Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Probleme mit Laptop Langsam geworden (https://www.trojaner-board.de/158497-probleme-laptop-langsam-geworden.html)

alex1860 09.09.2014 18:52
Probleme mit Laptop Langsam geworden
 
Hallo
ich habe ein Laptop mit Win7 drauf.
dabei läuft auch Avira Antivir.und die Firewall von Windows.
Ich habe aber im Moment festgestellt das Windows sehr langsam hochfährt und auch so sehr langsam arbeitet.
Desweiteren hab ich auch im Internet Probleme beim surfen von der geschwindigkeit her.
Hab 12000 DSL aber kommt mir manchmal vor wie 1000.
Was kann ich da machen? Könnt ihr mir helfen. Bin nicht unbedingt ein Laie was das angeht
aber vllt. hat da wer ne Lösung.
Danke im voraus

cosinus 09.09.2014 19:29
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

alex1860 09.09.2014 20:00
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by 1860 (administrator) on 1860-PC on 09-09-2014 20:51:19
Running from C:\Users\1860\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\lxdncoms.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\OneBrowse\OneBrowseUIProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OldTimer Tools) C:\Users\1860\Downloads\otl.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\1860\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\1860\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (YouTube) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Adblock Plus) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-29]
CHR Extension: (Google-Suche) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Google Mail) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 OneBrowseService; C:\Program Files (x86)\OneBrowse\OneBrowseService.exe [323584 2014-08-19] () [File not signed]
R4 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148632 2012-01-10] (Crawler.com)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2011-08-25] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-17] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [76400 2011-01-25] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 OneBrowseDriver; C:\Program Files (x86)\OneBrowse\OneBrowse.sys [35720 2014-08-19] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-08-29] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 20:51 - 2014-09-09 20:52 - 00014766 _____ () C:\Users\1860\Downloads\FRST.txt
2014-09-09 20:51 - 2014-09-09 20:51 - 00000000 ____D () C:\FRST
2014-09-09 20:50 - 2014-09-09 20:50 - 02105344 _____ (Farbar) C:\Users\1860\Downloads\FRST64.exe
2014-09-09 20:34 - 2014-09-09 20:34 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 18:47 - 2014-09-09 18:47 - 00064150 _____ () C:\Users\1860\Downloads\Extras.Txt
2014-09-09 18:46 - 2014-09-09 18:46 - 00123594 _____ () C:\Users\1860\Downloads\OTL.Txt
2014-09-09 18:31 - 2014-09-09 18:31 - 00602112 _____ (OldTimer Tools) C:\Users\1860\Downloads\otl.exe
2014-09-09 17:46 - 2014-09-09 17:46 - 00000622 _____ () C:\Users\1860\Desktop\1&1 Vertriebspartnermaxdome.htm
2014-09-09 17:46 - 2014-09-09 17:46 - 00000000 ____D () C:\Users\1860\Desktop\1&1 Vertriebspartnermaxdome_files
2014-09-09 17:45 - 2014-09-09 17:45 - 00000621 _____ () C:\Users\1860\Desktop\1&1 Vertriebspartner16000.htm
2014-09-09 17:45 - 2014-09-09 17:45 - 00000000 ____D () C:\Users\1860\Desktop\1&1 Vertriebspartner16000_files
2014-09-09 17:44 - 2014-09-09 17:44 - 00000616 _____ () C:\Users\1860\Desktop\1&1 Vertriebspartner.htm
2014-09-09 17:44 - 2014-09-09 17:44 - 00000000 ____D () C:\Users\1860\Desktop\1&1 Vertriebspartner_files
2014-09-08 19:06 - 2014-09-08 19:06 - 00000618 _____ () C:\Windows\PFRO.log
2014-09-07 07:26 - 2014-09-09 14:26 - 00000168 _____ () C:\Windows\setupact.log
2014-09-07 07:26 - 2014-09-07 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:05 - 2014-09-06 20:05 - 00000655 _____ () C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
2014-09-05 14:54 - 2014-09-05 14:54 - 00031370 _____ () C:\Users\1860\Documents\cc_20140905_145425.reg
2014-09-05 14:31 - 2014-09-05 14:31 - 04901352 _____ (Piriform Ltd) C:\Users\1860\Downloads\ccsetup417.exe
2014-09-05 14:30 - 2014-09-05 14:32 - 00000000 ____D () C:\Users\1860\Desktop\steuer, viren, bileder,bewerbung,30 euro
2014-09-03 14:50 - 2014-09-09 14:30 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-08-31 18:34 - 2014-08-31 18:34 - 00345156 _____ () C:\Users\1860\Downloads\regsearch.zip
2014-08-31 18:14 - 2014-08-31 18:14 - 00021569 _____ () C:\ComboFix.txt
2014-08-31 17:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-31 17:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-31 17:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-31 17:54 - 2014-08-31 18:14 - 00000000 ____D () C:\Qoobox
2014-08-31 17:54 - 2014-08-31 18:12 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 17:49 - 2014-08-31 17:50 - 05576326 ____R (Swearware) C:\Users\1860\Desktop\ComboFix.exe
2014-08-31 17:47 - 2014-08-31 17:47 - 00034169 _____ () C:\Windows\system32\hjtscanlist.txt
2014-08-31 17:40 - 2014-08-31 17:40 - 00002097 _____ () C:\Users\1860\Downloads\hjtscanlist.zip
2014-08-29 22:02 - 2014-08-29 22:02 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
2014-08-29 21:56 - 2014-08-29 21:56 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
2014-08-29 18:36 - 2014-08-29 18:36 - 00000000 ____D () C:\Users\1860\AppData\Roaming\qBittorrent
2014-08-29 18:35 - 2014-08-29 18:35 - 00000000 ____D () C:\Users\1860\.idlerc
2014-08-29 18:33 - 2014-08-29 18:33 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
2014-08-29 18:32 - 2014-08-29 18:33 - 00000000 ____D () C:\Python27
2014-08-29 18:29 - 2014-08-29 18:29 - 00000000 ____D () C:\Users\1860\Documents\PC Speed Maximizer
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 18:27 - 2014-09-09 14:44 - 00001024 _____ () C:\.rnd
2014-08-29 18:27 - 2014-08-29 18:27 - 00003337 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.v3.0.0.82.incl.crack.torrent
2014-08-29 18:25 - 2014-08-29 18:25 - 00002521 _____ () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-29 18:24 - 2014-09-09 14:44 - 00000000 ____D () C:\Program Files (x86)\OneBrowse
2014-08-29 18:24 - 2014-08-29 18:24 - 00000000 ____D () C:\Program Files (x86)\Easy BitTorrent Client
2014-08-29 18:23 - 2014-08-29 18:23 - 00642592 _____ () C:\Users\1860\Downloads\Easy Torrent.exe
2014-08-29 18:23 - 2014-08-29 18:23 - 00012357 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.3.0.0.82.crack.torrent
2014-08-29 18:01 - 2014-09-04 14:48 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-08-29 18:01 - 2014-08-29 18:01 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-29 18:01 - 2014-08-29 18:01 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Spyware Terminator
2014-08-29 18:01 - 2014-08-29 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
2014-08-29 12:29 - 2014-08-29 12:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (3).exe
2014-08-29 12:29 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (2).exe
2014-08-29 10:45 - 2014-08-30 14:13 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-08-29 10:45 - 2014-08-29 10:44 - 00937232 _____ (Crawler.com ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager [1].exe
2014-08-29 10:44 - 2014-08-29 10:44 - 00816064 _____ ( ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe
2014-08-29 06:37 - 2014-08-29 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-28 06:46 - 2014-08-28 06:46 - 00001785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arCV.lnk
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\arcv
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\arcv
2014-08-28 06:45 - 2014-08-28 06:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-28 06:44 - 2014-08-28 06:44 - 12601114 _____ () C:\Users\1860\Downloads\arcv.exe
2014-08-28 06:38 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 06:38 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 06:38 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:37 - 2014-08-22 13:37 - 00040218 _____ () C:\Users\1860\Downloads\dbox_astra_matze (1).zip
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FlashFXP
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-08-22 13:19 - 2014-08-22 13:19 - 00000055 _____ () C:\Users\1860\Downloads\CCcam.cfg
2014-08-21 13:25 - 2014-08-21 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\elsterformular
2014-08-21 13:25 - 2014-08-21 13:25 - 00000000 ____D () C:\ProgramData\elsterformular
2014-08-21 10:28 - 2014-08-25 10:46 - 00000003 _____ () C:\Users\1860\Documents\bmm.cfg
2014-08-21 10:24 - 2014-08-28 07:31 - 00000000 ____D () C:\Users\1860\Documents\BewerbungsMaster
2014-08-21 10:24 - 2014-08-25 10:46 - 00000000 ____D () C:\ProgramData\BewerbungsMaster
2014-08-21 10:24 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 10:23 - 2014-08-21 10:27 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-08-21 10:23 - 2014-08-21 10:23 - 00335872 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-20 12:18 - 2014-08-20 12:19 - 25000000 _____ () C:\Users\1860\Downloads\Grande Punto eLEARN.part01 (1).rar
2014-08-19 06:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 06:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 06:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 06:26 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 06:26 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 06:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 06:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 06:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 06:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-18 20:44 - 2014-08-18 20:44 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FX Flat
2014-08-18 19:14 - 2014-08-18 19:14 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Users\1860\AppData\Roaming\TeamViewer
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-18 19:13 - 2014-08-18 19:13 - 06304880 _____ (TeamViewer GmbH) C:\Users\1860\Downloads\TeamViewer_Setup_de.exe
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FX Flat
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 18:52 - 2014-08-18 18:53 - 00000000 ____D () C:\Program Files (x86)\Flat Trader
2014-08-18 18:50 - 2014-08-18 18:50 - 00000000 ____D () C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
2014-08-18 18:48 - 2014-08-18 18:49 - 26915558 _____ (FX Flat ) C:\Users\1860\Downloads\Flat Trader Setup.exe
2014-08-16 09:09 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 09:08 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 06:36 - 2014-08-16 06:36 - 00000000 ____D () C:\ProgramData\Sun
2014-08-16 06:35 - 2014-08-16 06:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-15 21:43 - 2014-08-15 21:43 - 00918440 _____ (Oracle Corporation) C:\Users\1860\Downloads\chromeinstall-7u67.exe
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00011776 _____ (MBB Incorporated) C:\Windows\system32\Drivers\massfilter.sys
2014-08-15 19:34 - 2014-08-15 19:36 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
2014-08-15 08:14 - 2014-08-15 08:14 - 01677928 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetup (2).exe
2014-08-15 05:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 05:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 05:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 05:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 05:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 05:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 05:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 05:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 20:34 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 20:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 20:34 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 20:34 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 20:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 20:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 20:34 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 20:34 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 20:34 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 20:34 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 20:34 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 20:34 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 20:34 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 20:34 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 20:16 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 20:16 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 20:16 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 20:16 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 20:16 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 20:16 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 20:16 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 20:16 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 20:16 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 20:16 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 20:16 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 20:16 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 20:16 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 20:16 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 20:16 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 20:16 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 20:16 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 20:16 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 20:16 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 20:16 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 20:16 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 20:16 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 20:16 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 20:16 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 20:16 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 20:16 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 20:16 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 20:16 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 20:16 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 20:16 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 20:16 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 20:16 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 20:16 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 20:16 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 20:16 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 20:16 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 20:16 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 20:16 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 20:16 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 20:16 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 20:16 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 20:16 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 20:16 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 20:16 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 20:16 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 20:16 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 20:16 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 20:16 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 20:16 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 20:16 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 20:16 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 20:16 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 20:16 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 20:16 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 20:16 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 20:16 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 20:15 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 20:15 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 20:14 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 20:14 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-10 22:50 - 2014-08-10 22:51 - 35595360 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetupFull.exe
2014-08-10 22:49 - 2014-08-10 22:49 - 00003188 _____ () C:\Windows\System32\Tasks\{7D477009-58F9-4698-B334-40CE5E979124}
2014-08-10 22:47 - 2014-08-10 22:47 - 01677928 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetup (1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 20:52 - 2014-09-09 20:51 - 00014766 _____ () C:\Users\1860\Downloads\FRST.txt
2014-09-09 20:51 - 2014-09-09 20:51 - 00000000 ____D () C:\FRST
2014-09-09 20:51 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 20:51 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 20:50 - 2014-09-09 20:50 - 02105344 _____ (Farbar) C:\Users\1860\Downloads\FRST64.exe
2014-09-09 20:35 - 2014-03-06 14:04 - 01860000 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 20:34 - 2014-09-09 20:34 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 20:34 - 2014-03-06 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 20:34 - 2014-03-06 16:27 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 20:34 - 2014-03-06 15:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 20:25 - 2014-05-25 21:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 20:01 - 2014-03-10 14:55 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job
2014-09-09 18:47 - 2014-09-09 18:47 - 00064150 _____ () C:\Users\1860\Downloads\Extras.Txt
2014-09-09 18:46 - 2014-09-09 18:46 - 00123594 _____ () C:\Users\1860\Downloads\OTL.Txt
2014-09-09 18:31 - 2014-09-09 18:31 - 00602112 _____ (OldTimer Tools) C:\Users\1860\Downloads\otl.exe
2014-09-09 18:28 - 2014-03-06 14:49 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Skype
2014-09-09 17:46 - 2014-09-09 17:46 - 00000622 _____ () C:\Users\1860\Desktop\1&1 Vertriebspartnermaxdome.htm
2014-09-09 17:46 - 2014-09-09 17:46 - 00000000 ____D () C:\Users\1860\Desktop\1&1 Vertriebspartnermaxdome_files
2014-09-09 17:45 - 2014-09-09 17:45 - 00000621 _____ () C:\Users\1860\Desktop\1&1 Vertriebspartner16000.htm
2014-09-09 17:45 - 2014-09-09 17:45 - 00000000 ____D () C:\Users\1860\Desktop\1&1 Vertriebspartner16000_files
2014-09-09 17:44 - 2014-09-09 17:44 - 00000616 _____ () C:\Users\1860\Desktop\1&1 Vertriebspartner.htm
2014-09-09 17:44 - 2014-09-09 17:44 - 00000000 ____D () C:\Users\1860\Desktop\1&1 Vertriebspartner_files
2014-09-09 14:44 - 2014-08-29 18:27 - 00001024 _____ () C:\.rnd
2014-09-09 14:44 - 2014-08-29 18:24 - 00000000 ____D () C:\Program Files (x86)\OneBrowse
2014-09-09 14:30 - 2014-09-03 14:50 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-09-09 14:27 - 2014-05-25 21:14 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 14:26 - 2014-09-07 07:26 - 00000168 _____ () C:\Windows\setupact.log
2014-09-09 14:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 19:06 - 2014-09-08 19:06 - 00000618 _____ () C:\Windows\PFRO.log
2014-09-08 13:37 - 2014-03-15 06:33 - 00000000 ____D () C:\Users\1860\Documents\UseNeXT
2014-09-07 18:43 - 2014-03-15 06:33 - 00000000 ____D () C:\Users\1860\AppData\Roaming\UseNeXT
2014-09-07 17:14 - 2014-03-10 14:55 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job
2014-09-07 07:26 - 2014-09-07 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:05 - 2014-09-06 20:05 - 00000655 _____ () C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
2014-09-05 14:54 - 2014-09-05 14:54 - 00031370 _____ () C:\Users\1860\Documents\cc_20140905_145425.reg
2014-09-05 14:32 - 2014-09-05 14:30 - 00000000 ____D () C:\Users\1860\Desktop\steuer, viren, bileder,bewerbung,30 euro
2014-09-05 14:31 - 2014-09-05 14:31 - 04901352 _____ (Piriform Ltd) C:\Users\1860\Downloads\ccsetup417.exe
2014-09-05 14:31 - 2014-08-03 15:42 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-05 14:31 - 2014-08-03 15:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-05 14:24 - 2009-07-14 19:58 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-09-05 14:24 - 2009-07-14 19:58 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-09-05 14:24 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 14:48 - 2014-08-29 18:01 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-09-03 14:47 - 2009-07-14 06:45 - 00434848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-31 20:40 - 2014-03-18 16:08 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-31 18:34 - 2014-08-31 18:34 - 00345156 _____ () C:\Users\1860\Downloads\regsearch.zip
2014-08-31 18:14 - 2014-08-31 18:14 - 00021569 _____ () C:\ComboFix.txt
2014-08-31 18:14 - 2014-08-31 17:54 - 00000000 ____D () C:\Qoobox
2014-08-31 18:14 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-31 18:12 - 2014-08-31 17:54 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 18:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-31 17:50 - 2014-08-31 17:49 - 05576326 ____R (Swearware) C:\Users\1860\Desktop\ComboFix.exe
2014-08-31 17:47 - 2014-08-31 17:47 - 00034169 _____ () C:\Windows\system32\hjtscanlist.txt
2014-08-31 17:40 - 2014-08-31 17:40 - 00002097 _____ () C:\Users\1860\Downloads\hjtscanlist.zip
2014-08-31 11:32 - 2014-08-03 09:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 14:13 - 2014-08-29 10:45 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-08-29 22:02 - 2014-08-29 22:02 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
2014-08-29 21:56 - 2014-08-29 21:56 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
2014-08-29 18:36 - 2014-08-29 18:36 - 00000000 ____D () C:\Users\1860\AppData\Roaming\qBittorrent
2014-08-29 18:35 - 2014-08-29 18:35 - 00000000 ____D () C:\Users\1860\.idlerc
2014-08-29 18:35 - 2014-03-06 14:15 - 00000000 ____D () C:\Users\1860
2014-08-29 18:33 - 2014-08-29 18:33 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
2014-08-29 18:33 - 2014-08-29 18:32 - 00000000 ____D () C:\Python27
2014-08-29 18:29 - 2014-08-29 18:29 - 00000000 ____D () C:\Users\1860\Documents\PC Speed Maximizer
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 18:27 - 2014-08-29 18:27 - 00003337 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.v3.0.0.82.incl.crack.torrent
2014-08-29 18:25 - 2014-08-29 18:25 - 00002521 _____ () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-29 18:24 - 2014-08-29 18:24 - 00000000 ____D () C:\Program Files (x86)\Easy BitTorrent Client
2014-08-29 18:23 - 2014-08-29 18:23 - 00642592 _____ () C:\Users\1860\Downloads\Easy Torrent.exe
2014-08-29 18:23 - 2014-08-29 18:23 - 00012357 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.3.0.0.82.crack.torrent
2014-08-29 18:01 - 2014-08-29 18:01 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-29 18:01 - 2014-08-29 18:01 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Spyware Terminator
2014-08-29 18:01 - 2014-08-29 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
2014-08-29 13:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 12:30 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (3).exe
2014-08-29 12:30 - 2014-07-06 13:02 - 00011928 _____ () C:\Users\1860\Downloads\hijackthis.log
2014-08-29 12:29 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (2).exe
2014-08-29 10:44 - 2014-08-29 10:45 - 00937232 _____ (Crawler.com ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager [1].exe
2014-08-29 10:44 - 2014-08-29 10:44 - 00816064 _____ ( ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe
2014-08-29 06:38 - 2014-08-29 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-29 06:38 - 2014-07-30 18:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 06:37 - 2014-07-30 18:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-28 07:31 - 2014-08-21 10:24 - 00000000 ____D () C:\Users\1860\Documents\BewerbungsMaster
2014-08-28 06:49 - 2014-03-06 14:15 - 00000000 ____D () C:\Users\1860\AppData\Local\VirtualStore
2014-08-28 06:47 - 2014-05-08 12:09 - 00000000 ____D () C:\Users\1860\Desktop\bilder auto
2014-08-28 06:46 - 2014-08-28 06:46 - 00001785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arCV.lnk
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\arcv
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\arcv
2014-08-28 06:45 - 2014-08-28 06:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-28 06:44 - 2014-08-28 06:44 - 12601114 _____ () C:\Users\1860\Downloads\arcv.exe
2014-08-25 10:46 - 2014-08-21 10:28 - 00000003 _____ () C:\Users\1860\Documents\bmm.cfg
2014-08-25 10:46 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\BewerbungsMaster
2014-08-23 04:07 - 2014-08-28 06:38 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 06:38 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 06:38 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:37 - 2014-08-22 13:37 - 00040218 _____ () C:\Users\1860\Downloads\dbox_astra_matze (1).zip
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FlashFXP
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-08-22 13:19 - 2014-08-22 13:19 - 00000055 _____ () C:\Users\1860\Downloads\CCcam.cfg
2014-08-21 13:26 - 2014-08-21 13:25 - 00000000 ____D () C:\Users\1860\AppData\Roaming\elsterformular
2014-08-21 13:25 - 2014-08-21 13:25 - 00000000 ____D () C:\ProgramData\elsterformular
2014-08-21 10:27 - 2014-08-21 10:23 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-08-21 10:24 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 10:23 - 2014-08-21 10:23 - 00335872 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 05:06 - 2014-03-17 18:11 - 00000000 ____D () C:\Users\1860\AppData\Roaming\DAEMON Tools Lite
2014-08-20 12:21 - 2014-05-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLearn
2014-08-20 12:21 - 2014-05-01 18:52 - 00000000 ____D () C:\eLearn
2014-08-20 12:19 - 2014-08-20 12:18 - 25000000 _____ () C:\Users\1860\Downloads\Grande Punto eLEARN.part01 (1).rar
2014-08-20 06:04 - 2014-03-17 19:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-20 06:03 - 2014-03-17 19:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-19 06:19 - 2014-03-06 14:23 - 00111912 _____ () C:\Users\1860\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 20:44 - 2014-08-18 20:44 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FX Flat
2014-08-18 19:14 - 2014-08-18 19:14 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Users\1860\AppData\Roaming\TeamViewer
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-18 19:13 - 2014-08-18 19:13 - 06304880 _____ (TeamViewer GmbH) C:\Users\1860\Downloads\TeamViewer_Setup_de.exe
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FX Flat
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 18:53 - 2014-08-18 18:52 - 00000000 ____D () C:\Program Files (x86)\Flat Trader
2014-08-18 18:50 - 2014-08-18 18:50 - 00000000 ____D () C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
2014-08-18 18:49 - 2014-08-18 18:48 - 26915558 _____ (FX Flat ) C:\Users\1860\Downloads\Flat Trader Setup.exe
2014-08-17 05:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-16 20:54 - 2014-03-15 06:37 - 00000404 _____ () C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2014-08-16 09:09 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 09:08 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 06:36 - 2014-08-16 06:36 - 00000000 ____D () C:\ProgramData\Sun
2014-08-16 06:34 - 2014-08-16 06:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-15 21:43 - 2014-08-15 21:43 - 00918440 _____ (Oracle Corporation) C:\Users\1860\Downloads\chromeinstall-7u67.exe
2014-08-15 19:36 - 2014-08-15 19:34 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
2014-08-15 19:34 - 2014-03-15 10:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-15 08:14 - 2014-08-15 08:14 - 01677928 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetup (2).exe
2014-08-15 05:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 05:50 - 2014-05-12 08:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-10 22:51 - 2014-08-10 22:50 - 35595360 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetupFull.exe
2014-08-10 22:49 - 2014-08-10 22:49 - 00003188 _____ () C:\Windows\System32\Tasks\{7D477009-58F9-4698-B334-40CE5E979124}
2014-08-10 22:47 - 2014-08-10 22:47 - 01677928 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetup (1).exe

