4726-B198-35E25D05A869}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{16BFDC10-9015-4DD5-A4B3-7C5721CB9BF6}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{17AE5917-0B5F-47BD-A40B-B295CAE6352C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{17C34309-41DC-42AB-865D-3BDDD274CFB7}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{181F5EA0-D456-444F-BA93-65EAAF9AF7FC}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1865484D-3B7F-4E5F-A19E-AE2AD6F18CB3}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{189978AA-0F87-4C1A-9287-72001C5C6F2E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{192E06F4-6BD4-42C3-A088-2F17ED7E8762}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{198D8EEF-C822-456D-BD4C-E8BB86DDC05A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1BA76A13-C585-45F5-8E54-8B29C111558F}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1D3D59C9-846F-497E-BA9E-64EF58F24AE4}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1EF3F736-B615-4F69-9CB7-A3DA8F6D7247}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{1F257401-9B1F-433F-90D4-378C9BFDB94A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2040CA6C-F291-49DA-ADB6-037B53A89867}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{208DA8B5-194A-4DA3-A18D-52E33D07F207}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{20B456AA-B401-4329-A438-CD2E9BFBED88}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{21AAC2C8-EE6F-4542-9739-A37BE44B1B44}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{232A3BA4-1F36-4510-A204-F533E12666C0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{256EC6DD-CF9A-4807-AFFF-3436E130A375}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{258BEDC4-6D0A-4D00-9A14-A8759EE88579}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{25B2D763-D7E3-4588-8D86-9B1ECBC6070E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{284C2054-4A74-4689-A95B-18F0674337A1}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{284FE68B-B3CB-4942-969A-964912EC9592}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{28CCC264-411A-4C07-8E2E-1D3434ACAF76}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{29FDFE90-394C-49FD-AEEB-4677EC932502}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2B1613E3-3C88-497E-ACF1-3639F327749E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2BCA7873-B566-43F8-B9D0-6A48A80D2915}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2C411AA7-9F79-4984-88EC-10AC183DC768}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2C7E4F85-BEC9-4D8A-90BA-4BF9910F2C98}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2CC95659-7070-4022-87A6-7B1A9BE976A7}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2E3418F3-7706-4C5B-B7A1-4453327445F7}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{2FF453DE-949B-4F9D-BDDE-C69126DED88A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3057A366-D2C1-4F07-873E-374023A22598}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3145F5F7-AA1F-47E2-8F8C-E9849F163363}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{314E3818-A787-48DF-BC95-1499B4EA10EF}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{31D4E0DE-4CC9-4689-A67E-9F8C19316D61}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{320E0D2A-7332-40DE-BD9D-4EF35D83F346}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{32502FF8-FB60-4998-92AB-0D1B95FDD900}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{331B4D2A-3F5E-45EC-97F0-907A9AC07FD6}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3449A0B1-6370-4F9A-B221-C509B6294E7C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{35A75E93-93CA-40A1-A69B-AC21D71F2E0C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{35A77510-5553-422C-AF03-4783DBBB88E0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3668FCD3-48E5-490D-8EEF-2478098F7AD6}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{36CE1B89-0AC3-46F0-B804-CFEC55392B88}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{37FED195-ACAE-4E1F-AE65-AAC332A894A8}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{38324F70-E15D-4134-84E7-4EDF7854FECF}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3A35C0E5-5766-4F2F-8B2C-484BA27EE16D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3AB36115-0406-44FA-B9D5-BB75CD6B3EC0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3B16EDE7-F0A2-4DAD-8006-90D8A98E826F}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3B3370AE-C027-42D2-89BD-7171C20F9F37}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3B8909FC-6AC5-46F4-8B39-3B454B0ACA0C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3BB107D4-9373-41FA-84AF-AA51C65DCA89}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3D3D8F11-2E2D-41A1-A30D-7676228C5A95}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3D92B186-916C-4DF5-B89C-2083C2CFB990}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3DB6B39B-F254-4BD0-839B-76FD3B4AFA7C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{3E989A39-E65F-48C1-B62B-E9290C0DDDB6}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{40499B1B-C537-4BC6-98D9-9F037D8664F3}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{40DC8F17-B303-4748-A77C-9D1635FECB6B}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4188C4FB-D943-42A9-8DF1-EFABCC7DF9A1}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{41E42A07-8925-49EC-A146-623FE0A114C5}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{45706262-817A-4681-9ABE-42453CB6FC1D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{46AC2958-BD9C-418B-8AF3-1374A4E5B969}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{48AA82C7-5040-4E25-A8B0-52C1F738F26B}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4995C5FE-0F04-445C-BBB8-03ECD909A484}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4ADE4975-B6A8-4368-98B9-249E2FCA8C42}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4B17EBF4-9EBF-43FE-8A5B-6929577566B0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