Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   MP3 Jam beinhaltet Schadenssoftware?! (https://www.trojaner-board.de/158153-mp3-jam-beinhaltet-schadenssoftware.html)

Spender0815 31.08.2014 13:11
MP3 Jam beinhaltet Schadenssoftware?!
 
Nach der Installation des Tools, das ich mir von Chip heruntergeladen habe, sprang Antivirus an und lieferte folgende Meldung:
Die Datei 'C:\ProgramData\VDmNguhN\dat\YVWsHGw.dll'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50854905.qua' verschoben!

Ist das Tool nun schädlich oder nicht?

Es dankt
der Spender

schrauber 31.08.2014 13:35
wenn es das Tool nicht ist ist es das Mitbringsel von Chip.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Spender0815 01.09.2014 08:20
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Martin at 2014-09-01 09:03:03
Running from C:\Users\Martin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7943 - DsNET Corp)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audials USB (HKLM-x32\...\{DE8A9465-4B9A-42F2-8242-258CCB93484F}) (Version: 11.0.44800.0 - RapidSolution Software AG)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2006662398.48.56.43519210 - Audible, Inc.)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Cisco EAP-FAST Module (HKLM-x32\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.102.104 - ALPS ELECTRIC CO., LTD.)
Dienstprogramm für Dell Wireless WLAN Karte (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.18 - Dell Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
get_iplayer 4.7 (HKLM-x32\...\get_iplayer) (Version: 4.7 - infradead.org)
Graph 4.3 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Keyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Laptop Integrated Webcam Driver (1.01.01.0529)  (HKLM\...\Creative OEM013) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Mode (HKLM-x32\...\MovieMode) (Version: 2.7.31 - GenTechnologies Apps, LLC)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MP3jam 1.1.1.9 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.1.9 - MP3jam)
NVIDIA 3D Vision Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1070 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 310.70 (Version: 310.70 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
O2Micro Flash Memory Card Reader Driver (x64) (HKLM\...\{BE8D102B-E000-43CA-925A-C5514BF70DEF}) (Version: 3.27 - O2Micro)
PDF Architect (HKLM-x32\...\{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}) (Version: 1.0.41.8362 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.0 - Frank Heindörfer, Philip Chinery)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.207.0 - Tracker Software Products Ltd)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18930 - TeamViewer)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode Version 3.1.9.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.0 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MArtin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MArtin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

30-08-2014 14:52:06 Windows Update
31-08-2014 12:59:54 Removed Cisco LEAP Module

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {101F7D2B-5B85-4632-AB31-E509C56FDCEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {886789F2-EFC2-41D1-A40D-33F42C102130} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

==================== Loaded Modules (whitelisted) =============

2014-04-22 20:13 - 2009-01-20 15:37 - 00031744 _____ () C:\Windows\System32\WLTRYSVC.EXE
2014-04-22 20:13 - 2009-01-20 15:36 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2012-11-10 12:12 - 2012-12-01 07:49 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-31 11:02 - 2014-08-31 11:02 - 00043008 _____ () c:\Users\Martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphs6bul.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-07 08:21 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Martin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-06-11 13:33 - 2014-06-11 13:34 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 13:33 - 2014-06-11 13:34 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 13:33 - 2014-06-11 13:34 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-07-30 15:27 - 2014-07-30 15:27 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Martin\Documents\Vorladung Gericht.jpeg: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Martin\Documents\Vorladung Gericht.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ElbyCDIO Driver
Description: ElbyCDIO Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ElbyCDIO
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: TEAC DVD+-RW DVW28SLC ATA Device
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2014 05:32:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WINWORD.EXE, Version 14.0.7125.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 884

Startzeit: 01cfb7cf70ae94de

Endzeit: 60000

Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

Berichts-ID: 1636ae3f-23c8-11e4-94fe-00247e2b15d0

Error: (08/05/2014 09:49:05 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/03/2014 03:05:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/29/2014 08:10:26 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/28/2014 07:54:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/27/2014 10:49:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/27/2014 09:54:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/27/2014 08:25:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/24/2014 07:32:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/23/2014 11:42:17 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


System errors:
=============
Error: (08/31/2014 10:54:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (08/31/2014 10:54:28 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/31/2014 10:52:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ElbyCDIO

Error: (08/31/2014 10:52:20 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/30/2014 04:34:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/30/2014 04:34:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HomeGroupListener erreicht.

Error: (08/30/2014 04:33:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.

Error: (08/30/2014 04:33:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (08/30/2014 04:33:13 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/30/2014 04:33:03 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005


Microsoft Office Sessions:
=========================
Error: (08/14/2014 05:32:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE14.0.7125.500088401cfb7cf70ae94de60000C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE1636ae3f-23c8-11e4-94fe-00247e2b15d0

Error: (08/05/2014 09:49:05 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/03/2014 03:05:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/29/2014 08:10:26 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/28/2014 07:54:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/27/2014 10:49:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/27/2014 09:54:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/27/2014 08:25:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/24/2014 07:32:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/23/2014 11:42:17 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 61%
Total physical RAM: 4094.43 MB
Available physical RAM: 1558.54 MB
Total Pagefile: 8187.04 MB
Available Pagefile: 5113.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:183.94 GB) (Free:23.39 GB) NTFS
Drive d: () (Fixed) (Total:48.83 GB) (Free:13.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (CANON) (Removable) (Total:14.96 GB) (Free:4.33 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 98DEB064)
Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)
Partition 2: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=183.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Martin (administrator) on SCHNITZEL on 01-09-2014 08:59:55
Running from C:\Users\Martin\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(GenTechnologies Apps, LLC) C:\ProgramData\VDmNguhN\sPIhgkxJrcx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Dell) C:\Users\Martin\AppData\Local\Apps\2.0\D4BAPGNN.VC5\YX3PRGN2.W1R\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Dropbox, Inc.) C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech, Inc.) C:\Windows\LockStatusTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [309248 2009-02-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3863040 2009-01-20] (Dell Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe
HKLM-x32\...\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3839022046-2414841528-1097775012-1001\...\Run: [DellSystemDetect] => C:\Users\Martin\AppData\Local\Apps\2.0\D4BAPGNN.VC5\YX3PRGN2.W1R\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-16] (Dell)
HKU\S-1-5-21-3839022046-2414841528-1097775012-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-09] (Adobe Systems Incorporated)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=646B00242B3D7601&affID=121565&tsp=5020
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFF351687CC6ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=646B00242B3D7601&affID=121565&tsp=5020
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default
FF SearchEngineOrder.1: Google
FF Homepage: https://www.google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\abs@avira.com [2014-08-30]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: NetVideoHunter - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\netvideohunter@netvideohunter.com [2014-07-29]
FF Extension: DownloadHelper - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-12]
FF Extension: Classic Theme Restorer - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-06-01]
FF Extension: anonymoX - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\client@anonymox.net.xpi [2013-07-15]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\extension@hidemyass.com.xpi [2013-07-09]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-05-09]
FF Extension: Youtube Video and Mp3 Downloader (Stable) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\{09e4684b-dcac-4608-8b7d-58bef11fc323}.xpi [2014-01-30]
FF Extension: NoScript - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-10]
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-17]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-11-27]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\extensions\cliqz@cliqz.com