Some content of TEMP:
====================
C:\Users\1860\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 19:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by 1860 at 2014-09-09 20:52:54
Running from C:\Users\1860\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
arCV (HKLM-x32\...\{ACC1683B-5AB9-429A-88C2-D575424009D0}) (Version: 4.3.3 - Arne Reuter)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CopyTrans Control Center deinstallieren (HKCU\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.0816 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.0816 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E17BF11-A72D-4DA8-BFAA-DD262C17C2DE}) (Version:  - Microsoft)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
DriverEasy 4.6.6 (HKLM\...\DriverEasy_is1) (Version: 4.6.6.0 - Easeware)
Easy BitTorrent Client (HKLM-x32\...\Easy BitTorrent Client) (Version:  - )
Easy Torrent Support (HKLM-x32\...\OneBrowse platform) (Version:  - OneBrowse)
eLearn CDROM 1.0 (HKLM-x32\...\eLearn 1.2.1_is1) (Version:  - FIAT Auto S.p.A.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Flat Trader (HKCU\...\InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}) (Version: 2.38.56.7.2.1 - FX Flat)
Flat Trader (x32 Version: 2.38.56.7.2.1 - FX Flat) Hidden
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
KMSnano 22 (HKLM\...\KMSnano 22_is1) (Version: KMSnano 22 - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
onl!ne email grabber professional 2.2.1 (HKLM-x32\...\email grabber_is1) (Version: 2.2.1.0 - Sven Bader - Design & Software)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Python 2.7.2 (HKLM-x32\...\{2E295B5B-1AD4-4D36-97C2-A316084722CF}) (Version: 2.7.2150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6321 - Realtek Semiconductor Corp.)
SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.54 - Crawler.com)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{F1FFD0B3-9F20-4EE7-ACED-5B63DFA018D8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{E12997A4-DAEC-4563-B330-F21EB71880D9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUSR_{540B47E7-0F89-4CA1-8BFA-5CF377A963AF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode Version 3.1.8.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.8.8 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-08-2014 04:33:01 Installed Java 7 Update 67
17-08-2014 02:58:20 Windows Update
18-08-2014 16:50:50 Installiert Flat Trader
19-08-2014 04:23:08 Windows Update
27-08-2014 16:52:41 Geplanter Prüfpunkt
28-08-2014 04:45:27 arCV wird installiert
29-08-2014 16:31:57 Installed Python 2.7.2
31-08-2014 15:57:27 ComboFix created restore point
03-09-2014 12:24:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-31 18:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FA62DF7-79A8-4232-9582-F1718B017E20} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1362B6F4-F077-43BD-AD01-4E2EAA919012} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {15B696BE-385F-45D0-81E0-F1B0ADEDC9AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {208AA79F-9418-4C41-BF4E-687CE6F0BEF9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: {5EEBED88-76C1-49D4-9CB4-74D702CE9C06} - System32\Tasks\AutoKMS => C:\WINDOWS\AUTOKMS\AutoKMS.exe [2014-03-30] ()
Task: {627FEC70-8C45-4116-BAA2-6E2E6AD1D2CB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {64BDF030-3E0D-4454-8A97-14E4F61D526A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6FAEB5A2-5CEE-43D7-8950-05A6AC803870} - System32\Tasks\{7D477009-58F9-4698-B334-40CE5E979124} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.106&amp;LastError=12007
Task: {735F2130-57DC-4819-B8D7-1A0866EC9AD9} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()
Task: {B10F2ECA-D3E7-4F14-88E3-DE0B86EBC067} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C5352DB3-4A18-4108-80C6-540773412094} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {C58DCE38-CD62-4901-9381-A142415BFC59} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: {DAA2DEB8-E9BD-41A0-9E74-B7C666D0A488} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2014-02-26] (Easeware)
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-18 16:08 - 2009-08-13 13:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2013-10-31 11:24 - 2013-10-31 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-15 19:34 - 2011-08-25 10:50 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2014-08-19 14:20 - 2014-08-19 14:20 - 00019968 _____ () C:\Program Files (x86)\OneBrowse\OneBrowseUIProcess.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-03 14:48 - 2014-08-14 17:27 - 00051504 _____ () C:\Users\1860\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-19 14:20 - 2014-08-19 14:20 - 00032256 _____ () C:\Program Files (x86)\OneBrowse\OneBrowse.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00051016 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00716616 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00100168 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 04061000 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00394568 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 01647432 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 13632840 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: ST2012_Svc => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: Facebook Update => "C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleChromeAutoLaunch_643ADABA1D5F8841A8D9FF4E8733D2D0 => "C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\1860\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\1860\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 06:33:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm otl.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ce0