4BA0FE64-3740-487D-8A1B-670E573CBB1A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{4C7B4204-58CE-41EB-88A5-427D46315ED4}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5115370B-D134-4875-81EA-6358F2477953}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{53F5AE7A-6733-48DC-8B4F-9F775F49FCA3}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{578403C8-22B8-4239-B9DF-0907A20917C7}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{57A2190E-1E0D-4418-B01B-B492D2C75BD2}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{57FAA585-9117-4DC5-8CDA-E6272BBF2480}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5911ED71-6C92-4BF5-AB72-B5C17964FE81}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{59144E9F-4B26-4061-86E8-7A0991425D92}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{59493EA5-3057-490D-8194-A0462C3D45E7}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{59EAEFDA-B267-4C32-B573-6AD7EC5A69DD}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5A0E64CF-6BA2-4B12-939F-0334D364FAF0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5AAABEBF-D3DF-4490-92E4-A445C2123254}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5AE0E413-6CA5-4AA7-AAEB-3A450683E0D7}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5D046713-9589-49A4-A7CE-CA16F144C238}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{5D3F6F89-95FA-4418-A9CE-25621AD7D6A8}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6083B77B-C30D-4703-82EE-7909E3D761AB}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{627312E5-599D-449E-B384-C5F46582E44E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{62C556CF-94CA-4012-9829-244FE7D05B79}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{62F778D3-CA7C-45FC-92A1-5D00427D07EF}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{630405AA-7A0B-4633-B56D-09960443636E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{65235DA4-E9B8-4228-BF13-B9EAA414E63A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{671CC034-F8F3-4406-A458-2E2345B45ABB}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{67828BD2-B6F6-4FB5-8207-99BC3DB29609}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{68090290-E7CF-413D-9AA6-14E462C9841C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6A210D85-6B06-4036-A359-2F16E77EABA0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6A6A845A-E9C7-4644-B1AF-64539D5D036C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6B9C54F4-B89D-4C06-B073-9FCC98C95009}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6BC41696-6AFC-4472-AC5C-713D0626FDE4}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6D0BB5CD-D419-4779-ADE0-34B2BED94950}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6DB0EA38-8787-47A1-BB79-07670DD6B74C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6DD94C96-48DB-4DFD-9005-ADF78DC55F98}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6EAF747F-CB44-44DB-B11C-11C3FC22122E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{6F07EB92-ECCF-46AD-B30F-A4EB1DAB93F6}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7017C61D-88E8-4FA8-B3A2-BBE546DC7898}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7103D629-F0A8-4048-9F36-FF4AAC3F9BAC}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{74034009-8C94-4AB4-9AC9-5ABBFBD81789}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{759AEEE2-A243-4A48-AB82-FB96FCE58315}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{764A1101-E7A0-44B4-B8EC-0093F9B999B6}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{76A451C4-5A85-41CD-8DC4-3417E1918CDD}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7755D5E1-A342-499A-9860-ED437F04D11D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{77AEC4F4-B197-4ACC-B47E-D661156D788F}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7900CA24-ABE0-4C19-A622-8147414ED3A4}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{797F4771-3B5D-412F-B6B9-F286A2E14E27}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7C7FC9A5-2941-40EE-8AD2-73493119B0BB}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7D41506A-326C-42DE-B31F-3B75E7AF5BB1}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7D4C542F-2250-4D6C-826E-7AFC77848662}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7D5E8BFF-6859-45F8-91A7-A01F90E9519C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7DAD3291-5A39-4D92-91A6-F926CD1FEA55}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{7E7E4E33-BB75-4F79-B261-46862A226983}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8027221A-C54D-4A0F-A9D0-CB3309B0C300}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{823FFCDE-F91D-4C79-BD6C-32EBD43922F9}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{82D18ABB-F4CE-43E2-A362-C6583456C97E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{832CCDDB-B71D-48A6-A798-9112FF469F09}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{837A06E6-A393-4C00-9D14-B191981A6870}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{83CFDFE1-91F8-4022-BCA4-C24D453D2B6B}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{83E8DB7B-3C2E-412C-B663-31C9B37B4AFF}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{855F0758-BE4C-43B6-AF45-F7FAAA5424D0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{86B6BAE5-71EC-43A8-A444-9323F48FF015}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{87283CB8-BCCC-4DD8-BED6-B4C733B9AB52}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8B028674-5C15-4CA0-81E2-77F0CC50F4AF}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8B1BC225-CEEB-4605-A29D-C7B12EA96731}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8C032403-4135-4F08-9FD8-ADB78F1AAA4F}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8CEB94A0-462C-4A8E-B637-E4D6A4B02103}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8CF47F82-42F5-4764-B360-709D2C48D647}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8D160335-BE19-4697-90E8-0A4E43F3