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 sPIhgkxJrcx; C:\ProgramData\VDmNguhN\sPIhgkxJrcx.exe [2319728 2014-08-12] (GenTechnologies Apps, LLC)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2930688 2009-01-20] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 MEMACC; C:\Windows\SysWOW64\drivers\memacc.sys [33664 2014-08-12] (Zeal SoftStudio) [File not signed]
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62296 2008-07-29] (O2Micro )
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [267296 2008-05-28] (Creative Technology Ltd.)
S3 zntport; C:\Windows\SysWOW64\drivers\zntport.sys [13880 2014-08-12] (Zeal SoftStudio)
S3 AnyDVD; System32\Drivers\AnyDVD.sys [X]
S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 08:59 - 2014-09-01 09:01 - 00019540 _____ () C:\Users\Martin\Downloads\FRST.txt
2014-09-01 08:59 - 2014-09-01 09:00 - 00000000 ____D () C:\FRST
2014-09-01 08:59 - 2014-09-01 08:59 - 02104832 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2014-08-30 12:24 - 2014-08-31 14:54 - 00012747 _____ () C:\Users\Martin\Desktop\Hochzeit Geschenkeliste.xlsx
2014-08-30 10:03 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 10:03 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 10:03 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-30 09:47 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-30 09:47 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-30 09:47 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-30 09:47 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-30 09:46 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-30 09:46 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-30 09:46 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-30 09:46 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-30 09:46 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-30 09:46 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-30 09:45 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-30 09:45 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-30 09:45 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-30 09:45 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-15 22:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 22:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 22:25 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 22:25 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 22:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 22:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 22:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 22:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 21:35 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 21:35 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 21:35 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 21:35 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 21:35 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 21:35 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 21:35 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 21:35 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 21:35 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 21:35 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 21:35 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 21:35 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 21:35 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 21:35 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 21:35 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 21:35 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 21:35 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 21:35 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 21:35 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 21:35 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 21:35 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 21:35 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 21:35 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 21:35 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 21:35 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 21:35 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 21:35 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 21:35 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 21:35 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 21:35 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 21:35 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 21:35 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 21:35 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 21:35 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 21:35 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 21:35 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 21:35 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 21:35 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 21:35 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 21:35 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 21:35 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 21:35 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 21:35 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 21:35 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 21:35 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 21:35 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 21:35 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 21:35 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 21:35 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 21:35 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 21:35 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 21:35 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 21:35 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 21:35 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 21:35 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 21:35 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 21:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 21:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 21:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 21:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 21:33 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 21:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 21:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 21:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 21:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 21:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 21:33 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 21:33 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 21:32 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 21:32 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 21:31 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 21:31 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 21:31 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 21:31 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 21:31 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 21:31 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 21:31 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 21:31 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 21:27 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 21:27 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 21:27 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 21:27 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 21:27 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 21:27 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 00:03 - 2014-08-14 00:45 - 00000000 ____D () C:\Users\Martin\Desktop\Neuer Ordner
2014-08-12 23:38 - 2014-08-12 23:38 - 00116152 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\ntport.dll
2014-08-12 23:38 - 2014-08-12 23:38 - 00053248 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\memacc.dll
2014-08-12 23:38 - 2014-08-12 23:38 - 00046671 _____ () C:\DEBUG.TXT
2014-08-12 23:38 - 2014-08-12 23:38 - 00033664 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\Drivers\memacc.sys
2014-08-12 23:38 - 2014-08-12 23:38 - 00013880 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\Drivers\zntport.sys
2014-08-12 23:29 - 2014-08-31 11:00 - 00000366 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2014-08-12 23:29 - 2014-08-13 13:55 - 00002732 _____ () C:\Windows\System32\Tasks\DriverToolkit Autorun
2014-08-12 23:20 - 2014-08-12 23:20 - 00000000 ____D () C:\Intel
2014-08-12 23:17 - 2014-08-12 23:17 - 05472920 _____ () C:\Users\Martin\Desktop\Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver.zip
2014-08-12 23:17 - 2014-08-12 23:17 - 00000000 ____D () C:\Users\Martin\Desktop\Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver
2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Martin\SystemRequirementsLab
2014-08-12 20:41 - 2014-08-12 20:41 - 00013690 ____H () C:\Users\Martin\Desktop\~WRL0003.tmp
2014-08-12 18:07 - 2014-08-12 18:08 - 00000000 ____D () C:\ProgramData\VDmNguhN