Startzeit: 01cfcc4b7cee2954

Endzeit: 0

Anwendungspfad: C:\Users\1860\Downloads\otl.exe

Berichts-ID: eb9097f5-383e-11e4-b8a8-bc773708f1c3

Error: (09/09/2014 05:22:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AutoKMS.exe, Version: 2.5.0.0, Zeitstempel: 0x52aef33f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x788
Startzeit der fehlerhaften Anwendung: 0xAutoKMS.exe0
Pfad der fehlerhaften Anwendung: AutoKMS.exe1
Pfad des fehlerhaften Moduls: AutoKMS.exe2
Berichtskennung: AutoKMS.exe3

Error: (09/09/2014 05:22:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TriggerKMS.exe, Version: 9.1.0.0, Zeitstempel: 0x5103d618
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x6c4
Startzeit der fehlerhaften Anwendung: 0xTriggerKMS.exe0
Pfad der fehlerhaften Anwendung: TriggerKMS.exe1
Pfad des fehlerhaften Moduls: TriggerKMS.exe2
Berichtskennung: TriggerKMS.exe3

Error: (09/09/2014 05:22:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: AutoKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
  bei ..(System.String, System.String, ., System.String)
  bei ...ctor()
  bei ..(.)
  bei ..()

Error: (09/09/2014 05:21:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: TriggerKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
  bei System.Management.ManagementScope.Initialize()
  bei TriggerKMS.Principal.Connect()
  bei TriggerKMS.Principal.Main()

Error: (09/08/2014 08:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7192

Error: (09/08/2014 08:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7192

Error: (09/08/2014 08:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/08/2014 08:21:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6131

Error: (09/08/2014 08:21:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6131


System errors:
=============
Error: (09/09/2014 02:45:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "OneBrowseService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/09/2014 02:26:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎09.‎09.‎2014 um 05:32:50 unerwartet heruntergefahren.

Error: (09/09/2014 05:18:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎09.‎2014 um 22:22:54 unerwartet heruntergefahren.

Error: (09/08/2014 07:09:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Adobe Acrobat Update Service erreicht.

Error: (09/08/2014 07:08:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎09.‎2014 um 13:38:57 unerwartet heruntergefahren.

Error: (09/07/2014 03:42:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (09/03/2014 02:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "OneBrowseService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/03/2014 02:22:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/02/2014 03:14:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/01/2014 03:05:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/09/2014 06:33:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: otl.exe3.2.69.0ce001cfcc4b7cee29540C:\Users\1860\Downloads\otl.exeeb9097f5-383e-11e4-b8a8-bc773708f1c3

Error: (09/09/2014 05:22:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoKMS.exe2.5.0.052aef33fKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d78801cfcbdcd968f9f1C:\WINDOWS\AUTOKMS\AutoKMS.exeC:\Windows\system32\KERNELBASE.dll7e2e0484-37d0-11e4-b9a8-bc773708f1c3

Error: (09/09/2014 05:22:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TriggerKMS.exe9.1.0.05103d618KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d6c401cfcbdcd5a029e1C:\Program Files\KMSnano\TriggerKMS.exeC:\Windows\system32\KERNELBASE.dll7e2ddd74-37d0-11e4-b9a8-bc773708f1c3

Error: (09/09/2014 05:22:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: AutoKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
  bei ..(System.String, System.String, ., System.String)
  bei ...ctor()
  bei ..(.)
  bei ..()

Error: (09/09/2014 05:21:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: TriggerKMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
  bei System.Management.ManagementScope.Initialize()
  bei TriggerKMS.Principal.Connect()
  bei TriggerKMS.Principal.Main()

Error: (09/08/2014 08:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7192

Error: (09/08/2014 08:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7192

Error: (09/08/2014 08:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/08/2014 08:21:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6131

Error: (09/08/2014 08:21:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6131


CodeIntegrity Errors:
===================================
  Date: 2014-08-31 18:04:29.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.313
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.208
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.099
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:59:39.599
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:59:39.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 64%
Total physical RAM: 4003 MB
Available physical RAM: 1413.48 MB
Total Pagefile: 8004.19 MB
Available Pagefile: 4887.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:657.53 GB) (Free:291.93 GB) NTFS
Drive d: (Recover) (Fixed) (Total:38 GB) (Free:16.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E47B19CB)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=657.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

cosinus 09.09.2014 20:12
Zitat:
C:\Windows\System32\Tasks\AutoKMS
Microsoft Office Professional Plus 2013
Sry aber du hast ein gecracktes MS Office drauf. Das musst verschwinden bevor es weitergehen kann. Und natürlich muss auch alles andere runter, was noch illegal ist, sofern vorhanden.

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

alex1860 10.09.2014 15:01
hallo also ist entfernt worden grad vorher.

und nu??

was soll ich jetzt machen? das ding is weg.deinstalliert.und nu?

cosinus 10.09.2014 15:05
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

alex1860 10.09.2014 15:22
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by 1860 at 2014-09-10 16:07:50
Running from C:\Users\1860\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
arCV (HKLM-x32\...\{ACC1683B-5AB9-429A-88C2-D575424009D0}) (Version: 4.3.3 - Arne Reuter)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CopyTrans Control Center deinstallieren (HKCU\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.0816 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.0816 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
eLearn CDROM 1.0 (HKLM-x32\...\eLearn 1.2.1_is1) (Version:  - FIAT Auto S.p.A.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Flat Trader (HKCU\...\InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}) (Version: 2.38.56.7.2.1 - FX Flat)
Flat Trader (x32 Version: 2.38.56.7.2.1 - FX Flat) Hidden
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6321 - Realtek Semiconductor Corp.)
SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode Version 3.1.8.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.8.8 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-08-2014 04:23:08 Windows Update
27-08-2014 16:52:41 Geplanter Prüfpunkt
28-08-2014 04:45:27 arCV wird installiert
29-08-2014 16:31:57 Installed Python 2.7.2
31-08-2014 15:57:27 ComboFix created restore point
03-09-2014 12:24:13 Windows Update
10-09-2014 12:37:53 Removed Microsoft Office Professional Plus 2013
10-09-2014 12:38:42 PROPLUSR
10-09-2014 13:04:55 Nokia Connectivity Cable Driver wird entfernt
10-09-2014 13:46:34 Removed Python 2.7.2

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-31 18:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FA62DF7-79A8-4232-9582-F1718B017E20} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15B696BE-385F-45D0-81E0-F1B0ADEDC9AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {208AA79F-9418-4C41-BF4E-687CE6F0BEF9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: {64BDF030-3E0D-4454-8A97-14E4F61D526A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6FAEB5A2-5CEE-43D7-8950-05A6AC803870} - System32\Tasks\{7D477009-58F9-4698-B334-40CE5E979124} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.106&amp;LastError=12007
Task: {77D07EF3-F7DB-4204-9EEF-D471241CD5C4} - \AutoKMS No Task File <==== ATTENTION
Task: {C5352DB3-4A18-4108-80C6-540773412094} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {C58DCE38-CD62-4901-9381-A142415BFC59} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: {DAA2DEB8-E9BD-41A0-9E74-B7C666D0A488} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-18 16:08 - 2009-08-13 13:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2014-08-15 19:34 - 2011-08-25 10:50 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2013-10-31 11:24 - 2013-10-31 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-03 14:48 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\1860\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00051016 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00716616 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00100168 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 04061000 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00394568 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 01647432 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 13632840 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: ST2012_Svc => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: Facebook Update => "C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleChromeAutoLaunch_643ADABA1D5F8841A8D9FF4E8733D2D0 => "C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\1860\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\1860\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2014 03:46:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2138

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2138

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1124

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1124

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21612488

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21612488

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/09/2014 02:45:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "OneBrowseService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/09/2014 02:26:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎09.‎09.‎2014 um 05:32:50 unerwartet heruntergefahren.

Error: (09/09/2014 05:18:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎09.‎2014 um 22:22:54 unerwartet heruntergefahren.

Error: (09/08/2014 07:09:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Adobe Acrobat Update Service erreicht.

Error: (09/08/2014 07:08:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎09.‎2014 um 13:38:57 unerwartet heruntergefahren.

Error: (09/07/2014 03:42:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (09/03/2014 02:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "OneBrowseService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/03/2014 02:22:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/02/2014 03:14:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/01/2014 03:05:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/10/2014 03:46:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2138