799A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8E89B4F9-65F1-4BC7-8808-0A7B02F3B465}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{8EBF195A-6745-4FC0-B9E8-B3E4AEC01B9D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{90443AA8-A294-4F31-B64C-FA7C8CAEAB40}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9215D25D-4DC9-4F86-B4A5-61A7C97782FC}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9269D88D-032D-4D19-AD96-76A732B22935}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{964AE2D5-F686-4AA7-B515-02410CDC0803}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9654080F-84D2-4D9A-BE4B-8F5251B72CB3}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{99DF8CD8-4D28-47B7-97BD-439E9CDA8A21}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9A031168-799B-4304-A1FC-14D60A82BE8D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9A397D7A-FAC9-4B0C-89D1-0A3A0B1D4CB8}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9A4EFC91-55FB-432F-AE7D-0A7A7D574066}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9C70044C-AD38-4B7F-84FD-E547AFA2578E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9C897B57-5CCE-4F56-A163-F53CAF66EDDC}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{9E5E1356-8484-4B25-A8DF-0E29D5EDB53A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A0369A24-9AF5-4CB0-B607-072B73013BC4}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A1B24877-FF68-417A-AE1E-9D0F5ED6DFF2}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A1FE4BF2-2D99-44CC-9864-D191D5BB0C7D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A437549C-2AAE-41BD-8733-A9BE50F8C70D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A6396322-B39B-420B-AA05-78ECB566479E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A6FC543E-D3C8-43DC-889C-BC54EC0D0A1C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A9118912-A232-41B1-98E2-936F57BF1000}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{A9DDB012-20B5-46C3-8576-1518F59E0B30}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AB5926CD-E96E-4E8C-9A21-A03179A6F40E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AD052654-810C-4B9F-89DA-8CA89E29EF20}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AD8D7393-1403-42D5-91C5-14CD79E2216C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AE424C38-259A-4512-903F-BA727EB2A895}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AEDEC7D3-CEA0-4386-9965-2B8E821FA324}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AEEA227F-F810-457E-90D3-AF39F3EB8365}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{AF888F10-C060-4E1D-AC90-CE5A49680F76}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B02EA655-4606-4EA4-AA68-FBFA5B125AE5}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B04C8E05-0B32-4C0F-A909-7F41AE72D82A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B321A8CF-78FD-42B1-83C2-478C6F2616D4}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B3B49DA0-9DC9-4302-8F63-8CD4B5081D78}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B430F5DE-77EF-4ADA-A727-58540895A75D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B4512EF6-402D-4247-AC6A-CFB3DAA3B9CB}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B4D8E607-6916-4009-BB8C-6AC9388DC49F}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B4E93090-E674-4FDC-A662-1DD52CD1FF64}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B58E8DBF-9179-464F-B884-0C8131AB5B38}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B66CCDA7-B545-41A4-8042-4FCE3ED13F2B}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B6B9EDE5-E0D4-4160-A0CA-E131E60684EE}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B7945CAE-BF23-4108-A37A-0CC0AC9DD541}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B8A339BF-3A28-472C-A61B-47B194278018}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B962B052-F259-4E55-A528-F48D3702C9AE}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{B988950D-71B5-458C-9A98-D4F9643CDD3D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BA840154-958F-44BE-8853-25BC5EEEB47D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BB755905-AD0C-4D4D-9AF7-0ABF4245AF6E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BC1E4436-2F81-4C84-8F80-28DBB64810E2}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BC292A68-C639-4EB0-824D-928C04003D68}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BD1687EB-AA07-480B-B62E-4620F68B4F9B}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BD347485-A906-4FAE-8128-B2B803B60DAC}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BDACD229-DCD7-43D9-844C-FD8EC8E0D53F}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{BFCBA84F-BF69-40AA-BD8F-4AA454405EBE}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C04D7758-FDE0-4024-A9FD-F6091580ED0C}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C3936B99-AF0C-40BD-86EB-46048FC1851B}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C4A9AC76-4748-4F7A-8759-36A330534A45}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C502B894-BDE9-41B8-8185-80797A407711}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C5CE2FFF-298F-4DD2-9376-103E82D5905B}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C6DD5C5B-29D9-486E-B77D-AA7058C74A98}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C7A75582-F669-4B3F-B189-D30EAFC1245A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C81D55E2-0B61-42B2-950B-49E2C12E5978}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{C9C2679D-419D-42BD-A1EB-E27898119637}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{CAFA2724-CBC1-4F00-9C77-6967240ABBB0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{CCED019C-5659-48EE-8CD9-B9DF23F8B06F}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{CD217311-A83F-4426-8385-B91329DFB3C6}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{CDB0AC50-17B4-4CCC-802F-D86E949ADD29}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{CE8C35C3-DB85-48D9-