2014-08-12 18:07 - 2014-08-12 18:07 - 00001007 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\MP3jam.lnk
2014-08-12 18:07 - 2014-08-12 18:07 - 00000983 _____ () C:\Users\Public\Desktop\MP3jam.lnk
2014-08-12 18:07 - 2014-08-12 18:07 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Mp3jam
2014-08-12 18:07 - 2014-08-12 18:07 - 00000000 ____D () C:\Program Files (x86)\MP3jam
2014-08-12 18:04 - 2014-08-12 18:04 - 01101648 _____ () C:\Users\Martin\Downloads\MP3jam - CHIP-Installer.exe
2014-08-12 17:58 - 2014-08-14 00:23 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-08-12 17:58 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\Martin\AppData\Local\DriverToolkit
2014-08-12 17:56 - 2014-08-12 17:56 - 02396224 _____ (Megaify Software ) C:\Users\Martin\Downloads\driver_setup.exe
2014-08-12 17:46 - 2014-08-12 17:45 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 17:45 - 2014-08-12 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 14:51 - 2014-08-12 14:51 - 00000000 ____D () C:\Program Files\Fritz
2014-08-08 22:53 - 2014-08-08 22:53 - 00001221 _____ () C:\Windows\avmacc1.log
2014-08-08 13:28 - 2014-08-08 13:28 - 00003226 _____ () C:\Windows\System32\Tasks\{7C2ADD7F-A29A-4604-B1EB-F892C19C9005}
2014-08-08 13:24 - 2014-08-08 13:24 - 02556424 _____ (AVM GmbH ) C:\Users\Martin\Downloads\avm_fritz!wlan_usb_stick_n_v2_x64_build_120821.exe
2014-08-08 12:59 - 2012-08-24 02:00 - 00480632 _____ (AVM Berlin) C:\Windows\instwcli.dex
2014-08-08 12:58 - 2014-08-08 12:58 - 00003216 _____ () C:\Windows\System32\Tasks\{CCFFE0B2-D4C9-4BED-BB8A-7FBB57A063E6}
2014-08-08 12:50 - 2014-08-12 14:54 - 00002155 _____ () C:\Windows\avmsetup.log
2014-08-08 12:50 - 2014-08-12 14:54 - 00000346 _____ () C:\Windows\avmadd32.log
2014-08-08 12:50 - 2014-08-12 14:51 - 00181992 _____ () C:\Windows\avmacc.log
2014-08-08 12:50 - 2014-08-12 14:47 - 00019916 _____ () C:\Windows\AVMInstall.Log
2014-08-07 08:21 - 2014-08-30 09:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 08:21 - 2014-08-30 09:44 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 09:01 - 2014-09-01 08:59 - 00019540 _____ () C:\Users\Martin\Downloads\FRST.txt
2014-09-01 09:00 - 2014-09-01 08:59 - 00000000 ____D () C:\FRST
2014-09-01 08:59 - 2014-09-01 08:59 - 02104832 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2014-09-01 08:55 - 2012-11-10 01:50 - 01085972 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 08:53 - 2012-11-10 11:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 15:01 - 2014-04-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-08-31 14:54 - 2014-08-30 12:24 - 00012747 _____ () C:\Users\Martin\Desktop\Hochzeit Geschenkeliste.xlsx
2014-08-31 14:51 - 2014-01-21 17:02 - 00000000 ____D () C:\Users\Martin\Desktop\Alex_usb
2014-08-31 14:16 - 2009-07-14 06:45 - 00027040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 14:16 - 2009-07-14 06:45 - 00027040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 14:09 - 2014-04-03 05:41 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 14:09 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-08-31 14:09 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-08-31 13:58 - 2013-02-13 15:51 - 00000000 ___RD () C:\Users\Martin\Dropbox
2014-08-31 11:03 - 2013-02-13 15:44 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Dropbox
2014-08-31 11:00 - 2014-08-12 23:29 - 00000366 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2014-08-31 10:51 - 2009-07-14 06:45 - 00341072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-31 10:50 - 2012-11-10 12:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-31 10:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 10:50 - 2009-07-14 06:51 - 00122939 _____ () C:\Windows\setupact.log
2014-08-30 16:29 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-30 13:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-30 09:45 - 2014-08-07 08:21 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-30 09:44 - 2014-08-07 08:21 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-30 09:44 - 2012-11-10 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-30 09:44 - 2012-11-10 11:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-23 04:07 - 2014-08-30 10:03 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 10:03 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 10:03 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 08:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 22:47 - 2012-11-10 12:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 22:24 - 2014-05-06 23:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 21:08 - 2013-02-13 15:45 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 07:47 - 2014-05-26 21:20 - 00000000 ____D () C:\Users\Martin\Desktop\Downlaodsssss
2014-08-14 00:45 - 2014-08-14 00:03 - 00000000 ____D () C:\Users\Martin\Desktop\Neuer Ordner
2014-08-14 00:44 - 2013-08-11 23:17 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-08-14 00:42 - 2013-10-12 12:48 - 00000000 ____D () C:\ProgramData\Freemake
2014-08-14 00:42 - 2013-10-12 12:48 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-08-14 00:23 - 2014-08-12 17:58 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-08-13 13:55 - 2014-08-12 23:29 - 00002732 _____ () C:\Windows\System32\Tasks\DriverToolkit Autorun
2014-08-12 23:38 - 2014-08-12 23:38 - 00116152 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\ntport.dll
2014-08-12 23:38 - 2014-08-12 23:38 - 00053248 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\memacc.dll
2014-08-12 23:38 - 2014-08-12 23:38 - 00046671 _____ () C:\DEBUG.TXT
2014-08-12 23:38 - 2014-08-12 23:38 - 00033664 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\Drivers\memacc.sys
2014-08-12 23:38 - 2014-08-12 23:38 - 00013880 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\Drivers\zntport.sys
2014-08-12 23:32 - 2012-11-10 11:56 - 00163564 _____ () C:\Windows\PFRO.log
2014-08-12 23:27 - 2012-11-10 12:41 - 00000000 ____D () C:\dell
2014-08-12 23:23 - 2013-08-11 23:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-12 23:20 - 2014-08-12 23:20 - 00000000 ____D () C:\Intel
2014-08-12 23:17 - 2014-08-12 23:17 - 05472920 _____ () C:\Users\Martin\Desktop\Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver.zip
2014-08-12 23:17 - 2014-08-12 23:17 - 00000000 ____D () C:\Users\Martin\Desktop\Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver
2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Martin\SystemRequirementsLab
2014-08-12 23:11 - 2012-11-10 01:56 - 00000000 ____D () C:\Users\Martin
2014-08-12 20:41 - 2014-08-12 20:41 - 00013690 ____H () C:\Users\Martin\Desktop\~WRL0003.tmp
2014-08-12 18:45 - 2013-02-13 15:28 - 00021504 _____ () C:\Users\Martin\Desktop\Inlogge.xlsx
2014-08-12 18:08 - 2014-08-12 18:07 - 00000000 ____D () C:\ProgramData\VDmNguhN
2014-08-12 18:07 - 2014-08-12 18:07 - 00001007 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\MP3jam.lnk
2014-08-12 18:07 - 2014-08-12 18:07 - 00000983 _____ () C:\Users\Public\Desktop\MP3jam.lnk
2014-08-12 18:07 - 2014-08-12 18:07 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Mp3jam
2014-08-12 18:07 - 2014-08-12 18:07 - 00000000 ____D () C:\Program Files (x86)\MP3jam
2014-08-12 18:04 - 2014-08-12 18:04 - 01101648 _____ () C:\Users\Martin\Downloads\MP3jam - CHIP-Installer.exe
2014-08-12 17:58 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\Martin\AppData\Local\DriverToolkit
2014-08-12 17:56 - 2014-08-12 17:56 - 02396224 _____ (Megaify Software ) C:\Users\Martin\Downloads\driver_setup.exe
2014-08-12 17:46 - 2014-07-15 15:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-12 17:45 - 2014-08-12 17:46 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 17:45 - 2014-08-12 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 17:38 - 2014-02-17 20:14 - 00918952 _____ (Oracle Corporation) C:\Users\Martin\Downloads\jxpiinstall.exe
2014-08-12 14:54 - 2014-08-08 12:50 - 00002155 _____ () C:\Windows\avmsetup.log
2014-08-12 14:54 - 2014-08-08 12:50 - 00000346 _____ () C:\Windows\avmadd32.log
2014-08-12 14:51 - 2014-08-12 14:51 - 00000000 ____D () C:\Program Files\Fritz
2014-08-12 14:51 - 2014-08-08 12:50 - 00181992 _____ () C:\Windows\avmacc.log
2014-08-12 14:47 - 2014-08-08 12:50 - 00019916 _____ () C:\Windows\AVMInstall.Log
2014-08-08 22:53 - 2014-08-08 22:53 - 00001221 _____ () C:\Windows\avmacc1.log
2014-08-08 13:28 - 2014-08-08 13:28 - 00003226 _____ () C:\Windows\System32\Tasks\{7C2ADD7F-A29A-4604-B1EB-F892C19C9005}
2014-08-08 13:24 - 2014-08-08 13:24 - 02556424 _____ (AVM GmbH ) C:\Users\Martin\Downloads\avm_fritz!wlan_usb_stick_n_v2_x64_build_120821.exe
2014-08-08 12:58 - 2014-08-08 12:58 - 00003216 _____ () C:\Windows\System32\Tasks\{CCFFE0B2-D4C9-4BED-BB8A-7FBB57A063E6}
2014-08-07 08:21 - 2012-11-10 11:14 - 00000000 ____D () C:\ProgramData\Avira
2014-08-07 04:06 - 2014-08-15 21:27 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 21:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2012-11-10 11:13 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-03 16:08 - 2012-11-20 19:25 - 00000000 ____D () C:\Users\Martin\Documents\Privat