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2138

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1124

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1124

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21612488

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21612488

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2014-08-31 18:04:29.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.313
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.208
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.099
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:59:39.599
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:59:39.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 39%
Total physical RAM: 4003 MB
Available physical RAM: 2430.4 MB
Total Pagefile: 8004.19 MB
Available Pagefile: 6068.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:657.53 GB) (Free:306.22 GB) NTFS
Drive d: (Recover) (Fixed) (Total:38 GB) (Free:16.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E47B19CB)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=657.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by 1860 (administrator) on 1860-PC on 10-09-2014 16:07:05
Running from C:\Users\1860\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\1860\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\1860\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (YouTube) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Adblock Plus) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-29]
CHR Extension: (Google-Suche) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Google Mail) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2011-08-25] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-17] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [76400 2011-01-25] (Atheros Communications, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\Users\1860\Downloads\FRST-OlderVersion
2014-09-10 14:57 - 2014-09-10 14:57 - 00000000 ____D () C:\Users\1860\AppData\Roaming\AppSplash
2014-09-09 20:52 - 2014-09-09 20:53 - 00043409 _____ () C:\Users\1860\Downloads\Addition.txt
2014-09-09 20:51 - 2014-09-10 16:07 - 00011065 _____ () C:\Users\1860\Downloads\FRST.txt
2014-09-09 20:51 - 2014-09-10 16:07 - 00000000 ____D () C:\FRST
2014-09-09 20:50 - 2014-09-10 16:06 - 02105856 _____ (Farbar) C:\Users\1860\Downloads\FRST64.exe
2014-09-09 20:34 - 2014-09-09 20:34 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 18:47 - 2014-09-09 18:47 - 00064150 _____ () C:\Users\1860\Downloads\Extras.Txt
2014-09-09 18:46 - 2014-09-09 18:46 - 00123594 _____ () C:\Users\1860\Downloads\OTL.Txt
2014-09-09 18:31 - 2014-09-09 18:31 - 00602112 _____ (OldTimer Tools) C:\Users\1860\Downloads\otl.exe
2014-09-08 19:06 - 2014-09-10 14:59 - 00000980 _____ () C:\Windows\PFRO.log
2014-09-07 07:26 - 2014-09-10 15:51 - 00000280 _____ () C:\Windows\setupact.log
2014-09-07 07:26 - 2014-09-07 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:05 - 2014-09-06 20:05 - 00000655 _____ () C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
2014-09-05 14:54 - 2014-09-05 14:54 - 00031370 _____ () C:\Users\1860\Documents\cc_20140905_145425.reg
2014-09-05 14:31 - 2014-09-05 14:31 - 04901352 _____ (Piriform Ltd) C:\Users\1860\Downloads\ccsetup417.exe
2014-09-05 14:30 - 2014-09-05 14:32 - 00000000 ____D () C:\Users\1860\Desktop\steuer, viren, bileder,bewerbung,30 euro
2014-08-31 18:34 - 2014-08-31 18:34 - 00345156 _____ () C:\Users\1860\Downloads\regsearch.zip
2014-08-31 18:14 - 2014-08-31 18:14 - 00021569 _____ () C:\ComboFix.txt
2014-08-31 17:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-31 17:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-31 17:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-31 17:54 - 2014-08-31 18:14 - 00000000 ____D () C:\Qoobox
2014-08-31 17:54 - 2014-08-31 18:12 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 17:49 - 2014-08-31 17:50 - 05576326 ____R (Swearware) C:\Users\1860\Desktop\ComboFix.exe
2014-08-31 17:47 - 2014-08-31 17:47 - 00034169 _____ () C:\Windows\system32\hjtscanlist.txt
2014-08-31 17:40 - 2014-08-31 17:40 - 00002097 _____ () C:\Users\1860\Downloads\hjtscanlist.zip
2014-08-29 22:02 - 2014-08-29 22:02 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
2014-08-29 21:56 - 2014-08-29 21:56 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
2014-08-29 18:36 - 2014-08-29 18:36 - 00000000 ____D () C:\Users\1860\AppData\Roaming\qBittorrent
2014-08-29 18:35 - 2014-08-29 18:35 - 00000000 ____D () C:\Users\1860\.idlerc
2014-08-29 18:29 - 2014-08-29 18:29 - 00000000 ____D () C:\Users\1860\Documents\PC Speed Maximizer
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 18:27 - 2014-09-09 14:44 - 00001024 _____ () C:\.rnd
2014-08-29 18:27 - 2014-08-29 18:27 - 00003337 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.v3.0.0.82.incl.crack.torrent
2014-08-29 18:25 - 2014-08-29 18:25 - 00002521 _____ () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-29 18:24 - 2014-09-10 14:57 - 00000000 ____D () C:\Program Files (x86)\OneBrowse
2014-08-29 18:23 - 2014-08-29 18:23 - 00642592 _____ () C:\Users\1860\Downloads\Easy Torrent.exe
2014-08-29 18:23 - 2014-08-29 18:23 - 00012357 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.3.0.0.82.crack.torrent
2014-08-29 18:01 - 2014-08-29 18:01 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-29 12:29 - 2014-08-29 12:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (3).exe
2014-08-29 12:29 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (2).exe
2014-08-29 10:45 - 2014-09-10 15:51 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-08-29 10:45 - 2014-08-29 10:44 - 00937232 _____ (Crawler.com ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager [1].exe
2014-08-29 10:44 - 2014-08-29 10:44 - 00816064 _____ ( ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe
2014-08-29 06:37 - 2014-08-29 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-28 06:46 - 2014-08-28 06:46 - 00001785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arCV.lnk
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\arcv
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\arcv
2014-08-28 06:45 - 2014-08-28 06:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-28 06:44 - 2014-08-28 06:44 - 12601114 _____ () C:\Users\1860\Downloads\arcv.exe
2014-08-28 06:38 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 06:38 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 06:38 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:37 - 2014-08-22 13:37 - 00040218 _____ () C:\Users\1860\Downloads\dbox_astra_matze (1).zip
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FlashFXP
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-08-22 13:19 - 2014-08-22 13:19 - 00000055 _____ () C:\Users\1860\Downloads\CCcam.cfg
2014-08-21 13:25 - 2014-08-21 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\elsterformular
2014-08-21 13:25 - 2014-08-21 13:25 - 00000000 ____D () C:\ProgramData\elsterformular
2014-08-21 10:28 - 2014-08-25 10:46 - 00000003 _____ () C:\Users\1860\Documents\bmm.cfg
2014-08-21 10:24 - 2014-08-28 07:31 - 00000000 ____D () C:\Users\1860\Documents\BewerbungsMaster
2014-08-21 10:24 - 2014-08-25 10:46 - 00000000 ____D () C:\ProgramData\BewerbungsMaster
2014-08-21 10:24 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 10:23 - 2014-08-21 10:27 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-08-21 10:23 - 2014-08-21 10:23 - 00335872 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-20 12:18 - 2014-08-20 12:19 - 25000000 _____ () C:\Users\1860\Downloads\Grande Punto eLEARN.part01 (1).rar
2014-08-19 06:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 06:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 06:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 06:26 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 06:26 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 06:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 06:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 06:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 06:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-18 20:44 - 2014-08-18 20:44 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FX Flat
2014-08-18 19:14 - 2014-08-18 19:14 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Users\1860\AppData\Roaming\TeamViewer
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-18 19:13 - 2014-08-18 19:13 - 06304880 _____ (TeamViewer GmbH) C:\Users\1860\Downloads\TeamViewer_Setup_de.exe
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FX Flat
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 18:52 - 2014-08-18 18:53 - 00000000 ____D () C:\Program Files (x86)\Flat Trader
2014-08-18 18:50 - 2014-08-18 18:50 - 00000000 ____D () C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
2014-08-18 18:48 - 2014-08-18 18:49 - 26915558 _____ (FX Flat ) C:\Users\1860\Downloads\Flat Trader Setup.exe
2014-08-16 09:09 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 09:08 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 06:36 - 2014-08-16 06:36 - 00000000 ____D () C:\ProgramData\Sun
2014-08-16 06:35 - 2014-08-16 06:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-15 21:43 - 2014-08-15 21:43 - 00918440 _____ (Oracle Corporation) C:\Users\1860\Downloads\chromeinstall-7u67.exe
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00011776 _____ (MBB Incorporated) C:\Windows\system32\Drivers\massfilter.sys
2014-08-15 19:34 - 2014-08-15 19:36 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
2014-08-15 08:14 - 2014-08-15 08:14 - 01677928 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetup (2).exe
2014-08-15 05:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 05:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 05:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 05:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 05:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 05:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 05:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 05:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 20:34 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 20:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 20:34 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 20:34 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 20:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 20:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 20:34 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 20:34 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 20:34 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 20:34 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 20:34 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 20:34 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 20:34 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 20:34 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 20:16 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 20:16 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 20:16 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 20:16 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 20:16 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 20:16 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 20:16 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 20:16 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 20:16 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 20:16 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 20:16 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 20:16 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 20:16 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 20:16 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 20:16 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 20:16 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 20:16 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 20:16 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 20:16 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 20:16 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 20:16 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 20:16 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 20:16 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 20:16 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 20:16 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 20:16 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 20:16 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 20:16 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 20:16 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 20:16 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 20:16 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 20:16 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 20:16 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 20:16 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 20:16 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 20:16 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 20:16 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 20:16 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 20:16 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 20:16 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 20:16 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 20:16 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 20:16 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 20:16 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 20:16 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 20:16 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 20:16 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 20:16 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 20:16 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 20:16 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 20:16 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 20:16 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 20:16 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 20:16 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 20:16 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 20:16 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 20:15 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 20:15 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 20:14 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 20:14 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 16:07 - 2014-09-09 20:51 - 00011065 _____ () C:\Users\1860\Downloads\FRST.txt
2014-09-10 16:07 - 2014-09-09 20:51 - 00000000 ____D () C:\FRST
2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\Users\1860\Downloads\FRST-OlderVersion
2014-09-10 16:06 - 2014-09-09 20:50 - 02105856 _____ (Farbar) C:\Users\1860\Downloads\FRST64.exe
2014-09-10 15:59 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 15:59 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 15:56 - 2014-03-06 14:04 - 01154795 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 15:51 - 2014-09-07 07:26 - 00000280 _____ () C:\Windows\setupact.log
2014-09-10 15:51 - 2014-08-29 10:45 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-09-10 15:51 - 2014-05-25 21:14 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 15:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 15:25 - 2014-05-25 21:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 15:16 - 2014-05-11 13:23 - 00000000 ____D () C:\ProgramData\Nokia
2014-09-10 15:16 - 2014-05-11 13:19 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-09-10 15:01 - 2014-03-06 14:49 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Skype
2014-09-10 15:00 - 2014-03-06 14:23 - 00109896 _____ () C:\Users\1860\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-10 14:59 - 2014-09-08 19:06 - 00000980 _____ () C:\Windows\PFRO.log
2014-09-10 14:59 - 2009-07-14 06:45 - 00431024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 14:57 - 2014-09-10 14:57 - 00000000 ____D () C:\Users\1860\AppData\Roaming\AppSplash
2014-09-10 14:57 - 2014-08-29 18:24 - 00000000 ____D () C:\Program Files (x86)\OneBrowse
2014-09-10 14:57 - 2014-03-31 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 14:48 - 2014-03-17 19:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 14:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-10 14:45 - 2014-03-17 19:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-10 14:45 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-09-10 14:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-10 14:41 - 2009-07-14 04:34 - 00000387 _____ () C:\Windows\win.ini
2014-09-10 14:18 - 2014-03-10 14:55 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job
2014-09-10 14:18 - 2014-03-10 14:55 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job
2014-09-09 20:53 - 2014-09-09 20:52 - 00043409 _____ () C:\Users\1860\Downloads\Addition.txt
2014-09-09 20:34 - 2014-09-09 20:34 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 20:34 - 2014-03-06 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 20:34 - 2014-03-06 16:27 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 20:34 - 2014-03-06 15:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 18:47 - 2014-09-09 18:47 - 00064150 _____ () C:\Users\1860\Downloads\Extras.Txt
2014-09-09 18:46 - 2014-09-09 18:46 - 00123594 _____ () C:\Users\1860\Downloads\OTL.Txt
2014-09-09 18:31 - 2014-09-09 18:31 - 00602112 _____ (OldTimer Tools) C:\Users\1860\Downloads\otl.exe
2014-09-09 14:44 - 2014-08-29 18:27 - 00001024 _____ () C:\.rnd
2014-09-08 13:37 - 2014-03-15 06:33 - 00000000 ____D () C:\Users\1860\Documents\UseNeXT
2014-09-07 18:43 - 2014-03-15 06:33 - 00000000 ____D () C:\Users\1860\AppData\Roaming\UseNeXT
2014-09-07 07:26 - 2014-09-07 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:05 - 2014-09-06 20:05 - 00000655 _____ () C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
2014-09-05 14:54 - 2014-09-05 14:54 - 00031370 _____ () C:\Users\1860\Documents\cc_20140905_145425.reg
2014-09-05 14:32 - 2014-09-05 14:30 - 00000000 ____D () C:\Users\1860\Desktop\steuer, viren, bileder,bewerbung,30 euro
2014-09-05 14:31 - 2014-09-05 14:31 - 04901352 _____ (Piriform Ltd) C:\Users\1860\Downloads\ccsetup417.exe
2014-09-05 14:31 - 2014-08-03 15:42 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-05 14:31 - 2014-08-03 15:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-05 14:24 - 2009-07-14 19:58 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-09-05 14:24 - 2009-07-14 19:58 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-09-05 14:24 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 20:40 - 2014-03-18 16:08 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-31 18:34 - 2014-08-31 18:34 - 00345156 _____ () C:\Users\1860\Downloads\regsearch.zip
2014-08-31 18:14 - 2014-08-31 18:14 - 00021569 _____ () C:\ComboFix.txt
2014-08-31 18:14 - 2014-08-31 17:54 - 00000000 ____D () C:\Qoobox
2014-08-31 18:14 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-31 18:12 - 2014-08-31 17:54 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 18:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-31 17:50 - 2014-08-31 17:49 - 05576326 ____R (Swearware) C:\Users\1860\Desktop\ComboFix.exe
2014-08-31 17:47 - 2014-08-31 17:47 - 00034169 _____ () C:\Windows\system32\hjtscanlist.txt
2014-08-31 17:40 - 2014-08-31 17:40 - 00002097 _____ () C:\Users\1860\Downloads\hjtscanlist.zip
2014-08-29 22:02 - 2014-08-29 22:02 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
2014-08-29 21:56 - 2014-08-29 21:56 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
2014-08-29 18:36 - 2014-08-29 18:36 - 00000000 ____D () C:\Users\1860\AppData\Roaming\qBittorrent
2014-08-29 18:35 - 2014-08-29 18:35 - 00000000 ____D () C:\Users\1860\.idlerc
2014-08-29 18:35 - 2014-03-06 14:15 - 00000000 ____D () C:\Users\1860
2014-08-29 18:29 - 2014-08-29 18:29 - 00000000 ____D () C:\Users\1860\Documents\PC Speed Maximizer
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 18:27 - 2014-08-29 18:27 - 00003337 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.v3.0.0.82.incl.crack.torrent
2014-08-29 18:25 - 2014-08-29 18:25 - 00002521 _____ () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-29 18:23 - 2014-08-29 18:23 - 00642592 _____ () C:\Users\1860\Downloads\Easy Torrent.exe
2014-08-29 18:23 - 2014-08-29 18:23 - 00012357 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.3.0.0.82.crack.torrent
2014-08-29 18:01 - 2014-08-29 18:01 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-29 13:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 12:30 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (3).exe
2014-08-29 12:30 - 2014-07-06 13:02 - 00011928 _____ () C:\Users\1860\Downloads\hijackthis.log
2014-08-29 12:29 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (2).exe
2014-08-29 10:44 - 2014-08-29 10:45 - 00937232 _____ (Crawler.com ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager [1].exe
2014-08-29 10:44 - 2014-08-29 10:44 - 00816064 _____ ( ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe
2014-08-29 06:38 - 2014-08-29 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-29 06:38 - 2014-07-30 18:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 06:37 - 2014-07-30 18:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-28 07:31 - 2014-08-21 10:24 - 00000000 ____D () C:\Users\1860\Documents\BewerbungsMaster
2014-08-28 06:49 - 2014-03-06 14:15 - 00000000 ____D () C:\Users\1860\AppData\Local\VirtualStore
2014-08-28 06:47 - 2014-05-08 12:09 - 00000000 ____D () C:\Users\1860\Desktop\bilder auto
2014-08-28 06:46 - 2014-08-28 06:46 - 00001785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arCV.lnk
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\arcv
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\arcv
2014-08-28 06:45 - 2014-08-28 06:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-28 06:44 - 2014-08-28 06:44 - 12601114 _____ () C:\Users\1860\Downloads\arcv.exe
2014-08-25 10:46 - 2014-08-21 10:28 - 00000003 _____ () C:\Users\1860\Documents\bmm.cfg
2014-08-25 10:46 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\BewerbungsMaster
2014-08-23 04:07 - 2014-08-28 06:38 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 06:38 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 06:38 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:37 - 2014-08-22 13:37 - 00040218 _____ () C:\Users\1860\Downloads\dbox_astra_matze (1).zip
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FlashFXP
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-08-22 13:19 - 2014-08-22 13:19 - 00000055 _____ () C:\Users\1860\Downloads\CCcam.cfg
2014-08-21 13:26 - 2014-08-21 13:25 - 00000000 ____D () C:\Users\1860\AppData\Roaming\elsterformular
2014-08-21 13:25 - 2014-08-21 13:25 - 00000000 ____D () C:\ProgramData\elsterformular
2014-08-21 10:27 - 2014-08-21 10:23 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-08-21 10:24 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 10:23 - 2014-08-21 10:23 - 00335872 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 05:06 - 2014-03-17 18:11 - 00000000 ____D () C:\Users\1860\AppData\Roaming\DAEMON Tools Lite
2014-08-20 12:21 - 2014-05-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLearn
2014-08-20 12:21 - 2014-05-01 18:52 - 00000000 ____D () C:\eLearn
2014-08-20 12:19 - 2014-08-20 12:18 - 25000000 _____ () C:\Users\1860\Downloads\Grande Punto eLEARN.part01 (1).rar
2014-08-18 20:44 - 2014-08-18 20:44 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FX Flat
2014-08-18 19:14 - 2014-08-18 19:14 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Users\1860\AppData\Roaming\TeamViewer
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-18 19:13 - 2014-08-18 19:13 - 06304880 _____ (TeamViewer GmbH) C:\Users\1860\Downloads\TeamViewer_Setup_de.exe
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FX Flat
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 18:53 - 2014-08-18 18:52 - 00000000 ____D () C:\Program Files (x86)\Flat Trader
2014-08-18 18:50 - 2014-08-18 18:50 - 00000000 ____D () C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
2014-08-18 18:49 - 2014-08-18 18:48 - 26915558 _____ (FX Flat ) C:\Users\1860\Downloads\Flat Trader Setup.exe
2014-08-17 05:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-16 20:54 - 2014-03-15 06:37 - 00000404 _____ () C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2014-08-16 09:09 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 09:08 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 06:36 - 2014-08-16 06:36 - 00000000 ____D () C:\ProgramData\Sun
2014-08-16 06:34 - 2014-08-16 06:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-15 21:43 - 2014-08-15 21:43 - 00918440 _____ (Oracle Corporation) C:\Users\1860\Downloads\chromeinstall-7u67.exe
2014-08-15 19:36 - 2014-08-15 19:34 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
2014-08-15 19:34 - 2014-03-15 10:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-15 08:14 - 2014-08-15 08:14 - 01677928 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetup (2).exe
2014-08-15 05:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 05:50 - 2014-05-12 08:10 - 00000000 ___SD () C:\Windows\system32\CompatTel