B13A-9BF7DB8CBAB0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D01DC34D-F557-4D51-A8CD-4A8767022A3A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D12E04DB-3228-4CAA-B538-BB58A65FD6F3}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D34425D8-2816-44D1-995A-5326FC8B4BD5}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D36A83AD-D0D4-4D5C-AF5A-24359C72137D}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D36D7613-A600-414B-A225-F22AE114BAF8}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D37CE603-DBA4-4F97-9DFC-1C59627C15C0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D39338D6-891B-49B6-ADDC-8D448600BA12}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D4BE1318-08A2-47B9-8867-9933E92F2512}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D4E9D140-CA74-4DE2-960E-1E0821E68DA4}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D51C6359-1042-4ED4-A960-F590E639D1F5}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D57D3AEF-66D9-4314-9923-690D1D291CCD}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D5E73B15-66B6-4801-A8C2-1BECB4909D20}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D617B578-283E-42AB-A0EA-791DBCE38895}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D6E4771E-B3EA-43B6-B037-FA95207C1B19}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D79DF9BD-6D8C-4216-A0B5-773DB50455D2}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D8169DD6-8CDA-43C7-892B-EDAECB78EC93}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D829996A-718A-4269-93CF-BD345B4F25E3}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D8BAC783-2D9B-4C4A-8732-C96F2020AEB7}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{D90BCF84-9C54-461F-A91A-C291A9C724BF}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DB0832CD-C834-4259-8762-D240D330AB0E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DD63C1AD-8CC7-4382-AA8A-9088D6D44735}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{DED52315-B7E0-4D55-9DA4-6B8D84BBC6DA}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E1AFBFFA-1CB1-48A0-B437-AF515DA5B8CE}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E1E231DF-9526-43A5-B1C9-037D3A2EE840}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E1F765B1-CA84-41D6-8A3A-92EE103F5662}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E2AF882D-29D1-481F-BD97-7D2B6FD66D96}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E2E31A88-CB9E-4235-84A5-870160A537C8}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E2E66939-7B99-4A97-B7A0-8DE10177A373}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E5EBAAC0-A635-4A3A-831E-96DC14E3EFF4}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E627935C-4250-477E-8526-2F8D475F4A9A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E62B2C7A-AC7A-4017-9883-1D54FEE9C43E}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E85609C6-90C7-4749-AD47-B6605A8AE85A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E8CC7565-5A6C-47E5-8D5E-6F8C849513C0}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E9F130F0-C035-4D4D-8701-AD134B2F0B75}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{E9FE4EA1-33C8-4FC5-B0E0-C7AF40C9D457}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{EFE7E4DC-4552-488C-AD35-EA4797814A13}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F208C57C-77FC-456A-8290-AA00DF8EC57A}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F253FE3D-8A43-4F56-BD14-ACBF6582EBDB}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F2722381-9FA7-4BAE-B6CC-2A7407FCD36B}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F5580423-26D6-439F-B84B-0FD787A03EB9}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F60A8444-92C8-486C-BF6A-F1C916ED60AE}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F67A0898-721F-4227-B745-14C24157C724}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F7362449-3434-4917-8140-D14305CB8E18}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F90B877A-E04C-48A9-ABA4-4E5A71C68FD9}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{F9B57654-D01B-46A6-9DC1-9C3D5708DFAC}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FB547E09-6CE5-42E9-B779-F62BF9AAAA6F}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FE1C898D-2F74-46C7-A5F6-60D818A7F289}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FE942039-F8E1-49C7-8DEC-18494EB6C7C2}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FEC43D7A-6D3C-46AE-996B-A7C1C42379D3}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FF6F1CAC-1156-4534-A4B7-6E720A83E4FB}
Successfully deleted: [Empty Folder] C:\Users\Philipp\appdata\local\{FFDB9114-FC0B-4195-AB8E-68B6696CA168}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.11.2014 at 16:20:13,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
Ran by Philipp (administrator) on PHILIPP-PC on 19-11-2014 16:22:58
Running from C:\Users\Philipp\Desktop\Downloads
Loaded Profile: Philipp (Available profiles: Philipp)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Philipp\Desktop\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1658154791-1668127106-4246982286-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1658154791-1668127106-4246982286-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.spiegel-online.de
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1658154791-1668127106-4246982286-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\abs@avira.com [2014-11-14]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-18]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-08-15]
FF Extension: Cliqz Beta - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\cliqz@cliqz.com.xpi [2014-10-01]
FF Extension: Google Button for Firefox with dropdown menu for the most important Google services - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\google.button@mali37.net.xpi [2014-11-18]
FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\z1tl3nmr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://n24.de/