Some content of TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\AskSLib.dll
C:\Users\Martin\AppData\Local\Temp\avgnt.exe
C:\Users\Martin\AppData\Local\Temp\BaseServices.dll
C:\Users\Martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphs6bul.dll
C:\Users\Martin\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe
C:\Users\Martin\AppData\Local\Temp\FreemakeVideoDownloader_3.5.4.0.exe
C:\Users\Martin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\Temp\nsdBA83.exe
C:\Users\Martin\AppData\Local\Temp\nsgD83.exe
C:\Users\Martin\AppData\Local\Temp\nsl9F9.exe
C:\Users\Martin\AppData\Local\Temp\nsr5C13.exe
C:\Users\Martin\AppData\Local\Temp\nsw61FD.exe
C:\Users\Martin\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Martin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Martin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Martin\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Martin\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Martin\AppData\Local\Temp\nvStInst.exe
C:\Users\Martin\AppData\Local\Temp\ose00000.exe
C:\Users\Martin\AppData\Local\Temp\Setup.exe
C:\Users\Martin\AppData\Local\Temp\uninst1.exe
C:\Users\Martin\AppData\Local\Temp\USBUnplugMonitor.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-30 13:17

==================== End Of Log ============================
--- --- ---

schrauber 01.09.2014 14:47
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Spender0815 01.09.2014 20:52
Code:
ComboFix 14-08-31.01 - Martin 01.09.2014  21:24:45.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4094.2447 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ALEXAN~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Martin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-01 bis 2014-09-01  ))))))))))))))))))))))))))))))
.
.
2014-09-01 06:59 . 2014-09-01 07:06        --------        d-----w-        C:\FRST
2014-08-30 08:04 . 2014-08-21 09:24        11319192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D79AEA2-8458-4EB3-BF0D-B9A21B351F6B}\mpengine.dll
2014-08-30 08:03 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-30 08:03 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-30 08:03 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-08-30 07:47 . 2014-05-14 16:23        44512        ----a-w-        c:\windows\system32\wups2.dll
2014-08-30 07:47 . 2014-05-14 16:23        58336        ----a-w-        c:\windows\system32\wuauclt.exe
2014-08-30 07:47 . 2014-05-14 16:23        2477536        ----a-w-        c:\windows\system32\wuaueng.dll
2014-08-30 07:47 . 2014-05-14 16:21        2620928        ----a-w-        c:\windows\system32\wucltux.dll
2014-08-30 07:46 . 2014-05-14 16:23        38880        ----a-w-        c:\windows\system32\wups.dll
2014-08-30 07:46 . 2014-05-14 16:23        36320        ----a-w-        c:\windows\SysWow64\wups.dll
2014-08-30 07:46 . 2014-05-14 16:23        700384        ----a-w-        c:\windows\system32\wuapi.dll
2014-08-30 07:46 . 2014-05-14 16:23        581600        ----a-w-        c:\windows\SysWow64\wuapi.dll
2014-08-30 07:46 . 2014-05-14 16:20        97792        ----a-w-        c:\windows\system32\wudriver.dll
2014-08-30 07:46 . 2014-05-14 16:17        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2014-08-30 07:45 . 2014-05-14 07:23        198600        ----a-w-        c:\windows\system32\wuwebv.dll
2014-08-30 07:45 . 2014-05-14 07:23        179656        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2014-08-30 07:45 . 2014-05-14 07:20        36864        ----a-w-        c:\windows\system32\wuapp.exe
2014-08-30 07:45 . 2014-05-14 07:17        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2014-08-15 20:25 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll
2014-08-15 20:25 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe
2014-08-15 20:25 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll
2014-08-15 20:25 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe
2014-08-15 20:25 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-08-15 20:25 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-08-15 20:25 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 20:25 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2014-08-15 19:33 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDTAT.DLL
2014-08-15 19:33 . 2014-07-09 02:03        6656        ----a-w-        c:\windows\system32\KBDRU.DLL
2014-08-15 19:33 . 2014-07-09 01:31        7168        ----a-w-        c:\windows\SysWow64\KBDYAK.DLL
2014-08-15 19:33 . 2014-07-09 01:31        6656        ----a-w-        c:\windows\SysWow64\KBDBASH.DLL
2014-08-15 19:33 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDYAK.DLL
2014-08-15 19:33 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDRU1.DLL
2014-08-15 19:33 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDBASH.DLL
2014-08-15 19:32 . 2014-07-16 03:23        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-08-15 19:32 . 2014-07-16 02:46        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-08-15 19:31 . 2014-06-03 10:02        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-08-15 19:31 . 2014-06-03 10:02        1941504        ----a-w-        c:\windows\system32\authui.dll
2014-08-15 19:31 . 2014-06-03 09:29        2363392        ----a-w-        c:\windows\SysWow64\msi.dll
2014-08-15 19:31 . 2014-06-03 10:02        112064        ----a-w-        c:\windows\system32\consent.exe
2014-08-15 19:31 . 2014-06-03 09:29        1805824        ----a-w-        c:\windows\SysWow64\authui.dll
2014-08-15 19:31 . 2014-06-03 10:02        504320        ----a-w-        c:\windows\system32\msihnd.dll
2014-08-15 19:31 . 2014-06-03 09:29        337408        ----a-w-        c:\windows\SysWow64\msihnd.dll
2014-08-15 19:31 . 2014-06-16 02:10        985536        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2014-08-15 19:27 . 2014-06-25 02:05        14175744        ----a-w-        c:\windows\system32\shell32.dll
2014-08-15 19:27 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-08-15 19:27 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-08-15 19:27 . 2014-08-07 02:06        529920        ----a-w-        c:\windows\system32\aepdu.dll
2014-08-15 19:27 . 2014-08-07 02:01        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-08-12 21:38 . 2014-08-12 21:38        53248        ----a-w-        c:\windows\SysWow64\memacc.dll
2014-08-12 21:38 . 2014-08-12 21:38        33664        ----a-w-        c:\windows\SysWow64\drivers\memacc.sys
2014-08-12 21:38 . 2014-08-12 21:38        13880        ----a-w-        c:\windows\SysWow64\drivers\zntport.sys
2014-08-12 21:38 . 2014-08-12 21:38        116152        ----a-w-        c:\windows\SysWow64\ntport.dll
2014-08-12 21:23 . 2003-11-10 16:12        192512        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2014-08-12 21:23 . 2014-08-12 21:23        188548        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2014-08-12 21:23 . 2003-11-10 16:14        729088        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2014-08-12 21:23 . 2003-11-10 16:13        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2014-08-12 21:23 . 2003-11-10 16:12        266240        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2014-08-12 21:23 . 2003-11-10 16:11        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2014-08-12 21:23 . 2014-08-12 21:23        311428        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2014-08-12 21:20 . 2014-08-12 21:20        --------        d-----w-        C:\Intel
2014-08-12 21:11 . 2014-08-12 21:11        --------        d-----w-        c:\users\Martin\SystemRequirementsLab
2014-08-12 16:07 . 2014-08-12 16:08        --------        d-----w-        c:\programdata\VDmNguhN
2014-08-12 16:07 . 2014-08-12 16:07        --------        d-----w-        c:\users\Martin\AppData\Roaming\Mp3jam
2014-08-12 16:07 . 2014-08-12 16:07        --------        d-----w-        c:\program files (x86)\MP3jam
2014-08-12 15:58 . 2014-08-12 15:58        --------        d-----w-        c:\users\Martin\AppData\Local\DriverToolkit
2014-08-12 15:58 . 2014-08-13 22:23        --------        d-----w-        c:\program files (x86)\DriverToolkit
2014-08-12 15:46 . 2014-08-12 15:46        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-08-12 15:45 . 2014-08-12 15:45        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-12 12:51 . 2014-08-12 12:51        --------        d-----w-        c:\program files\Fritz
2014-08-08 10:59 . 2012-08-24 00:00        480632        ----a-w-        c:\windows\instwcli.dex
2014-08-07 06:21 . 2014-08-30 07:45        --------        d-----w-        c:\programdata\Package Cache
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-01 07:11 . 2014-07-13 08:53        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-08-05 07:20 . 2012-11-10 09:13        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-07-10 11:49 . 2013-05-07 19:12        42040        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-07-09 20:28 . 2012-11-20 17:50        96441528        ----a-w-        c:\windows\system32\MRT.exe
2014-07-09 20:13 . 2012-11-10 09:59        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 20:13 . 2012-11-10 09:59        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-03 18:39 . 2013-03-30 09:06        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-06-18 02:18 . 2014-07-09 18:55        692736        ----a-w-        c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 18:55        646144        ----a-w-        c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 18:55        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 18:55        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 18:50        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 18:50        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 18:50        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSystemDetect"="c:\users\Martin\AppData\Local\Apps\2.0\D4BAPGNN.VC5\YX3PRGN2.W1R\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe" [2014-04-16 254976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-07 751184]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-04 161584]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-30 36414496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 sPIhgkxJrcx;sPIhgkxJrcx;c:\programdata\VDmNguhN\sPIhgkxJrcx.exe;c:\programdata\VDmNguhN\sPIhgkxJrcx.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MEMACC;MEMACC;c:\windows\system32\drivers\memacc.sys;c:\windows\SYSNATIVE\drivers\memacc.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys;c:\windows\SYSNATIVE\DRIVERS\OEM13Vfx.sys [x]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OEM13Vid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 20:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        164760        ----a-w-        c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-27 309248]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-20 3863040]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=646B00242B3D7601&affID=121565&tsp=5020
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Download Protect - c:\programdata\dlprotect.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAApTfFq2WFjkKwf1yls3FB8gAAAAACAAAAAAAQZgAAAAEAACAAAADoR5p77D9uBkoN5uq4MOvQctXTdhhTH3oFLkaxp5QCYwAAAAAOgAAAAAIAACAAAABBaqUwvKSDwyIVWtfbaApPHSb5s6ecpk/sQPekoKAN+RAAAACkyStvwwYfmWFdtHAJtXN+QAAAAKREfjGDp3Va0A/OTgbuLKMAqfDJnoiOv8m46XTbnhzYHmRJdBC+1eI36NvQGrt68KiVq6xA+zhXKClpgYPhnss="
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAApTfFq2WFjkKwf1yls3FB8gAAAAACAAAAAAAQZgAAAAEAACAAAAAxAAiAnyLfKBzAHVY1+J9i213nnbeX4WPPMRKNFgWs3gAAAAAOgAAAAAIAACAAAAAHPcaneADVKogQOlwNFz2sT507V6hsChASzD/r5/lwYSAAAABMAiWPlK/ULFEwMxv6MoTYdf5H3qsC8jw90LpgKkhXvEAAAAAfxt45PGjFxTCIYfSOut3WPH8WtSCtoRVRNSE/257f9D5Xmd/JOmN5NE8uUAYqNFAZ1L9hnpy3Tq1y3Qi1l51i"
"{FCCCD80D-2A5E-401E-B64F-D1C2E375B955}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAApTfFq2WFjkKwf1yls3FB8gAAAAACAAAAAAAQZgAAAAEAACAAAADMXEiZvQud3J82qjW7v1d+RKjcsdtN+UbMzmgWvArzeAAAAAAOgAAAAAIAACAAAACJ0SkDtwd0XH7h7b3oGvg2xLeYmU/p0+lWlw1RCzYqYxAAAAB6cfM3lDBBDrsapNIiUevCQAAAAMqWtKx7ow6gul/9a2HsRRZgo+SLsWhnZTrCcZm9frfZDsmj1zHzXudOyLhr3r3YZNc3HUxKA3vAS3AmjuldlSg="
.
[HKEY_USERS\S-1-5-21-3839022046-2414841528-1097775012-1001_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):90,84,b1,6f,60,85,d1,08
"DeltaClock"=hex(b):12,88,07,d8,ff,ff,ff,ff
"LastNtpServer"="time-nw.nist.gov"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\DRIVERS\o2flash.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-01  21:49:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-01 19:49
.
Vor Suchlauf: 13 Verzeichnis(se), 31.817.596.928 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 33.501.966.336 Bytes frei
.
- - End Of File - - F3686171DC44A492D35223ED0B3ED1BE
A36C5E4F47E84449FF07ED3517B43A31
Rein aus Interesse, welche Daten schaust du dir jetzt an und was ist relevant? Man will ja nicht allzu dumm sterben ;)