Some content of TEMP:
====================
C:\Users\1860\AppData\Local\Temp\avgnt.exe
C:\Users\1860\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 19:16

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 10.09.2014 15:54
Deinstallier mal Apple's Bonjour, der müllt dein Ereignisprotokoll voll. Vllt hängt deine langsame Kiste damit ja auch zusammen. Vgl. http://praxistipps.chip.de/was-ist-b...ieder-los_2809

alex1860 10.09.2014 16:21
also das bonjour ist weg denk ich mal.
was könnt ich noch machen?

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by 1860 at 2014-09-10 17:20:15
Running from C:\Users\1860\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
arCV (HKLM-x32\...\{ACC1683B-5AB9-429A-88C2-D575424009D0}) (Version: 4.3.3 - Arne Reuter)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CopyTrans Control Center deinstallieren (HKCU\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.0816 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.0816 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
eLearn CDROM 1.0 (HKLM-x32\...\eLearn 1.2.1_is1) (Version:  - FIAT Auto S.p.A.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Flat Trader (HKCU\...\InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}) (Version: 2.38.56.7.2.1 - FX Flat)
Flat Trader (x32 Version: 2.38.56.7.2.1 - FX Flat) Hidden
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6321 - Realtek Semiconductor Corp.)
SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode Version 3.1.8.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.8.8 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-08-2014 16:52:41 Geplanter Prüfpunkt
28-08-2014 04:45:27 arCV wird installiert
29-08-2014 16:31:57 Installed Python 2.7.2
31-08-2014 15:57:27 ComboFix created restore point
03-09-2014 12:24:13 Windows Update
10-09-2014 12:37:53 Removed Microsoft Office Professional Plus 2013
10-09-2014 12:38:42 PROPLUSR
10-09-2014 13:04:55 Nokia Connectivity Cable Driver wird entfernt
10-09-2014 13:46:34 Removed Python 2.7.2
10-09-2014 15:03:03 Removed Bonjour

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-31 18:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FA62DF7-79A8-4232-9582-F1718B017E20} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15B696BE-385F-45D0-81E0-F1B0ADEDC9AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {208AA79F-9418-4C41-BF4E-687CE6F0BEF9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: {64BDF030-3E0D-4454-8A97-14E4F61D526A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6FAEB5A2-5CEE-43D7-8950-05A6AC803870} - System32\Tasks\{7D477009-58F9-4698-B334-40CE5E979124} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.106&amp;LastError=12007
Task: {77D07EF3-F7DB-4204-9EEF-D471241CD5C4} - \AutoKMS No Task File <==== ATTENTION
Task: {C5352DB3-4A18-4108-80C6-540773412094} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {C58DCE38-CD62-4901-9381-A142415BFC59} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: {DAA2DEB8-E9BD-41A0-9E74-B7C666D0A488} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-18 16:08 - 2009-08-13 13:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2014-08-15 19:34 - 2011-08-25 10:50 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2013-10-31 11:24 - 2013-10-31 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-03 14:48 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\1860\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00051016 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00716616 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00100168 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 04061000 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00394568 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 01647432 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: ST2012_Svc => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: Facebook Update => "C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleChromeAutoLaunch_643ADABA1D5F8841A8D9FF4E8733D2D0 => "C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\1860\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\1860\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2014 03:46:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2138

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2138

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1124

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1124

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21612488

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21612488

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/09/2014 02:45:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "OneBrowseService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/09/2014 02:26:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎09.‎09.‎2014 um 05:32:50 unerwartet heruntergefahren.

Error: (09/09/2014 05:18:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎09.‎2014 um 22:22:54 unerwartet heruntergefahren.

Error: (09/08/2014 07:09:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Adobe Acrobat Update Service erreicht.

Error: (09/08/2014 07:08:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎09.‎2014 um 13:38:57 unerwartet heruntergefahren.

Error: (09/07/2014 03:42:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (09/03/2014 02:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "OneBrowseService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/03/2014 02:22:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/02/2014 03:14:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/01/2014 03:05:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/10/2014 03:46:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2138

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2138

Error: (09/10/2014 03:09:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1124

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1124

Error: (09/10/2014 03:09:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21612488