CHR StartupUrls: Default -> "hxxp://n24.de/"
CHR Profile: C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-18]
CHR Extension: (Google Docs) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-18]
CHR Extension: (Google Drive) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-18]
CHR Extension: (YouTube) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-18]
CHR Extension: (Google-Suche) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-18]
CHR Extension: (Google Tabellen) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-18]
CHR Extension: (Avira Browser Safety) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-18]
CHR Extension: (Google Wallet) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-18]
CHR Extension: (Google Mail) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 16:20 - 2014-11-19 16:20 - 00030113 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-11-19 16:17 - 2014-11-19 16:17 - 00000000 ____D () C:\Windows\ERUNT
2014-11-19 16:05 - 2014-11-19 16:09 - 00000000 ____D () C:\AdwCleaner
2014-11-19 15:18 - 2014-11-19 15:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-19 15:13 - 2014-11-19 15:12 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-11-19 14:36 - 2014-11-19 14:36 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Avira
2014-11-19 14:33 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-19 14:33 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-19 14:33 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-19 14:29 - 2014-11-19 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-19 14:29 - 2014-11-19 14:33 - 00000000 ____D () C:\ProgramData\Avira
2014-11-19 14:29 - 2014-11-19 14:29 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-19 14:29 - 2014-11-19 14:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-19 13:04 - 2014-11-19 13:04 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-19 12:31 - 2014-11-19 12:31 - 00018205 _____ () C:\ComboFix.txt
2014-11-19 12:12 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-19 12:12 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-19 12:12 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-19 12:12 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-19 12:12 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-19 12:12 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-19 12:12 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-19 12:12 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-19 12:07 - 2014-11-19 12:31 - 00000000 ____D () C:\Qoobox
2014-11-19 12:06 - 2014-11-19 12:30 - 00000000 ____D () C:\Windows\erdnt
2014-11-19 11:58 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:58 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:58 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:58 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 02:28 - 2014-11-19 02:28 - 00001088 _____ () C:\Users\Philipp\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-19 02:28 - 2014-11-19 02:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-19 02:12 - 2014-11-19 16:23 - 00000000 ____D () C:\FRST
2014-11-19 01:30 - 2014-11-19 11:52 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox
2014-11-19 01:30 - 2014-11-19 01:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-19 00:37 - 2014-11-19 00:37 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2014-11-18 22:23 - 2014-11-18 22:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\AVG
2014-11-18 22:23 - 2014-11-18 22:23 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Avg
2014-11-18 22:23 - 2014-11-18 22:23 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-18 22:22 - 2014-11-18 22:24 - 00000000 ____D () C:\ProgramData\AVG
2014-11-18 15:32 - 2014-11-18 15:32 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-18 15:32 - 2014-11-18 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-18 15:31 - 2014-11-19 16:11 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 15:31 - 2014-11-19 15:36 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 15:31 - 2014-11-18 15:31 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 15:31 - 2014-11-18 15:31 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-18 11:04 - 2014-11-19 16:11 - 00144724 _____ () C:\Windows\PFRO.log
2014-11-18 02:03 - 2014-11-18 02:03 - 00001404 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-11-18 02:03 - 2014-11-18 02:03 - 00001207 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-11-18 02:02 - 2014-11-18 02:02 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2014-11-15 18:46 - 2014-11-19 16:11 - 00001064 _____ () C:\Windows\setupact.log
2014-11-15 18:46 - 2014-11-15 18:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-13 23:31 - 2014-11-19 14:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-13 23:17 - 2014-11-13 23:17 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieBrowserModeList
2014-11-12 23:05 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 23:05 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 23:05 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 23:05 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 23:05 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 23:05 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 23:05 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 23:05 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 23:05 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 23:05 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 23:04 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 23:04 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 23:04 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 23:04 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 23:04 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 23:04 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 23:04 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 