Es dankt
der Spender

schrauber 02.09.2014 19:22
na das ganze Log, Zeile für Zeile :)


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Spender0815 04.09.2014 15:11
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Administrator on 04.09.2014 at 15:56:04,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\gne4ndzs.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.09.2014 at 16:06:57,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
# AdwCleaner v3.309 - Bericht erstellt am 04/09/2014 um 14:44:20
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Administrator - SCHNITZEL
# Gestartet von : C:\Users\Administrator\Downloads\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DSearchLink
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
[!] Ordner Gelöscht : C:\Users\Martin\Search
Ordner Gelöscht : C:\Users\Martin\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Security System 2
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\searchplugins\conduit-search.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\5d2d88be235b814
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MovieMode

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gne4ndzs.default\prefs.js ]


[ Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "145042bbe5ae8abd1d665bcb06295e12");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "646bf9de00000000000000242b3d7601");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15977");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.618:28:13");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121565&tsp=5020");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[R0].txt - [6259 octets] - [04/09/2014 14:36:11]
AdwCleaner[S0].txt - [6097 octets] - [04/09/2014 14:44:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6157 octets] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 04.09.2014 08:09:38, SYSTEM, SCHNITZEL, Protection, Malware Protection, Starting,
Protection, 04.09.2014 08:09:38, SYSTEM, SCHNITZEL, Protection, Malware Protection, Started,
Protection, 04.09.2014 08:09:38, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Starting,
Detection, 04.09.2014 08:10:01, SYSTEM, SCHNITZEL, Protection, Malware Protection, File, Adware.MovieMode, C:\ProgramData\VDmNguhN\sPIhgkxJrcx.exe, Quarantine, [f84ccf1a6a11e84ef3b7551b1de4a25e]
Protection, 04.09.2014 08:14:03, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Started,
Detection, 04.09.2014 08:22:30, SYSTEM, SCHNITZEL, Protection, Malware Protection, File, Adware.MovieMode, c:\programdata\vdmnguhn\spihgkxjrcx.exe, Quarantine, [f84ccf1a6a11e84ef3b7551b1de4a25e]
Protection, 04.09.2014 08:22:30, SYSTEM, SCHNITZEL, Protection, SDKQuarantine, 2, Failed, c:\programdata\vdmnguhn\spihgkxjrcx.exe,
Error, 04.09.2014 08:22:30, SYSTEM, SCHNITZEL, Protection, SDKQuarantine, 2, Failed, c:\programdata\vdmnguhn\spihgkxjrcx.exe,
Update, 04.09.2014 08:28:01, SYSTEM, SCHNITZEL, Scheduler, Malware Database, 2014.9.3.8, 2014.9.4.2,
Protection, 04.09.2014 08:28:03, SYSTEM, SCHNITZEL, Protection, Refresh, Starting,
Protection, 04.09.2014 08:28:03, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Stopping,
Protection, 04.09.2014 08:28:03, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Stopped,
Protection, 04.09.2014 08:28:42, SYSTEM, SCHNITZEL, Protection, Refresh, Success,
Protection, 04.09.2014 08:28:42, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Starting,
Protection, 04.09.2014 08:28:44, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Started,
Detection, 04.09.2014 10:14:03, SYSTEM, SCHNITZEL, Protection, Malware Protection, File, Adware.MovieMode, C:\ProgramData\VDmNguhN\dat\YFJpcPTv.exe, Quarantine, [00a27b6ec5b61b1bab0890e02fd25fa1]
Detection, 04.09.2014 10:14:25, SYSTEM, SCHNITZEL, Protection, Malware Protection, File, PUP.Optional.OpenCandy, C:\Users\Martin\Downloads\cdbxp_setup_4.5.2.4214_minimal.exe, Quarantine, [1c86c0291c5f4cea435637e807f98878]
Protection, 04.09.2014 12:27:55, SYSTEM, SCHNITZEL, Protection, Malware Protection, Starting,
Protection, 04.09.2014 12:27:55, SYSTEM, SCHNITZEL, Protection, Malware Protection, Started,
Protection, 04.09.2014 12:27:55, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Starting,
Protection, 04.09.2014 12:29:36, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Started,
Update, 04.09.2014 12:31:30, SYSTEM, SCHNITZEL, Manual, Malware Database, 2014.9.4.2, 2014.9.4.3,
Protection, 04.09.2014 12:31:35, SYSTEM, SCHNITZEL, Protection, Refresh, Starting,
Protection, 04.09.2014 12:31:35, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Stopping,
Protection, 04.09.2014 12:31:37, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Stopped,
Protection, 04.09.2014 12:31:43, SYSTEM, SCHNITZEL, Protection, Refresh, Success,
Protection, 04.09.2014 12:31:43, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Starting,
Protection, 04.09.2014 12:31:44, SYSTEM, SCHNITZEL, Protection, Malicious Website Protection, Started,