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21612488

Error: (09/10/2014 03:09:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2014-08-31 18:04:29.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.313
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.208
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.099
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:59:39.599
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:59:39.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 34%
Total physical RAM: 4003 MB
Available physical RAM: 2630.8 MB
Total Pagefile: 8004.19 MB
Available Pagefile: 6351.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:657.53 GB) (Free:308.96 GB) NTFS
Drive d: (Recover) (Fixed) (Total:38 GB) (Free:16.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E47B19CB)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=657.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by 1860 (administrator) on 1860-PC on 10-09-2014 17:19:25
Running from C:\Users\1860\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\1860\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\1860\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (YouTube) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Adblock Plus) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-29]
CHR Extension: (Google-Suche) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Google Mail) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2011-08-25] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-17] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [76400 2011-01-25] (Atheros Communications, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\Users\1860\Downloads\FRST-OlderVersion
2014-09-10 14:57 - 2014-09-10 14:57 - 00000000 ____D () C:\Users\1860\AppData\Roaming\AppSplash
2014-09-09 20:52 - 2014-09-10 16:08 - 00024933 _____ () C:\Users\1860\Downloads\Addition.txt
2014-09-09 20:51 - 2014-09-10 17:19 - 00011035 _____ () C:\Users\1860\Downloads\FRST.txt
2014-09-09 20:51 - 2014-09-10 17:19 - 00000000 ____D () C:\FRST
2014-09-09 20:50 - 2014-09-10 16:06 - 02105856 _____ (Farbar) C:\Users\1860\Downloads\FRST64.exe
2014-09-09 20:34 - 2014-09-09 20:34 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 18:47 - 2014-09-09 18:47 - 00064150 _____ () C:\Users\1860\Downloads\Extras.Txt
2014-09-09 18:46 - 2014-09-09 18:46 - 00123594 _____ () C:\Users\1860\Downloads\OTL.Txt
2014-09-09 18:31 - 2014-09-09 18:31 - 00602112 _____ (OldTimer Tools) C:\Users\1860\Downloads\otl.exe
2014-09-08 19:06 - 2014-09-10 14:59 - 00000980 _____ () C:\Windows\PFRO.log
2014-09-07 07:26 - 2014-09-10 17:08 - 00000336 _____ () C:\Windows\setupact.log
2014-09-07 07:26 - 2014-09-07 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:05 - 2014-09-06 20:05 - 00000655 _____ () C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
2014-09-05 14:54 - 2014-09-05 14:54 - 00031370 _____ () C:\Users\1860\Documents\cc_20140905_145425.reg
2014-09-05 14:31 - 2014-09-05 14:31 - 04901352 _____ (Piriform Ltd) C:\Users\1860\Downloads\ccsetup417.exe
2014-09-05 14:30 - 2014-09-05 14:32 - 00000000 ____D () C:\Users\1860\Desktop\steuer, viren, bileder,bewerbung,30 euro
2014-08-31 18:34 - 2014-08-31 18:34 - 00345156 _____ () C:\Users\1860\Downloads\regsearch.zip
2014-08-31 18:14 - 2014-08-31 18:14 - 00021569 _____ () C:\ComboFix.txt
2014-08-31 17:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-31 17:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-31 17:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-31 17:54 - 2014-08-31 18:14 - 00000000 ____D () C:\Qoobox
2014-08-31 17:54 - 2014-08-31 18:12 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 17:49 - 2014-08-31 17:50 - 05576326 ____R (Swearware) C:\Users\1860\Desktop\ComboFix.exe
2014-08-31 17:47 - 2014-08-31 17:47 - 00034169 _____ () C:\Windows\system32\hjtscanlist.txt
2014-08-31 17:40 - 2014-08-31 17:40 - 00002097 _____ () C:\Users\1860\Downloads\hjtscanlist.zip
2014-08-29 22:02 - 2014-08-29 22:02 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
2014-08-29 21:56 - 2014-08-29 21:56 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
2014-08-29 18:36 - 2014-08-29 18:36 - 00000000 ____D () C:\Users\1860\AppData\Roaming\qBittorrent
2014-08-29 18:35 - 2014-08-29 18:35 - 00000000 ____D () C:\Users\1860\.idlerc
2014-08-29 18:29 - 2014-08-29 18:29 - 00000000 ____D () C:\Users\1860\Documents\PC Speed Maximizer
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 18:27 - 2014-09-09 14:44 - 00001024 _____ () C:\.rnd
2014-08-29 18:27 - 2014-08-29 18:27 - 00003337 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.v3.0.0.82.incl.crack.torrent
2014-08-29 18:25 - 2014-08-29 18:25 - 00002521 _____ () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-29 18:24 - 2014-09-10 14:57 - 00000000 ____D () C:\Program Files (x86)\OneBrowse
2014-08-29 18:23 - 2014-08-29 18:23 - 00642592 _____ () C:\Users\1860\Downloads\Easy Torrent.exe
2014-08-29 18:23 - 2014-08-29 18:23 - 00012357 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.3.0.0.82.crack.torrent
2014-08-29 18:01 - 2014-08-29 18:01 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-29 12:29 - 2014-08-29 12:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (3).exe
2014-08-29 12:29 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (2).exe
2014-08-29 10:45 - 2014-09-10 15:51 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-08-29 10:45 - 2014-08-29 10:44 - 00937232 _____ (Crawler.com ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager [1].exe
2014-08-29 10:44 - 2014-08-29 10:44 - 00816064 _____ ( ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe
2014-08-29 06:37 - 2014-08-29 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-28 06:46 - 2014-08-28 06:46 - 00001785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arCV.lnk
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\arcv
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\arcv
2014-08-28 06:45 - 2014-08-28 06:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-28 06:44 - 2014-08-28 06:44 - 12601114 _____ () C:\Users\1860\Downloads\arcv.exe
2014-08-28 06:38 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 06:38 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 06:38 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:37 - 2014-08-22 13:37 - 00040218 _____ () C:\Users\1860\Downloads\dbox_astra_matze (1).zip
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FlashFXP
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-08-22 13:19 - 2014-08-22 13:19 - 00000055 _____ () C:\Users\1860\Downloads\CCcam.cfg
2014-08-21 13:25 - 2014-08-21 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\elsterformular
2014-08-21 13:25 - 2014-08-21 13:25 - 00000000 ____D () C:\ProgramData\elsterformular
2014-08-21 10:28 - 2014-08-25 10:46 - 00000003 _____ () C:\Users\1860\Documents\bmm.cfg
2014-08-21 10:24 - 2014-08-28 07:31 - 00000000 ____D () C:\Users\1860\Documents\BewerbungsMaster
2014-08-21 10:24 - 2014-08-25 10:46 - 00000000 ____D () C:\ProgramData\BewerbungsMaster
2014-08-21 10:24 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 10:23 - 2014-08-21 10:27 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-08-21 10:23 - 2014-08-21 10:23 - 00335872 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-20 12:18 - 2014-08-20 12:19 - 25000000 _____ () C:\Users\1860\Downloads\Grande Punto eLEARN.part01 (1).rar
2014-08-19 06:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 06:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 06:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 06:26 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 06:26 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 06:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 06:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 06:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 06:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-18 20:44 - 2014-08-18 20:44 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FX Flat
2014-08-18 19:14 - 2014-08-18 19:14 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Users\1860\AppData\Roaming\TeamViewer
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-18 19:13 - 2014-08-18 19:13 - 06304880 _____ (TeamViewer GmbH) C:\Users\1860\Downloads\TeamViewer_Setup_de.exe
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FX Flat
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 18:52 - 2014-08-18 18:53 - 00000000 ____D () C:\Program Files (x86)\Flat Trader
2014-08-18 18:50 - 2014-08-18 18:50 - 00000000 ____D () C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
2014-08-18 18:48 - 2014-08-18 18:49 - 26915558 _____ (FX Flat ) C:\Users\1860\Downloads\Flat Trader Setup.exe
2014-08-16 09:09 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 09:08 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 06:36 - 2014-08-16 06:36 - 00000000 ____D () C:\ProgramData\Sun
2014-08-16 06:35 - 2014-08-16 06:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-15 21:43 - 2014-08-15 21:43 - 00918440 _____ (Oracle Corporation) C:\Users\1860\Downloads\chromeinstall-7u67.exe
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00011776 _____ (MBB Incorporated) C:\Windows\system32\Drivers\massfilter.sys
2014-08-15 19:34 - 2014-08-15 19:36 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
2014-08-15 08:14 - 2014-08-15 08:14 - 01677928 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetup (2).exe
2014-08-15 05:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 05:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 05:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 05:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 05:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 05:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 05:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 05:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 20:34 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 20:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 20:34 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 20:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 20:34 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 20:34 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 20:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 20:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 20:34 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 20:34 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 20:34 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 20:34 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 20:34 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 20:34 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 20:34 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 20:34 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 20:16 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 20:16 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 20:16 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 20:16 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 20:16 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 20:16 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 20:16 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 20:16 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 20:16 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 20:16 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 20:16 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 20:16 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 20:16 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 20:16 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 20:16 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 20:16 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 20:16 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 20:16 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 20:16 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 20:16 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 20:16 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 20:16 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 20:16 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 20:16 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 20:16 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 20:16 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 20:16 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 20:16 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 20:16 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 20:16 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 20:16 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 20:16 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 20:16 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 20:16 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 20:16 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 20:16 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 20:16 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 20:16 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 20:16 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 20:16 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 20:16 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 20:16 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 20:16 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 20:16 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 20:16 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 20:16 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 20:16 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 20:16 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 20:16 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 20:16 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 20:16 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 20:16 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 20:16 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 20:16 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 20:16 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 20:16 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 20:15 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 20:15 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 20:14 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 20:14 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 17:19 - 2014-09-09 20:51 - 00011035 _____ () C:\Users\1860\Downloads\FRST.txt
2014-09-10 17:19 - 2014-09-09 20:51 - 00000000 ____D () C:\FRST
2014-09-10 17:17 - 2014-05-25 21:14 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 17:16 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 17:16 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 17:12 - 2014-03-06 14:04 - 01178562 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 17:08 - 2014-09-07 07:26 - 00000336 _____ () C:\Windows\setupact.log
2014-09-10 17:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 17:01 - 2014-03-10 14:55 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job
2014-09-10 16:25 - 2014-05-25 21:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 16:08 - 2014-09-09 20:52 - 00024933 _____ () C:\Users\1860\Downloads\Addition.txt
2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\Users\1860\Downloads\FRST-OlderVersion
2014-09-10 16:06 - 2014-09-09 20:50 - 02105856 _____ (Farbar) C:\Users\1860\Downloads\FRST64.exe
2014-09-10 15:51 - 2014-08-29 10:45 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-09-10 15:16 - 2014-05-11 13:23 - 00000000 ____D () C:\ProgramData\Nokia
2014-09-10 15:16 - 2014-05-11 13:19 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-09-10 15:01 - 2014-03-06 14:49 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Skype
2014-09-10 15:00 - 2014-03-06 14:23 - 00109896 _____ () C:\Users\1860\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-10 14:59 - 2014-09-08 19:06 - 00000980 _____ () C:\Windows\PFRO.log
2014-09-10 14:59 - 2009-07-14 06:45 - 00431024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 14:57 - 2014-09-10 14:57 - 00000000 ____D () C:\Users\1860\AppData\Roaming\AppSplash
2014-09-10 14:57 - 2014-08-29 18:24 - 00000000 ____D () C:\Program Files (x86)\OneBrowse
2014-09-10 14:57 - 2014-03-31 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 14:48 - 2014-03-17 19:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 14:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-10 14:45 - 2014-03-17 19:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-10 14:45 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-09-10 14:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-10 14:41 - 2009-07-14 04:34 - 00000387 _____ () C:\Windows\win.ini
2014-09-10 14:18 - 2014-03-10 14:55 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job
2014-09-09 20:34 - 2014-09-09 20:34 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 20:34 - 2014-03-06 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 20:34 - 2014-03-06 16:27 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 20:34 - 2014-03-06 15:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 18:47 - 2014-09-09 18:47 - 00064150 _____ () C:\Users\1860\Downloads\Extras.Txt
2014-09-09 18:46 - 2014-09-09 18:46 - 00123594 _____ () C:\Users\1860\Downloads\OTL.Txt
2014-09-09 18:31 - 2014-09-09 18:31 - 00602112 _____ (OldTimer Tools) C:\Users\1860\Downloads\otl.exe
2014-09-09 14:44 - 2014-08-29 18:27 - 00001024 _____ () C:\.rnd
2014-09-08 13:37 - 2014-03-15 06:33 - 00000000 ____D () C:\Users\1860\Documents\UseNeXT
2014-09-07 18:43 - 2014-03-15 06:33 - 00000000 ____D () C:\Users\1860\AppData\Roaming\UseNeXT
2014-09-07 07:26 - 2014-09-07 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:05 - 2014-09-06 20:05 - 00000655 _____ () C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
2014-09-05 14:54 - 2014-09-05 14:54 - 00031370 _____ () C:\Users\1860\Documents\cc_20140905_145425.reg
2014-09-05 14:32 - 2014-09-05 14:30 - 00000000 ____D () C:\Users\1860\Desktop\steuer, viren, bileder,bewerbung,30 euro
2014-09-05 14:31 - 2014-09-05 14:31 - 04901352 _____ (Piriform Ltd) C:\Users\1860\Downloads\ccsetup417.exe
2014-09-05 14:31 - 2014-08-03 15:42 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-05 14:31 - 2014-08-03 15:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-05 14:24 - 2009-07-14 19:58 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-09-05 14:24 - 2009-07-14 19:58 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-09-05 14:24 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 20:40 - 2014-03-18 16:08 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-31 18:34 - 2014-08-31 18:34 - 00345156 _____ () C:\Users\1860\Downloads\regsearch.zip
2014-08-31 18:14 - 2014-08-31 18:14 - 00021569 _____ () C:\ComboFix.txt
2014-08-31 18:14 - 2014-08-31 17:54 - 00000000 ____D () C:\Qoobox
2014-08-31 18:14 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-31 18:12 - 2014-08-31 17:54 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 18:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-31 17:50 - 2014-08-31 17:49 - 05576326 ____R (Swearware) C:\Users\1860\Desktop\ComboFix.exe
2014-08-31 17:47 - 2014-08-31 17:47 - 00034169 _____ () C:\Windows\system32\hjtscanlist.txt
2014-08-31 17:40 - 2014-08-31 17:40 - 00002097 _____ () C:\Users\1860\Downloads\hjtscanlist.zip
2014-08-29 22:02 - 2014-08-29 22:02 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
2014-08-29 21:56 - 2014-08-29 21:56 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
2014-08-29 18:36 - 2014-08-29 18:36 - 00000000 ____D () C:\Users\1860\AppData\Roaming\qBittorrent
2014-08-29 18:35 - 2014-08-29 18:35 - 00000000 ____D () C:\Users\1860\.idlerc
2014-08-29 18:35 - 2014-03-06 14:15 - 00000000 ____D () C:\Users\1860
2014-08-29 18:29 - 2014-08-29 18:29 - 00000000 ____D () C:\Users\1860\Documents\PC Speed Maximizer
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 18:27 - 2014-08-29 18:27 - 00003337 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.v3.0.0.82.incl.crack.torrent
2014-08-29 18:25 - 2014-08-29 18:25 - 00002521 _____ () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-29 18:23 - 2014-08-29 18:23 - 00642592 _____ () C:\Users\1860\Downloads\Easy Torrent.exe
2014-08-29 18:23 - 2014-08-29 18:23 - 00012357 _____ () C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.3.0.0.82.crack.torrent
2014-08-29 18:01 - 2014-08-29 18:01 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-29 13:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 12:30 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (3).exe
2014-08-29 12:30 - 2014-07-06 13:02 - 00011928 _____ () C:\Users\1860\Downloads\hijackthis.log
2014-08-29 12:29 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (2).exe
2014-08-29 10:44 - 2014-08-29 10:45 - 00937232 _____ (Crawler.com ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager [1].exe
2014-08-29 10:44 - 2014-08-29 10:44 - 00816064 _____ ( ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe
2014-08-29 06:38 - 2014-08-29 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-29 06:38 - 2014-07-30 18:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 06:37 - 2014-07-30 18:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-28 07:31 - 2014-08-21 10:24 - 00000000 ____D () C:\Users\1860\Documents\BewerbungsMaster
2014-08-28 06:49 - 2014-03-06 14:15 - 00000000 ____D () C:\Users\1860\AppData\Local\VirtualStore
2014-08-28 06:47 - 2014-05-08 12:09 - 00000000 ____D () C:\Users\1860\Desktop\bilder auto
2014-08-28 06:46 - 2014-08-28 06:46 - 00001785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arCV.lnk
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\arcv
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\arcv
2014-08-28 06:45 - 2014-08-28 06:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-28 06:44 - 2014-08-28 06:44 - 12601114 _____ () C:\Users\1860\Downloads\arcv.exe
2014-08-25 10:46 - 2014-08-21 10:28 - 00000003 _____ () C:\Users\1860\Documents\bmm.cfg
2014-08-25 10:46 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\BewerbungsMaster
2014-08-23 04:07 - 2014-08-28 06:38 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 06:38 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 06:38 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:37 - 2014-08-22 13:37 - 00040218 _____ () C:\Users\1860\Downloads\dbox_astra_matze (1).zip
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FlashFXP
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-08-22 13:19 - 2014-08-22 13:19 - 00000055 _____ () C:\Users\1860\Downloads\CCcam.cfg
2014-08-21 13:26 - 2014-08-21 13:25 - 00000000 ____D () C:\Users\1860\AppData\Roaming\elsterformular
2014-08-21 13:25 - 2014-08-21 13:25 - 00000000 ____D () C:\ProgramData\elsterformular
2014-08-21 10:27 - 2014-08-21 10:23 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-08-21 10:24 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 10:23 - 2014-08-21 10:23 - 00335872 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 05:06 - 2014-03-17 18:11 - 00000000 ____D () C:\Users\1860\AppData\Roaming\DAEMON Tools Lite
2014-08-20 12:21 - 2014-05-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLearn
2014-08-20 12:21 - 2014-05-01 18:52 - 00000000 ____D () C:\eLearn
2014-08-20 12:19 - 2014-08-20 12:18 - 25000000 _____ () C:\Users\1860\Downloads\Grande Punto eLEARN.part01 (1).rar
2014-08-18 20:44 - 2014-08-18 20:44 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FX Flat
2014-08-18 19:14 - 2014-08-18 19:14 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Users\1860\AppData\Roaming\TeamViewer
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-18 19:13 - 2014-08-18 19:13 - 06304880 _____ (TeamViewer GmbH) C:\Users\1860\Downloads\TeamViewer_Setup_de.exe
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FX Flat
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 18:53 - 2014-08-18 18:52 - 00000000 ____D () C:\Program Files (x86)\Flat Trader
2014-08-18 18:50 - 2014-08-18 18:50 - 00000000 ____D () C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
2014-08-18 18:49 - 2014-08-18 18:48 - 26915558 _____ (FX Flat ) C:\Users\1860\Downloads\Flat Trader Setup.exe
2014-08-17 05:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-16 20:54 - 2014-03-15 06:37 - 00000404 _____ () C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2014-08-16 09:09 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 09:08 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 06:36 - 2014-08-16 06:36 - 00000000 ____D () C:\ProgramData\Sun
2014-08-16 06:34 - 2014-08-16 06:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-15 21:43 - 2014-08-15 21:43 - 00918440 _____ (Oracle Corporation) C:\Users\1860\Downloads\chromeinstall-7u67.exe
2014-08-15 19:36 - 2014-08-15 19:34 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
2014-08-15 19:34 - 2014-03-15 10:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-15 08:14 - 2014-08-15 08:14 - 01677928 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetup (2).exe
2014-08-15 05:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 05:50 - 2014-05-12 08:10 - 00000000 ___SD () C:\Windows\system32\CompatTel

Some content of TEMP:
====================
C:\Users\1860\AppData\Local\Temp\avgnt.exe
C:\Users\1860\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 19:16

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 10.09.2014 23:15
Zitat:
was könnt ich noch machen?
Vllt mal testen ob es ohne Bonjour etwas besser geworden ist...