23:04 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 23:04 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 23:04 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 23:04 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 23:04 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 23:04 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 23:04 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 23:04 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 23:04 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 23:04 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 23:04 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 23:04 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 23:04 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 23:04 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 23:04 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 23:04 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 23:04 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 23:04 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 23:04 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 23:04 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 23:04 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 23:04 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 23:04 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 23:04 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 23:04 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 23:04 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 23:04 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 23:04 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 23:04 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 23:04 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 23:04 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 23:04 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 23:04 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 23:04 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 23:04 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 23:04 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 23:04 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 23:04 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 23:04 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 22:52 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 22:52 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 22:52 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 22:52 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 22:52 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 22:52 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 22:52 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 22:52 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 22:52 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 22:52 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 22:52 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 22:52 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 22:47 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 22:47 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 22:47 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 22:47 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 22:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 22:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 22:47 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 22:47 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 22:47 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 22:47 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 22:47 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 22:47 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 22:47 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 22:47 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 22:47 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 22:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 22:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 22:47 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 22:47 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 22:47 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 22:47 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 22:47 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 22:47 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 00:38 - 2014-11-14 00:14 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Ahpirox
2014-11-11 23:58 - 2014-11-11 23:58 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 16:20 - 2013-03-21 22:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 16:19 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 16:19 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 16:12 - 2012-03-18 02:43 - 00000000 ____D () C:\ProgramData\clear.fi
2014-11-19 16:11 - 2013-07-25 21:14 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-19 16:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 16:10 - 2012-01-12 04:04 - 01559388 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 15:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-11-19 15:28 - 2013-04-09 21:49 - 00000000 ____D () C:\Users\Philipp\AppData\Local\CrashDumps
2014-11-19 13:29 - 2012-03-17 11:57 - 00112832 _____ () C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-19 13:22 - 2009-07-14 05:45 - 00418632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-19 12:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-19 02:54 - 2013-05-26 21:19 - 00000000 ____D () C:\Windows\fi
2014-11-19 01:29 - 2014-05-27 10:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-19 01:29 - 2014-05-27 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-19 01:28 - 2013-07-02 23:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-19 01:26 - 2011-10-27 13:10 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-19 00:37 - 2014-07-22 16:29 - 00000000 ____D () C:\Users\Philipp\.thumbnails