(end)

schrauber 05.09.2014 09:55

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Spender0815 06.09.2014 13:24
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ec08697a67dd1b4f90490d37272fe1a5
# engine=20022
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-05 08:52:03
# local_time=2014-09-05 10:52:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 9641 275370013 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 9489 161580173 0 0
# scanned=14858
# found=7
# cleaned=0
# scan_time=8551
sh=2B38E701340D1B8B29DEA4087827B0E92D52F7A6 ft=1 fh=b608aaa2f61072ba vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-2409692257-2134198246-3569125786-1000\$RW0DQTR.exe"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=FDA86CC2FFCBECAA996FB86A83772F5A4C79685E ft=1 fh=480c1b30e13dfda5 vn="Win32/Conduit.SearchProtect.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Martin\AppData\Local\DownloadGuide\SPIdentifier.exe.vir"
sh=9609680BC61ED8AA537CA7016ED25F85BE92BF9E ft=1 fh=46d56238a34b39c4 vn="Win32/Packed.ScrambleWrapper.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Martin\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe.vir"
sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Martin\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Martin\AppData\Local\DownloadGuide\Offers\sp-downloader.exe.vir"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Martin\AppData\Roaming\OpenCandy\9FACBD274B6B4102B36ED0C8B3899577\DeltaTB.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ec08697a67dd1b4f90490d37272fe1a5
# engine=20025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-06 12:09:49
# local_time=2014-09-06 02:09:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 64707 275425079 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 64555 161635239 0 0
# scanned=313515
# found=13
# cleaned=0
# scan_time=47899
sh=2B38E701340D1B8B29DEA4087827B0E92D52F7A6 ft=1 fh=b608aaa2f61072ba vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-2409692257-2134198246-3569125786-1000\$RW0DQTR.exe"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=FDA86CC2FFCBECAA996FB86A83772F5A4C79685E ft=1 fh=480c1b30e13dfda5 vn="Win32/Conduit.SearchProtect.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Martin\AppData\Local\DownloadGuide\SPIdentifier.exe.vir"
sh=9609680BC61ED8AA537CA7016ED25F85BE92BF9E ft=1 fh=46d56238a34b39c4 vn="Win32/Packed.ScrambleWrapper.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Martin\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe.vir"
sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Martin\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Martin\AppData\Local\DownloadGuide\Offers\sp-downloader.exe.vir"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Martin\AppData\Roaming\OpenCandy\9FACBD274B6B4102B36ED0C8B3899577\DeltaTB.exe.vir"
sh=8FA8B45BE965865D1FDD63FF882C4CEB2055BA26 ft=1 fh=bcbd08341a087339 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Martin\Downloads\ashampoo-clipfinder-hd_26966.exe"
sh=0C7E1F8EB63F9F1C75EB08A156E54A7349853EFF ft=1 fh=d24020069345d3b6 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Martin\Downloads\PDFCreator-1_6_0_setup.exe"
sh=A97FC6D55219BB3434C72611AA3D072A4EE474FC ft=1 fh=3b820b3671329277 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Martin\Downloads\SoftonicDownloader_fuer_graph.exe"
sh=F7F0354C827356EA5017CBA212074DCC91C4F8C6 ft=1 fh=8b282906ec45a7c6 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Martin\Downloads\XMedia Recode - CHIP-Installer.exe"
sh=BA5D225FE04ED9E21278011D1A6F6BBECB9134D8 ft=1 fh=57ab8a13e6ab5320 vn="Variante von Win32/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="D:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\nsf8\nsm9.tmp\SetupDataMngr_Searchqu.exe"
sh=BE6DF413F8E7D87A7B5DAD15FDDED148EDAB56D0 ft=1 fh=8326362d6880baa8 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\RECYCLER\S-1-5-21-515967899-583907252-682003330-500\Dc22.exe"
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Adobe Flash Player 14.0.0.145 
 Mozilla Firefox (31.0)
 Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Martin (administrator) on SCHNITZEL on 06-09-2014 14:22:00
Running from C:\Users\Martin\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Dell) C:\Users\Martin\AppData\Local\Apps\2.0\D4BAPGNN.VC5\YX3PRGN2.W1R\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Dropbox, Inc.) C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech, Inc.) C:\Windows\LockStatusTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\Martin\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [309248 2009-02-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3863040 2009-01-20] (Dell Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3839022046-2414841528-1097775012-1001\...\Run: [DellSystemDetect] => C:\Users\Martin\AppData\Local\Apps\2.0\D4BAPGNN.VC5\YX3PRGN2.W1R\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-16] (Dell)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=646B00242B3D7601&affID=121565&tsp=5020
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFF351687CC6ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=646B00242B3D7601&affID=121565&tsp=5020
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default
FF SearchEngineOrder.1: Google
FF Homepage: https://www.google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: DownloadHelper - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Classic Theme Restorer - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-06-01]
FF Extension: NoScript - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-10]
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-17]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-11-27]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ryep05e4.default\extensions\cliqz@cliqz.com