alex1860 11.09.2014 12:48
naja nicht wirklich besser geworden

cosinus 11.09.2014 14:18
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

alex1860 11.09.2014 19:17
Code:
ComboFix 14-09-11.01 - 1860 11.09.2014  18:56:16.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4003.2416 [GMT 2:00]
ausgeführt von:: c:\users\1860\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\1860\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-11 bis 2014-09-11  ))))))))))))))))))))))))))))))
.
.
2014-09-11 17:01 . 2014-09-11 17:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-09-10 12:57 . 2014-09-10 12:57        --------        d-----w-        c:\users\1860\AppData\Roaming\AppSplash
2014-09-09 18:51 . 2014-09-10 15:20        --------        d-----w-        C:\FRST
2014-08-29 16:36 . 2014-08-29 16:36        --------        d-----w-        c:\users\1860\AppData\Roaming\qBittorrent
2014-08-29 16:35 . 2014-08-29 16:35        --------        d-----w-        c:\users\1860\.idlerc
2014-08-29 16:28 . 2014-08-29 16:28        --------        d-----w-        c:\users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 16:28 . 2014-08-29 16:28        --------        d-----w-        c:\users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 16:24 . 2014-09-10 12:57        --------        d-----w-        c:\program files (x86)\OneBrowse
2014-08-29 16:01 . 2014-08-29 16:01        51496        ----a-w-        c:\windows\system32\drivers\stflt.sys
2014-08-29 08:45 . 2014-09-10 13:51        --------        d-----w-        c:\program files (x86)\Spyware Terminator
2014-08-29 04:37 . 2014-08-29 04:37        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2014-08-28 04:46 . 2014-08-28 04:46        --------        d-----w-        c:\program files (x86)\Common Files\Borland Shared
2014-08-28 04:46 . 2014-08-28 04:46        --------        d-----w-        c:\program files (x86)\arcv
2014-08-28 04:46 . 2014-08-28 04:46        --------        d-----w-        C:\arcv
2014-08-28 04:45 . 2014-08-28 04:45        --------        d-----w-        c:\windows\Downloaded Installations
2014-08-28 04:38 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-28 04:38 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-28 04:38 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-08-22 11:26 . 2014-08-22 11:26        --------        d-----w-        c:\users\1860\AppData\Roaming\FlashFXP
2014-08-22 11:26 . 2014-08-22 11:26        --------        d-----w-        c:\programdata\FlashFXP
2014-08-21 11:25 . 2014-08-21 11:26        --------        d-----w-        c:\users\1860\AppData\Roaming\elsterformular
2014-08-21 11:25 . 2014-08-21 11:25        --------        d-----w-        c:\programdata\elsterformular
2014-08-21 08:24 . 2014-08-25 08:46        --------        d-----w-        c:\programdata\BewerbungsMaster
2014-08-21 08:23 . 2014-08-21 08:27        --------        d-----w-        c:\program files (x86)\BEWERBUNGSMASTER
2014-08-21 08:23 . 2014-08-21 08:23        335872        ------w-        c:\windows\Setup1.exe
2014-08-21 08:23 . 2014-08-21 08:23        74752        ----a-w-        c:\windows\ST6UNST.EXE
2014-08-19 04:26 . 2014-05-14 16:23        44512        ----a-w-        c:\windows\system32\wups2.dll
2014-08-19 04:26 . 2014-05-14 16:23        58336        ----a-w-        c:\windows\system32\wuauclt.exe
2014-08-19 04:26 . 2014-05-14 16:23        2477536        ----a-w-        c:\windows\system32\wuaueng.dll
2014-08-19 04:26 . 2014-05-14 16:21        2620928        ----a-w-        c:\windows\system32\wucltux.dll
2014-08-19 04:26 . 2014-05-14 16:23        38880        ----a-w-        c:\windows\system32\wups.dll
2014-08-19 04:26 . 2014-05-14 16:23        36320        ----a-w-        c:\windows\SysWow64\wups.dll
2014-08-19 04:26 . 2014-05-14 16:23        700384        ----a-w-        c:\windows\system32\wuapi.dll
2014-08-19 04:26 . 2014-05-14 16:23        581600        ----a-w-        c:\windows\SysWow64\wuapi.dll
2014-08-19 04:26 . 2014-05-14 16:20        97792        ----a-w-        c:\windows\system32\wudriver.dll
2014-08-19 04:26 . 2014-05-14 16:17        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2014-08-19 04:24 . 2014-05-14 07:23        198600        ----a-w-        c:\windows\system32\wuwebv.dll
2014-08-19 04:24 . 2014-05-14 07:23        179656        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2014-08-19 04:24 . 2014-05-14 07:20        36864        ----a-w-        c:\windows\system32\wuapp.exe
2014-08-19 04:24 . 2014-05-14 07:17        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2014-08-18 18:44 . 2014-08-18 18:44        --------        d-----w-        c:\users\1860\AppData\Roaming\FX Flat
2014-08-18 17:14 . 2014-08-18 17:14        --------        d-----w-        c:\users\1860\AppData\Roaming\TeamViewer
2014-08-18 17:14 . 2014-08-18 17:14        --------        d-----w-        c:\program files (x86)\TeamViewer
2014-08-18 16:53 . 2014-08-18 16:53        --------        d-----w-        c:\users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 16:52 . 2014-08-18 16:53        --------        d-----w-        c:\program files (x86)\Flat Trader
2014-08-16 07:08 . 2014-08-16 07:09        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 07:08 . 2014-08-16 07:09        --------        d-----w-        c:\program files\iTunes
2014-08-16 07:08 . 2014-08-16 07:09        --------        d-----w-        c:\program files (x86)\iTunes
2014-08-16 07:08 . 2014-08-16 07:08        --------        d-----w-        c:\program files\iPod
2014-08-16 04:36 . 2014-08-16 04:36        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-08-16 04:34 . 2014-08-16 04:34        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-16 04:34 . 2014-08-16 04:34        --------        d-----w-        c:\program files (x86)\Java
2014-08-15 17:35 . 2011-03-26 08:37        123520        ----a-w-        c:\windows\system32\drivers\ZTEusbser6k.sys
2014-08-15 17:35 . 2011-03-26 08:37        123520        ----a-w-        c:\windows\system32\drivers\ZTEusbnmea.sys
2014-08-15 17:35 . 2011-03-26 08:37        123520        ----a-w-        c:\windows\system32\drivers\ZTEusbmdm6k.sys
2014-08-15 17:35 . 2011-03-26 08:37        11776        ----a-w-        c:\windows\system32\drivers\massfilter.sys
2014-08-15 17:34 . 2014-08-15 17:34        --------        d-----w-        c:\windows\SysWow64\SupportAppCB
2014-08-15 17:34 . 2014-08-15 17:36        --------        d-----w-        c:\program files (x86)\1&1 Surf-Stick
2014-08-15 03:15 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll
2014-08-15 03:15 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe
2014-08-15 03:15 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll
2014-08-15 03:15 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe
2014-08-15 03:15 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-08-15 03:15 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-08-15 03:15 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 03:15 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2014-08-13 18:16 . 2014-07-25 13:42        48128        ----a-w-        c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-08-13 18:15 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-08-13 18:15 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-08-13 18:14 . 2014-08-07 02:06        529920        ----a-w-        c:\windows\system32\aepdu.dll
2014-08-13 18:14 . 2014-08-07 02:01        424448        ----a-w-        c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-29 10:16 . 2014-03-11 12:47        42040        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-06-24 12:58 . 2014-03-06 14:44        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-06-18 02:18 . 2014-07-10 15:36        692736        ----a-w-        c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 15:36        646144        ----a-w-        c:\windows\SysWow64\osk.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-14 751184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job
- c:\users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10 12:56]
.
2014-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job
- c:\users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10 12:56]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25 19:14]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25 19:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-24 11780712]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-24 2189416]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-11  19:08:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-11 17:08
ComboFix2.txt  2014-08-31 16:14
.
Vor Suchlauf: 25 Verzeichnis(se), 327.640.829.952 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 327.337.078.784 Bytes frei
.
- - End Of File - - A2B4F026AC3ABADF9054EFAAEBA4C6F7
A36C5E4F47E84449FF07ED3517B43A31

cosinus 11.09.2014 21:06
Zitat:
C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.v3.0.0.82.incl.crack.torrent
C:\Users\1860\Downloads\Easy Torrent.exe
C:\Users\1860\Downloads\[kickass.to]spyware.terminator.premium.2012.3.0.0.82.crack.torrent
Dir ist nicht klar, dass du illegalen Müll benutzt? Oder wunderst du dich über einem langsamen Rechner aus einem anderen Grund?

alex1860 12.09.2014 14:02
das ist doch gar nich mehr auf meinem rechner drauf... hab das schon ewig deinstalliert.
und jetzt?

combo fix is gemacht.was kann man noch machen

cosinus 12.09.2014 14:03
Zitat:
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
Wenn ich das und anderen Blödsinn seh, gibts halt einfach mal ne Ansage dazu, fertig

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

alex1860 12.09.2014 14:06
usenext und auch kein crack oder keygen oder so. lieg ich da falsch?
das hab ich schon ewig auf rechner an dem liegts nich.

cosinus 12.09.2014 14:10
Und was lädst du dir mit UseNext runter? Diese Plattform ist doch einschlägig bekannt

alex1860 12.09.2014 14:17
mit sicherheit keine filme oder mp3s oder so
ich bin dj da brauch ich sowas nich laden leg mit platten auf ;-)
und filme gugg ich wenn ich gugg im kino
also nix illegales. wenn ich da überhaupt was lade.
hin und wieder ein e book oder so. also freeware.
was könnt ich da noch machen?

cosinus 12.09.2014 14:18
Du hast jetzt also alles illegale runter?
Warum muss man Freeware,die man sonst auch überall bekommt, über UseNext laden?

alex1860 12.09.2014 14:36
hab das damals von nem bekannten bekommen das usenext. sonst hätt ichs wahrscheinlich nich.also ich denk mal is alles weg.

so und nu? was könnt ma da noch machen?

cosinus 12.09.2014 14:41
UseNext deinstalliert?

alex1860 13.09.2014 16:53
ne das is doch noch drauf ansonsten is alles weg.
das brauch ich auch noch für meine frau das usenext.
und die macht sicher nix illegales ;-)

und nu? was machen wir?

achja jetzt noch neues problem meine ganzen ordner wie eigene bilder eigene musik und so haben ein schloss davor. kanns auch nicht ändern den zugriff. was ist da los?
auch dokumente und einstellungen und auch der ordner programme.
hatte ich vor combofix und so nicht

kann mir wer helfen??? versteh gar nix mehr

Zitat:
Zitat von cosinus (Beitrag 1358338)
UseNext deinstalliert?
kannst du mir weiter helfen bitte.

cosinus 13.09.2014 16:54
Die Ordner sind völlig normal so. Werden nur normalerweise unter Windows nicht angezeigt.

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


alex1860 13.09.2014 17:35
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by 1860 on 13.09.2014 at 18:20:09,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.09.2014 at 18:26:16,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
# AdwCleaner v3.310 - Bericht erstellt am 13/09/2014 um 18:15:15
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : 1860 - 1860-PC
# Gestartet von : C:\Users\1860\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\1860\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\1860\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl
Datei Gelöscht : C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
Datei Gelöscht : C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal
Datei Gelöscht : C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v

[ Datei : C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : npnkeeiehehhefofiekoflfedgehcdhl

*************************

AdwCleaner[R0].txt - [37920 octets] - [21/12/2013 16:51:08]
AdwCleaner[R1].txt - [1950 octets] - [02/08/2014 13:45:27]
AdwCleaner[R2].txt - [3557 octets] - [13/09/2014 18:12:07]
AdwCleaner[S0].txt - [31788 octets] - [21/12/2013 17:00:07]
AdwCleaner[S1].txt - [3286 octets] - [13/09/2014 18:15:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3346 octets] ##########