2014-11-19 00:37 - 2013-11-18 11:48 - 00000000 ____D () C:\Users\Philipp\Desktop\Bruno
2014-11-19 00:37 - 2013-11-08 16:15 - 00000000 ____D () C:\Users\Philipp\Desktop\Master IIM IW
2014-11-19 00:37 - 2013-07-17 10:30 - 00000000 ___RD () C:\Users\Philipp\Desktop\Programme
2014-11-19 00:37 - 2012-06-10 13:13 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Microsoft Help
2014-11-19 00:37 - 2012-04-20 11:40 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Skype
2014-11-19 00:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-11-18 15:32 - 2013-05-17 00:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-18 15:32 - 2012-03-17 12:05 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Google
2014-11-18 15:31 - 2012-03-17 12:04 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Deployment
2014-11-18 02:03 - 2014-01-18 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-18 02:03 - 2012-06-10 13:54 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-11-18 02:02 - 2012-06-10 13:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\DVDVideoSoft
2014-11-18 00:51 - 2013-05-25 13:30 - 00005632 _____ () C:\graph.grf
2014-11-18 00:49 - 2012-05-03 14:23 - 00000000 ____D () C:\Users\Philipp\Desktop\IIM
2014-11-17 17:11 - 2014-07-29 15:35 - 00000000 ____D () C:\Users\Philipp\Desktop\VFV-Bilder Fußball
2014-11-15 23:26 - 2012-03-21 15:16 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Spotify
2014-11-15 22:33 - 2012-03-21 15:28 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Spotify
2014-11-15 22:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 01:10 - 2012-12-05 10:00 - 00000000 ____D () C:\Windows\Minidump
2014-11-14 23:00 - 2012-01-12 12:53 - 12303630 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 23:00 - 2012-01-12 12:53 - 03899744 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 23:00 - 2009-07-14 06:13 - 00006512 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 21:03 - 2012-10-16 00:25 - 00000000 ____D () C:\Users\Philipp\Desktop\Musik
2014-11-14 00:50 - 2012-04-04 11:24 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-11-14 00:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-14 00:49 - 2012-04-04 11:25 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\SoftGrid Client
2014-11-14 00:49 - 2012-01-12 04:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-14 00:48 - 2014-03-08 14:48 - 00000000 ____D () C:\ProgramData\DatacardService
2014-11-14 00:44 - 2014-07-31 23:09 - 00000000 ____D () C:\Program Files\SecurityKISS Tunnel
2014-11-14 00:33 - 2013-11-27 00:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-14 00:33 - 2012-03-17 13:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-14 00:21 - 2013-03-21 22:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-14 00:20 - 2013-03-21 22:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-14 00:20 - 2011-10-27 13:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-13 23:12 - 2014-05-06 22:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 02:40 - 2012-06-10 13:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 02:35 - 2013-03-15 13:12 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 00:21 - 2013-11-14 13:11 - 00000000 ____D () C:\Program Files (x86)\SAP
2014-11-12 17:15 - 2013-11-04 15:04 - 00000000 ____D () C:\Users\Philipp\AppData\Local\TSVNCache
2014-11-07 13:29 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\Quarantine.exe
C:\Users\Philipp\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 22:08

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Eine Addition.txt hat sich ned geöffnet

Bei 2. Lauf hab ich den haken bei Addition.txt gesetzt, hier der Log:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014
Ran by Philipp at 2014-11-19 16:28:30
Running from C:\Users\Philipp\Desktop\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3GP Media Player 1.0.1 (HKLM-x32\...\3GP Media Player_is1) (Version:  - vsevensoft.com)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 8 v.8.4.0 (HKLM-x32\...\Ashampoo Photo Commander 8_is1) (Version: 8.4.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogaléria (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotogràfica (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.122 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{54B0845F-5540-4492-9939-CD8880ABABF0}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-1658154791-1668127106-4246982286-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-11-2014 10:55:43 CBL Daten-Shredder wird entfernt
19-11-2014 12:01:50 CBL Daten-Shredder wird entfernt
19-11-2014 12:04:35 Installed HP Support Solutions Framework
19-11-2014 12:14:49 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-19 12:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1A3DBF-CA98-4F5D-BD46-90BF1D93A652} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {0EC79D67-81D0-44D1-9120-DC1A7C3C9D9C} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {134BF376-0697-442C-BD60-F624198855AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
Task: {15DED422-52E4-4583-8B67-2615AEB7047F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {19683853-5D39-4F92-9F53-746B61743C1E} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe
Task: {2BDAAC91-1D83-4426-A2F9-4873AC9F50B1} - System32\Tasks\{41911B14-D3A2-489D-8A25-DAEBFB8E8C2C} => C:\Program Files (x86)\EA GAMES\MOHAA\eReg\Medal of Honor Allied Assault_eReg.exe
Task: {46CA188C-65CE-445A-BD0C-C66DA054753C} - System32\Tasks\LERSTNC => Rundll32.exe "C:\Windows\SysWOW64\winrssrvv.dll",DUYDBYKB
Task: {4E3955B2-02E8-4419-A879-B37A4BF4F7AC} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {5804D741-353F-4517-A0BC-CDF888B5723C} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {5D463131-87EE-4AC3-95DD-2D5DF391E8BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