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2930688 2009-01-20] (Dell Inc.) [File not signed]
S2 sPIhgkxJrcx; "C:\ProgramData\VDmNguhN\sPIhgkxJrcx.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MEMACC; C:\Windows\SysWOW64\drivers\memacc.sys [33664 2014-08-12] (Zeal SoftStudio) [File not signed]
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62296 2008-07-29] (O2Micro )
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [267296 2008-05-28] (Creative Technology Ltd.)
S3 zntport; C:\Windows\SysWOW64\drivers\zntport.sys [13880 2014-08-12] (Zeal SoftStudio)
S3 AnyDVD; System32\Drivers\AnyDVD.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 14:21 - 2014-09-06 14:21 - 00015480 _____ () C:\Users\Martin\Desktop\bookmarks-2014-09-06.json
2014-09-06 00:49 - 2014-09-06 00:49 - 02347384 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_deu(1).exe
2014-09-05 20:26 - 2014-09-05 20:26 - 00854417 _____ () C:\Users\Martin\Downloads\SecurityCheck.exe
2014-09-05 20:24 - 2014-09-05 20:24 - 02347384 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_deu.exe
2014-09-05 20:24 - 2014-09-05 20:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 16:06 - 2014-09-04 16:06 - 00000897 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-04 15:55 - 2014-09-04 15:55 - 01016261 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-04 15:55 - 2014-09-04 15:55 - 00000000 ____D () C:\Windows\ERUNT
2014-09-04 15:51 - 2014-09-04 15:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\APP_NAME_NON_STRING
2014-09-04 14:36 - 2014-09-04 14:44 - 00000000 ____D () C:\AdwCleaner
2014-09-04 14:35 - 2014-09-04 14:35 - 01370483 _____ () C:\Users\Administrator\Downloads\adwcleaner_3.309.exe
2014-09-04 14:25 - 2014-09-04 14:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-04 12:36 - 2014-09-04 12:36 - 09812520 _____ () C:\Users\Administrator\Downloads\alps tocuh padR244796.exe
2014-09-04 11:33 - 2014-09-04 11:33 - 00000771 _____ () C:\Windows\comsetup.log
2014-09-04 11:25 - 2014-09-04 11:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Administrator\Downloads\spybot-2.4.exe
2014-09-04 11:22 - 2014-09-04 11:23 - 00000000 ___DC () C:\Users\Administrator\AppData\Local\MigWiz
2014-09-04 11:19 - 2014-09-04 11:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-09-04 11:19 - 2014-09-04 11:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia
2014-09-04 11:18 - 2014-09-04 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-09-04 11:18 - 2014-09-04 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-09-04 11:06 - 2014-09-04 11:06 - 00000000 ____D () C:\Program Files\IDT
2014-09-04 10:58 - 2014-09-04 10:58 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-09-04 10:58 - 2014-09-04 10:58 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-09-04 10:56 - 2014-09-04 10:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira
2014-09-04 10:50 - 2014-09-04 10:50 - 00085368 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-04 10:50 - 2014-09-04 10:50 - 00001421 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-04 10:50 - 2014-09-04 10:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-04 10:49 - 2014-09-04 10:50 - 00000000 ____D () C:\Users\Administrator
2014-09-04 10:49 - 2014-09-04 10:49 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-09-04 10:49 - 2012-11-13 14:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-09-04 10:49 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-04 10:49 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-03 22:50 - 2014-09-06 13:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 22:49 - 2014-09-03 22:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 22:49 - 2014-09-03 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 22:49 - 2014-09-03 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 22:49 - 2014-09-03 22:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 22:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 22:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 22:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 22:48 - 2014-09-03 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-02 22:37 - 2014-09-02 22:42 - 00000000 ____D () C:\Hörspiel
2014-09-01 21:49 - 2014-09-01 21:49 - 00022022 _____ () C:\ComboFix.txt
2014-09-01 21:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-01 21:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-01 21:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-01 21:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-01 21:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-01 21:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-01 21:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-01 21:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-01 21:21 - 2014-09-01 21:49 - 00000000 ____D () C:\Qoobox
2014-09-01 21:20 - 2014-09-01 21:46 - 00000000 ____D () C:\Windows\erdnt
2014-09-01 21:19 - 2014-09-01 21:19 - 05576326 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2014-09-01 09:26 - 2014-09-01 09:26 - 02212572 _____ () C:\Users\Martin\Desktop\hw64_4.42.zip
2014-09-01 09:03 - 2014-09-01 09:22 - 00033637 _____ () C:\Users\Martin\Downloads\Addition.txt
2014-09-01 08:59 - 2014-09-06 14:22 - 00018900 _____ () C:\Users\Martin\Downloads\FRST.txt
2014-09-01 08:59 - 2014-09-06 14:22 - 00000000 ____D () C:\FRST
2014-09-01 08:59 - 2014-09-01 08:59 - 02104832 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2014-08-30 12:24 - 2014-09-01 16:03 - 00013306 _____ () C:\Users\Martin\Desktop\Hochzeit Geschenkeliste.xlsx
2014-08-30 10:03 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 10:03 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 10:03 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-30 09:47 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-30 09:47 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-30 09:47 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-30 09:47 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-30 09:46 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-30 09:46 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-30 09:46 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-30 09:46 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-30 09:46 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-30 09:46 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-30 09:45 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-30 09:45 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-30 09:45 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-30 09:45 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-15 22:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 22:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 22:25 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 22:25 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 22:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 22:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 22:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 22:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 21:35 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 21:35 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 21:35 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 21:35 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 21:35 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 21:35 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 21:35 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 21:35 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 21:35 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 21:35 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 21:35 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 21:35 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 21:35 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 21:35 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 21:35 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 21:35 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 21:35 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 21:35 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 21:35 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 21:35 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 21:35 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 21:35 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 21:35 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 21:35 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 21:35 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 21:35 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 21:35 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 21:35 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 21:35 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 21:35 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 21:35 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 21:35 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 21:35 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 21:35 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 21:35 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 21:35 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 21:35 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 21:35 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 21:35 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 21:35 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 21:35 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 21:35 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 21:35 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 21:35 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 21:35 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 21:35 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 21:35 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 21:35 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 21:35 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 21:35 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 21:35 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 21:35 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 21:35 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 21:35 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 21:35 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 21:35 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 21:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 21:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 21:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 21:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 21:33 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 21:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 21:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 21:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 21:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 21:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 21:33 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 21:33 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 21:32 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 21:32 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 21:31 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 21:31 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 21:31 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 21:31 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 21:31 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 21:31 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 21:31 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 21:31 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 21:27 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 21:27 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 21:27 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 21:27 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 21:27 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 21:27 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 00:03 - 2014-08-14 00:45 - 00000000 ____D () C:\Users\Martin\Desktop\Neuer Ordner
2014-08-12 23:38 - 2014-08-12 23:38 - 00116152 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\ntport.dll
2014-08-12 23:38 - 2014-08-12 23:38 - 00053248 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\memacc.dll
2014-08-12 23:38 - 2014-08-12 23:38 - 00046671 _____ () C:\DEBUG.TXT
2014-08-12 23:38 - 2014-08-12 23:38 - 00033664 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\Drivers\memacc.sys
2014-08-12 23:38 - 2014-08-12 23:38 - 00013880 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\Drivers\zntport.sys
2014-08-12 23:20 - 2014-08-12 23:20 - 00000000 ____D () C:\Intel
2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Martin\SystemRequirementsLab
2014-08-12 18:07 - 2014-09-04 08:10 - 00000000 ____D () C:\ProgramData\VDmNguhN
2014-08-12 18:07 - 2014-08-12 18:07 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Mp3jam
2014-08-12 17:58 - 2014-08-14 00:23 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-08-12 17:58 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\Martin\AppData\Local\DriverToolkit
2014-08-12 17:46 - 2014-08-12 17:45 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 17:45 - 2014-08-12 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 14:51 - 2014-08-12 14:51 - 00000000 ____D () C:\Program Files\Fritz
2014-08-08 22:53 - 2014-08-08 22:53 - 00001221 _____ () C:\Windows\avmacc1.log
2014-08-08 13:28 - 2014-08-08 13:28 - 00003226 _____ () C:\Windows\System32\Tasks\{7C2ADD7F-A29A-4604-B1EB-F892C19C9005}
2014-08-08 13:24 - 2014-08-08 13:24 - 02556424 _____ (AVM GmbH ) C:\Users\Martin\Downloads\avm_fritz!wlan_usb_stick_n_v2_x64_build_120821.exe
2014-08-08 12:59 - 2012-08-24 02:00 - 00480632 _____ (AVM Berlin) C:\Windows\instwcli.dex
2014-08-08 12:58 - 2014-08-08 12:58 - 00003216 _____ () C:\Windows\System32\Tasks\{CCFFE0B2-D4C9-4BED-BB8A-7FBB57A063E6}
2014-08-08 12:50 - 2014-08-12 14:54 - 00002155 _____ () C:\Windows\avmsetup.log
2014-08-08 12:50 - 2014-08-12 14:54 - 00000346 _____ () C:\Windows\avmadd32.log
2014-08-08 12:50 - 2014-08-12 14:51 - 00181992 _____ () C:\Windows\avmacc.log
2014-08-08 12:50 - 2014-08-12 14:47 - 00019916 _____ () C:\Windows\AVMInstall.Log
2014-08-07 08:21 - 2014-08-30 09:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 08:21 - 2014-08-30 09:44 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 14:23 - 2014-09-01 08:59 - 00018900 _____ () C:\Users\Martin\Downloads\FRST.txt
2014-09-06 14:22 - 2014-09-01 08:59 - 00000000 ____D () C:\FRST
2014-09-06 14:21 - 2014-09-06 14:21 - 00015480 _____ () C:\Users\Martin\Desktop\bookmarks-2014-09-06.json
2014-09-06 14:13 - 2012-11-10 11:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 14:12 - 2012-11-10 01:50 - 01333059 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 13:42 - 2014-09-03 22:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 00:54 - 2009-07-14 06:45 - 00027040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 00:54 - 2009-07-14 06:45 - 00027040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 00:49 - 2014-09-06 00:49 - 02347384 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_deu(1).exe
2014-09-06 00:48 - 2013-02-13 15:51 - 00000000 ___RD () C:\Users\Martin\Dropbox
2014-09-06 00:48 - 2013-02-13 15:44 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Dropbox
2014-09-06 00:43 - 2012-11-10 12:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-06 00:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 00:43 - 2009-07-14 06:51 - 00123779 _____ () C:\Windows\setupact.log
2014-09-05 20:26 - 2014-09-05 20:26 - 00854417 _____ () C:\Users\Martin\Downloads\SecurityCheck.exe
2014-09-05 20:24 - 2014-09-05 20:24 - 02347384 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_deu.exe
2014-09-05 20:24 - 2014-09-05 20:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-05 20:11 - 2014-04-03 05:41 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-05 20:11 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-05 20:11 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-04 16:06 - 2014-09-04 16:06 - 00000897 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-04 15:55 - 2014-09-04 15:55 - 01016261 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-04 15:55 - 2014-09-04 15:55 - 00000000 ____D () C:\Windows\ERUNT
2014-09-04 15:51 - 2014-09-04 15:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\APP_NAME_NON_STRING
2014-09-04 15:46 - 2012-11-10 11:56 - 00171332 _____ () C:\Windows\PFRO.log
2014-09-04 14:44 - 2014-09-04 14:36 - 00000000 ____D () C:\AdwCleaner
2014-09-04 14:35 - 2014-09-04 14:35 - 01370483 _____ () C:\Users\Administrator\Downloads\adwcleaner_3.309.exe
2014-09-04 14:25 - 2014-09-04 14:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-04 12:36 - 2014-09-04 12:36 - 09812520 _____ () C:\Users\Administrator\Downloads\alps tocuh padR244796.exe
2014-09-04 11:33 - 2014-09-04 11:33 - 00000771 _____ () C:\Windows\comsetup.log
2014-09-04 11:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-04 11:25 - 2014-09-04 11:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Administrator\Downloads\spybot-2.4.exe
2014-09-04 11:23 - 2014-09-04 11:22 - 00000000 ___DC () C:\Users\Administrator\AppData\Local\MigWiz
2014-09-04 11:19 - 2014-09-04 11:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-09-04 11:19 - 2014-09-04 11:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia
2014-09-04 11:18 - 2014-09-04 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-09-04 11:18 - 2014-09-04 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-09-04 11:11 - 2012-11-10 12:41 - 00037340 _____ () C:\Windows\DPINST.LOG
2014-09-04 11:06 - 2014-09-04 11:06 - 00000000 ____D () C:\Program Files\IDT
2014-09-04 11:06 - 2013-08-11 23:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-04 10:58 - 2014-09-04 10:58 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-09-04 10:58 - 2014-09-04 10:58 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-09-04 10:56 - 2014-09-04 10:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira
2014-09-04 10:55 - 2014-03-11 18:30 - 00000000 ____D () C:\Program Files (x86)\Graph
2014-09-04 10:51 - 2014-07-22 21:43 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-09-04 10:50 - 2014-09-04 10:50 - 00085368 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-04 10:50 - 2014-09-04 10:50 - 00001421 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-04 10:50 - 2014-09-04 10:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-04 10:50 - 2014-09-04 10:49 - 00000000 ____D () C:\Users\Administrator
2014-09-04 10:50 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-04 10:49 - 2014-09-04 10:49 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-09-04 10:49 - 2014-09-04 10:49 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-09-04 10:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-04 08:10 - 2014-08-12 18:07 - 00000000 ____D () C:\ProgramData\VDmNguhN
2014-09-03 22:49 - 2014-09-03 22:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 22:49 - 2014-09-03 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 22:49 - 2014-09-03 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 22:49 - 2014-09-03 22:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 22:48 - 2014-09-03 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-02 22:42 - 2014-09-02 22:37 - 00000000 ____D () C:\Hörspiel
2014-09-01 21:49 - 2014-09-01 21:49 - 00022022 _____ () C:\ComboFix.txt
2014-09-01 21:49 - 2014-09-01 21:21 - 00000000 ____D () C:\Qoobox
2014-09-01 21:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-01 21:46 - 2014-09-01 21:20 - 00000000 ____D () C:\Windows\erdnt
2014-09-01 21:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-01 21:19 - 2014-09-01 21:19 - 05576326 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2014-09-01 16:03 - 2014-08-30 12:24 - 00013306 _____ () C:\Users\Martin\Desktop\Hochzeit Geschenkeliste.xlsx
2014-09-01 09:26 - 2014-09-01 09:26 - 02212572 _____ () C:\Users\Martin\Desktop\hw64_4.42.zip
2014-09-01 09:22 - 2014-09-01 09:03 - 00033637 _____ () C:\Users\Martin\Downloads\Addition.txt
2014-09-01 08:59 - 2014-09-01 08:59 - 02104832 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2014-08-31 14:51 - 2014-01-21 17:02 - 00000000 ____D () C:\Users\Martin\Desktop\Alex_usb
2014-08-31 10:51 - 2009-07-14 06:45 - 00341072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 16:29 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-30 09:45 - 2014-08-07 08:21 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-30 09:44 - 2014-08-07 08:21 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-30 09:44 - 2012-11-10 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-30 09:44 - 2012-11-10 11:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-23 04:07 - 2014-08-30 10:03 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 10:03 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 10:03 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 08:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 22:47 - 2012-11-10 12:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 22:24 - 2014-05-06 23:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 21:08 - 2013-02-13 15:45 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 07:47 - 2014-05-26 21:20 - 00000000 ____D () C:\Users\Martin\Desktop\Downlaodsssss
2014-08-14 00:45 - 2014-08-14 00:03 - 00000000 ____D () C:\Users\Martin\Desktop\Neuer Ordner
2014-08-14 00:42 - 2013-10-12 12:48 - 00000000 ____D () C:\ProgramData\Freemake
2014-08-14 00:42 - 2013-10-12 12:48 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-08-14 00:23 - 2014-08-12 17:58 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-08-12 23:38 - 2014-08-12 23:38 - 00116152 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\ntport.dll
2014-08-12 23:38 - 2014-08-12 23:38 - 00053248 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\memacc.dll
2014-08-12 23:38 - 2014-08-12 23:38 - 00046671 _____ () C:\DEBUG.TXT
2014-08-12 23:38 - 2014-08-12 23:38 - 00033664 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\Drivers\memacc.sys
2014-08-12 23:38 - 2014-08-12 23:38 - 00013880 _____ (Zeal SoftStudio) C:\Windows\SysWOW64\Drivers\zntport.sys
2014-08-12 23:27 - 2012-11-10 12:41 - 00000000 ____D () C:\dell
2014-08-12 23:20 - 2014-08-12 23:20 - 00000000 ____D () C:\Intel
2014-08-12 23:11 - 2014-08-12 23:11 - 00000000 ____D () C:\Users\Martin\SystemRequirementsLab
2014-08-12 23:11 - 2012-11-10 01:56 - 00000000 ____D () C:\Users\Martin
2014-08-12 18:45 - 2013-02-13 15:28 - 00021504 _____ () C:\Users\Martin\Desktop\Inlogge.xlsx
2014-08-12 18:07 - 2014-08-12 18:07 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Mp3jam
2014-08-12 17:58 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\Martin\AppData\Local\DriverToolkit
2014-08-12 17:46 - 2014-07-15 15:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-12 17:45 - 2014-08-12 17:46 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 17:45 - 2014-08-12 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 17:45 - 2014-08-12 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 14:54 - 2014-08-08 12:50 - 00002155 _____ () C:\Windows\avmsetup.log
2014-08-12 14:54 - 2014-08-08 12:50 - 00000346 _____ () C:\Windows\avmadd32.log
2014-08-12 14:51 - 2014-08-12 14:51 - 00000000 ____D () C:\Program Files\Fritz
2014-08-12 14:51 - 2014-08-08 12:50 - 00181992 _____ () C:\Windows\avmacc.log
2014-08-12 14:47 - 2014-08-08 12:50 - 00019916 _____ () C:\Windows\AVMInstall.Log
2014-08-08 22:53 - 2014-08-08 22:53 - 00001221 _____ () C:\Windows\avmacc1.log
2014-08-08 13:28 - 2014-08-08 13:28 - 00003226 _____ () C:\Windows\System32\Tasks\{7C2ADD7F-A29A-4604-B1EB-F892C19C9005}
2014-08-08 13:24 - 2014-08-08 13:24 - 02556424 _____ (AVM GmbH ) C:\Users\Martin\Downloads\avm_fritz!wlan_usb_stick_n_v2_x64_build_120821.exe
2014-08-08 12:58 - 2014-08-08 12:58 - 00003216 _____ () C:\Windows\System32\Tasks\{CCFFE0B2-D4C9-4BED-BB8A-7FBB57A063E6}
2014-08-07 08:21 - 2012-11-10 11:14 - 00000000 ____D () C:\ProgramData\Avira
2014-08-07 04:06 - 2014-08-15 21:27 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 21:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\SHSetup.exe
C:\Users\Martin\AppData\Local\Temp\avgnt.exe
C:\Users\Martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp51opb6.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-30 13:17

==================== End Of Log ============================
--- --- ---


Bleibt immer noch die Frage, was jetzt los ist mit MP3Jam?

Es dankt
der Spender

schrauber 06.09.2014 21:15
Du musst halt aufpassen wo du lädst, und was Du lädst. und beim Installieren immer Benutzerdefiniert, nie Standard, und alle Mitbringsel abwählen.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19