Task: {64D3560C-13B6-4204-9942-E9DD27A4413F} - System32\Tasks\{4EF1F030-0E36-42A8-94C9-BE41AAE0C320} => C:\Program Files (x86)\EA GAMES\MOHAA\MOHAA.exe
Task: {6D7473A7-76BD-4ABD-8184-A948D80395F5} - System32\Tasks\{BB0FFD67-0D4C-4778-89A1-404548616AE5} => C:\Program Files (x86)\EA GAMES\MOHAA\MOHAA.exe
Task: {7B959B97-4B6F-4774-A03D-5C86B6FA19F1} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {98E94D04-309E-4F59-8238-797781884AE9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E668BA9-350C-48BC-AB89-D45EFC787321} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\SymErr.exe
Task: {AD29B219-CA6B-4B14-A929-CE911FCBC3E3} - System32\Tasks\{B0BD27D6-7D96-4D24-AAC4-26BF00207074} => C:\Program Files (x86)\EA GAMES\MOHAA\MOHAA.exe
Task: {C2463ED7-F0E9-4D87-8977-2029CC559F37} - System32\Tasks\{AB2A0DBD-AC96-4571-96BB-10D4039A18BC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?page=tsProgressBar
Task: {E2696059-62A9-4137-90E5-91040E4D77A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-14] (Adobe Systems Incorporated)
Task: {E3B9A6AA-A8EC-4D5B-BCB8-4C31A942539B} - System32\Tasks\{E3A2AA61-0E24-4080-825A-0B4590686815} => C:\Program Files (x86)\EA GAMES\MOHAA\MOHAA.exe
Task: {E917CC71-6AD7-4AFD-AD9F-F4003AD2440F} - System32\Tasks\{B77B57C3-5AAB-40CF-B217-A67C113290FE} => C:\Program Files (x86)\EA GAMES\MOHAA\MOHAA.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-27 13:06 - 2011-08-09 00:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-21 03:20 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-11-18 15:32 - 2014-11-06 00:56 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\libglesv2.dll
2014-11-18 15:32 - 2014-11-06 00:56 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\libegl.dll
2014-11-18 15:32 - 2014-11-06 00:57 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\pdf.dll
2014-11-18 15:32 - 2014-11-06 00:56 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\ffmpegsumo.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Spotify => "C:\Users\Philipp\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1658154791-1668127106-4246982286-500 - Administrator - Disabled)
Gast (S-1-5-21-1658154791-1668127106-4246982286-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1658154791-1668127106-4246982286-1002 - Limited - Enabled)
Philipp (S-1-5-21-1658154791-1668127106-4246982286-1000 - Administrator - Enabled) => C:\Users\Philipp

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-19 12:28:28.014
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-19 12:28:27.967
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 35%
Total physical RAM: 3764.86 MB
Available physical RAM: 2420.25 MB
Total Pagefile: 7527.9 MB
Available Pagefile: 5571.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.16 GB) (Free:301.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6BD4400C)
Partition 1: (Not Active) - (Size=13.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 19.11.2014 18:18
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


philiboy96 19.11.2014 22:09
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.11.2014
Suchlauf-Zeit: 21:08:23
Logdatei: kub.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.19.07
Rootkit Datenbank: v2014.11.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Philipp

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 338705
Verstrichene Zeit: 24 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Bei Eset findet er nun auch nix...:-(

In den vorigen wurde ja einiges gefunden und bekämpft, aber trotzdem geht dieses Wartungscenter einfach nicht...Auch nicht über Dienste

cosinus 19.11.2014 22:26
Bitte mal dieses Tool ausführen und Reparieren lassen => Windows Repair (All In One) - Download - Filepony

philiboy96 19.11.2014 22:38
moment, er findet nun bei 93 Proz iwelche adware

cosinus 19.11.2014 22:47
Achso, lass ESET erstmal in Ruhe scannen

philiboy96 19.11.2014 23:47
Code:
C:\Users\Philipp\Desktop\Downloads\Avg pc tune up 2015 [Full Version] (1).exe        Win32/Adware.1ClickDownload.AJ Anwendung
C:\Users\Philipp\Desktop\Downloads\Avg pc tune up 2015 [Full Version].exe        Win32/Adware.1ClickDownload.AJ Anwendung
C:\Users\Philipp\Desktop\Downloads\Mozilla-Firefox-lnstall.exe        Variante von Win32/WinloadSDA.G evtl. unerwünschte Anwendung
C:\Users\Philipp\Desktop\Downloads\SoftonicDownloader_fuer_gimp.exe        Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung
Arbeitsspeicher        Variante von Win32/TrojanDownloader.FakeAlert.AQI Trojaner
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d549b9b40048c84ea955a78a86780de0
# engine=21170
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-19 10:41:13
# local_time=2014-11-19 11:41:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 9727 2367558 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 42868416 168066723 0 0
# scanned=303798
# found=5
# cleaned=0
# scan_time=7177
sh=4DF28A60ECACE84F4BDADB3EAFA0F01DC9ED7276 ft=1 fh=2a25e6e2b4d18e44 vn="Win32/Adware.1ClickDownload.AJ Anwendung" ac=I fn="C:\Users\Philipp\Desktop\Downloads\Avg pc tune up 2015 [Full Version] (1).exe"
sh=4DF28A60ECACE84F4BDADB3EAFA0F01DC9ED7276 ft=1 fh=2a25e6e2b4d18e44 vn="Win32/Adware.1ClickDownload.AJ Anwendung" ac=I fn="C:\Users\Philipp\Desktop\Downloads\Avg pc tune up 2015 [Full Version].exe"
sh=5242458132523E17CE4F9A932EECC6B52D5C5E6B ft=1 fh=b2e5576595327e80 vn="Variante von Win32/WinloadSDA.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\Desktop\Downloads\Mozilla-Firefox-lnstall.exe"
sh=A00231792D2A5C1A24CB21EE389635ABE1ED86C1 ft=1 fh=ccc076d69704a613 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\Desktop\Downloads\SoftonicDownloader_fuer_gimp.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/TrojanDownloader.FakeAlert.AQI Trojaner" ac=I fn="${Memory}"
Könnte das was sein? wie kann ich die nun löschen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:30 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20