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by 1860 (administrator) on 1860-PC on 13-09-2014 18:31:08
Running from C:\Users\1860\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1495459556-2568946141-1351117670-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1495459556-2568946141-1351117670-1000\...\Run: [GoogleChromeAutoLaunch_643ADABA1D5F8841A8D9FF4E8733D2D0] => C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464 2014-03-02] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\1860\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\1860\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (YouTube) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Adblock Plus) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-29]
CHR Extension: (Google-Suche) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Google Mail) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2011-08-25] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-17] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [76400 2011-01-25] (Atheros Communications, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 18:31 - 2014-09-13 18:31 - 00010857 _____ () C:\Users\1860\Desktop\FRST.txt
2014-09-13 18:26 - 2014-09-13 18:26 - 00000624 _____ () C:\Users\1860\Desktop\JRT.txt
2014-09-13 18:20 - 2014-09-13 18:20 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 18:19 - 2014-09-13 18:19 - 00003438 _____ () C:\Users\1860\Desktop\AdwCleaner[S1].txt
2014-09-13 18:13 - 2014-09-13 18:13 - 00076957 _____ () C:\Users\1860\Desktop\1&1 DSL - Ihre Bestell-Zusammenfassung.htm
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\Users\1860\Desktop\1&1 DSL - Ihre Bestell-Zusammenfassung_files
2014-09-13 18:11 - 2014-09-13 18:08 - 01373475 _____ () C:\Users\1860\Desktop\AdwCleaner_3.310.exe
2014-09-13 18:11 - 2014-09-10 16:06 - 02105856 _____ (Farbar) C:\Users\1860\Desktop\FRST64.exe
2014-09-13 18:10 - 2014-09-13 18:09 - 01016261 _____ (Thisisu) C:\Users\1860\Desktop\JRT.exe
2014-09-13 18:09 - 2014-09-13 18:09 - 01016261 _____ (Thisisu) C:\Users\1860\Downloads\JRT.exe
2014-09-13 18:08 - 2014-09-13 18:08 - 01373475 _____ () C:\Users\1860\Downloads\AdwCleaner_3.310.exe
2014-09-12 18:05 - 2014-09-12 18:05 - 00146183 _____ () C:\Users\1860\Downloads\YouTube-Unblocker-056 (2).crx
2014-09-12 18:04 - 2014-09-12 18:04 - 00146183 _____ () C:\Users\1860\Downloads\YouTube-Unblocker-056 (1).crx
2014-09-11 20:51 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 20:51 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 20:51 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 20:51 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 20:51 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 20:51 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 20:51 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 20:51 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 20:51 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 20:51 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 20:51 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 20:51 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 20:51 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 20:51 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 20:51 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 20:51 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 20:51 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 20:51 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 20:51 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 20:51 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 20:51 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 20:51 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 20:51 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 20:51 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 20:51 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 20:51 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 20:51 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 20:51 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 20:51 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 20:51 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 20:51 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 20:51 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 20:51 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 20:51 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 20:51 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 20:51 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 20:51 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 20:51 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 20:51 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 20:51 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 20:51 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 20:51 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 20:51 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 20:51 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 20:51 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 20:51 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 20:51 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 20:51 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 20:51 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 20:51 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 20:51 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 20:51 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 20:51 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 20:51 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 20:51 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 20:51 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 20:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 20:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 19:08 - 2014-09-11 19:08 - 00014839 _____ () C:\ComboFix.txt
2014-09-11 14:03 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 14:03 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 14:03 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 14:03 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 14:02 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 14:02 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 14:02 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 14:02 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 14:02 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 14:02 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 14:02 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\Users\1860\Downloads\FRST-OlderVersion
2014-09-10 14:57 - 2014-09-10 14:57 - 00000000 ____D () C:\Users\1860\AppData\Roaming\AppSplash
2014-09-09 20:52 - 2014-09-10 17:20 - 00024679 _____ () C:\Users\1860\Downloads\Addition.txt
2014-09-09 20:51 - 2014-09-13 18:31 - 00000000 ____D () C:\FRST
2014-09-09 20:51 - 2014-09-10 17:20 - 00049700 _____ () C:\Users\1860\Downloads\FRST.txt
2014-09-09 20:50 - 2014-09-10 16:06 - 02105856 _____ (Farbar) C:\Users\1860\Downloads\FRST64.exe
2014-09-09 20:34 - 2014-09-09 20:34 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 18:47 - 2014-09-09 18:47 - 00064150 _____ () C:\Users\1860\Downloads\Extras.Txt
2014-09-09 18:46 - 2014-09-09 18:46 - 00123594 _____ () C:\Users\1860\Downloads\OTL.Txt
2014-09-09 18:31 - 2014-09-09 18:31 - 00602112 _____ (OldTimer Tools) C:\Users\1860\Downloads\otl.exe
2014-09-08 19:06 - 2014-09-13 18:17 - 00001834 _____ () C:\Windows\PFRO.log
2014-09-07 07:26 - 2014-09-13 18:17 - 00000560 _____ () C:\Windows\setupact.log
2014-09-07 07:26 - 2014-09-07 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:05 - 2014-09-06 20:05 - 00000655 _____ () C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
2014-09-05 14:54 - 2014-09-05 14:54 - 00031370 _____ () C:\Users\1860\Documents\cc_20140905_145425.reg
2014-09-05 14:31 - 2014-09-05 14:31 - 04901352 _____ (Piriform Ltd) C:\Users\1860\Downloads\ccsetup417.exe
2014-09-05 14:30 - 2014-09-05 14:32 - 00000000 ____D () C:\Users\1860\Desktop\steuer, viren, bileder,bewerbung,30 euro
2014-08-31 18:34 - 2014-08-31 18:34 - 00345156 _____ () C:\Users\1860\Downloads\regsearch.zip
2014-08-31 17:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-31 17:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-31 17:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-31 17:54 - 2014-09-11 19:08 - 00000000 ____D () C:\Qoobox
2014-08-31 17:54 - 2014-08-31 18:12 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 17:49 - 2014-09-11 18:52 - 05576769 ____R (Swearware) C:\Users\1860\Desktop\ComboFix.exe
2014-08-31 17:47 - 2014-08-31 17:47 - 00034169 _____ () C:\Windows\system32\hjtscanlist.txt
2014-08-31 17:40 - 2014-08-31 17:40 - 00002097 _____ () C:\Users\1860\Downloads\hjtscanlist.zip
2014-08-29 22:02 - 2014-08-29 22:02 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
2014-08-29 21:56 - 2014-08-29 21:56 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
2014-08-29 18:36 - 2014-08-29 18:36 - 00000000 ____D () C:\Users\1860\AppData\Roaming\qBittorrent
2014-08-29 18:35 - 2014-08-29 18:35 - 00000000 ____D () C:\Users\1860\.idlerc
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 18:27 - 2014-09-09 14:44 - 00001024 _____ () C:\.rnd
2014-08-29 18:25 - 2014-09-13 18:15 - 00001108 _____ () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-29 18:24 - 2014-09-10 14:57 - 00000000 ____D () C:\Program Files (x86)\OneBrowse
2014-08-29 18:01 - 2014-08-29 18:01 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-29 12:29 - 2014-08-29 12:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (3).exe
2014-08-29 12:29 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (2).exe
2014-08-29 10:45 - 2014-09-10 15:51 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-08-29 10:45 - 2014-08-29 10:44 - 00937232 _____ (Crawler.com ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager [1].exe
2014-08-29 10:44 - 2014-08-29 10:44 - 00816064 _____ ( ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe
2014-08-29 06:37 - 2014-08-29 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-28 06:46 - 2014-08-28 06:46 - 00001785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arCV.lnk
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\arcv
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\arcv
2014-08-28 06:45 - 2014-08-28 06:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-28 06:44 - 2014-08-28 06:44 - 12601114 _____ () C:\Users\1860\Downloads\arcv.exe
2014-08-28 06:38 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 06:38 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 06:38 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:37 - 2014-08-22 13:37 - 00040218 _____ () C:\Users\1860\Downloads\dbox_astra_matze (1).zip
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FlashFXP
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-08-22 13:19 - 2014-08-22 13:19 - 00000055 _____ () C:\Users\1860\Downloads\CCcam.cfg
2014-08-21 13:25 - 2014-08-21 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\elsterformular
2014-08-21 13:25 - 2014-08-21 13:25 - 00000000 ____D () C:\ProgramData\elsterformular
2014-08-21 10:28 - 2014-08-25 10:46 - 00000003 _____ () C:\Users\1860\Documents\bmm.cfg
2014-08-21 10:24 - 2014-08-28 07:31 - 00000000 ____D () C:\Users\1860\Documents\BewerbungsMaster
2014-08-21 10:24 - 2014-08-25 10:46 - 00000000 ____D () C:\ProgramData\BewerbungsMaster
2014-08-21 10:24 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 10:23 - 2014-08-21 10:27 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-08-21 10:23 - 2014-08-21 10:23 - 00335872 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-20 12:18 - 2014-08-20 12:19 - 25000000 _____ () C:\Users\1860\Downloads\Grande Punto eLEARN.part01 (1).rar
2014-08-19 06:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 06:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 06:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 06:26 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 06:26 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 06:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 06:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 06:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 06:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-18 20:44 - 2014-08-18 20:44 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FX Flat
2014-08-18 19:14 - 2014-08-18 19:14 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Users\1860\AppData\Roaming\TeamViewer
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-18 19:13 - 2014-08-18 19:13 - 06304880 _____ (TeamViewer GmbH) C:\Users\1860\Downloads\TeamViewer_Setup_de.exe
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FX Flat
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 18:52 - 2014-08-18 18:53 - 00000000 ____D () C:\Program Files (x86)\Flat Trader
2014-08-18 18:50 - 2014-08-18 18:50 - 00000000 ____D () C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
2014-08-18 18:48 - 2014-08-18 18:49 - 26915558 _____ (FX Flat ) C:\Users\1860\Downloads\Flat Trader Setup.exe
2014-08-16 09:09 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 09:08 - 2014-08-16 09:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 09:08 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 06:36 - 2014-08-16 06:36 - 00000000 ____D () C:\ProgramData\Sun
2014-08-16 06:35 - 2014-08-16 06:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-15 21:43 - 2014-08-15 21:43 - 00918440 _____ (Oracle Corporation) C:\Users\1860\Downloads\chromeinstall-7u67.exe
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00123520 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2014-08-15 19:35 - 2011-03-26 10:37 - 00011776 _____ (MBB Incorporated) C:\Windows\system32\Drivers\massfilter.sys
2014-08-15 19:34 - 2014-08-15 19:36 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
2014-08-15 08:14 - 2014-08-15 08:14 - 01677928 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetup (2).exe
2014-08-15 05:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 05:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 05:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 05:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 05:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 05:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 05:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 05:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 18:31 - 2014-09-13 18:31 - 00010857 _____ () C:\Users\1860\Desktop\FRST.txt
2014-09-13 18:31 - 2014-09-09 20:51 - 00000000 ____D () C:\FRST
2014-09-13 18:26 - 2014-09-13 18:26 - 00000624 _____ () C:\Users\1860\Desktop\JRT.txt
2014-09-13 18:25 - 2014-05-25 21:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-13 18:25 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 18:25 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 18:20 - 2014-09-13 18:20 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 18:19 - 2014-09-13 18:19 - 00003438 _____ () C:\Users\1860\Desktop\AdwCleaner[S1].txt
2014-09-13 18:18 - 2014-05-25 21:14 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-13 18:17 - 2014-09-08 19:06 - 00001834 _____ () C:\Windows\PFRO.log
2014-09-13 18:17 - 2014-09-07 07:26 - 00000560 _____ () C:\Windows\setupact.log
2014-09-13 18:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 18:15 - 2014-08-29 18:25 - 00001108 _____ () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-13 18:15 - 2014-03-06 14:04 - 02048418 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 18:15 - 2013-12-21 16:51 - 00000000 ____D () C:\AdwCleaner
2014-09-13 18:14 - 2014-03-15 06:33 - 00000000 ____D () C:\Users\1860\AppData\Roaming\UseNeXT
2014-09-13 18:14 - 2014-03-06 14:43 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Spotify
2014-09-13 18:13 - 2014-09-13 18:13 - 00076957 _____ () C:\Users\1860\Desktop\1&1 DSL - Ihre Bestell-Zusammenfassung.htm
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\Users\1860\Desktop\1&1 DSL - Ihre Bestell-Zusammenfassung_files
2014-09-13 18:09 - 2014-09-13 18:10 - 01016261 _____ (Thisisu) C:\Users\1860\Desktop\JRT.exe
2014-09-13 18:09 - 2014-09-13 18:09 - 01016261 _____ (Thisisu) C:\Users\1860\Downloads\JRT.exe
2014-09-13 18:08 - 2014-09-13 18:11 - 01373475 _____ () C:\Users\1860\Desktop\AdwCleaner_3.310.exe
2014-09-13 18:08 - 2014-09-13 18:08 - 01373475 _____ () C:\Users\1860\Downloads\AdwCleaner_3.310.exe
2014-09-13 18:00 - 2014-03-15 06:33 - 00000000 ____D () C:\Users\1860\Documents\UseNeXT
2014-09-13 17:45 - 2014-03-10 14:55 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job
2014-09-13 14:01 - 2014-03-10 14:55 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job
2014-09-13 12:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-13 10:44 - 2014-03-06 14:49 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Skype
2014-09-12 18:05 - 2014-09-12 18:05 - 00146183 _____ () C:\Users\1860\Downloads\YouTube-Unblocker-056 (2).crx
2014-09-12 18:04 - 2014-09-12 18:04 - 00146183 _____ () C:\Users\1860\Downloads\YouTube-Unblocker-056 (1).crx
2014-09-12 16:03 - 2014-03-06 14:44 - 00000000 ____D () C:\Users\1860\AppData\Local\Spotify
2014-09-11 20:50 - 2014-03-12 20:13 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 20:50 - 2009-07-14 19:58 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 20:50 - 2009-07-14 19:58 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 20:50 - 2009-07-14 07:13 - 01593564 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 20:47 - 2014-05-12 08:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 19:08 - 2014-09-11 19:08 - 00014839 _____ () C:\ComboFix.txt
2014-09-11 19:08 - 2014-08-31 17:54 - 00000000 ____D () C:\Qoobox
2014-09-11 19:03 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-11 18:52 - 2014-08-31 17:49 - 05576769 ____R (Swearware) C:\Users\1860\Desktop\ComboFix.exe
2014-09-10 17:20 - 2014-09-09 20:52 - 00024679 _____ () C:\Users\1860\Downloads\Addition.txt
2014-09-10 17:20 - 2014-09-09 20:51 - 00049700 _____ () C:\Users\1860\Downloads\FRST.txt
2014-09-10 16:06 - 2014-09-13 18:11 - 02105856 _____ (Farbar) C:\Users\1860\Desktop\FRST64.exe
2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\Users\1860\Downloads\FRST-OlderVersion
2014-09-10 16:06 - 2014-09-09 20:50 - 02105856 _____ (Farbar) C:\Users\1860\Downloads\FRST64.exe
2014-09-10 15:51 - 2014-08-29 10:45 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-09-10 15:16 - 2014-05-11 13:23 - 00000000 ____D () C:\ProgramData\Nokia
2014-09-10 15:16 - 2014-05-11 13:19 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-09-10 15:00 - 2014-03-06 14:23 - 00109896 _____ () C:\Users\1860\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-10 14:59 - 2009-07-14 06:45 - 00431024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 14:57 - 2014-09-10 14:57 - 00000000 ____D () C:\Users\1860\AppData\Roaming\AppSplash
2014-09-10 14:57 - 2014-08-29 18:24 - 00000000 ____D () C:\Program Files (x86)\OneBrowse
2014-09-10 14:57 - 2014-03-31 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 14:48 - 2014-03-17 19:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 14:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-10 14:45 - 2014-03-17 19:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-10 14:45 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-09-10 14:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-10 14:41 - 2009-07-14 04:34 - 00000387 _____ () C:\Windows\win.ini
2014-09-09 20:34 - 2014-09-09 20:34 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 20:34 - 2014-03-06 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 20:34 - 2014-03-06 16:27 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 20:34 - 2014-03-06 15:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 18:47 - 2014-09-09 18:47 - 00064150 _____ () C:\Users\1860\Downloads\Extras.Txt
2014-09-09 18:46 - 2014-09-09 18:46 - 00123594 _____ () C:\Users\1860\Downloads\OTL.Txt
2014-09-09 18:31 - 2014-09-09 18:31 - 00602112 _____ (OldTimer Tools) C:\Users\1860\Downloads\otl.exe
2014-09-09 14:44 - 2014-08-29 18:27 - 00001024 _____ () C:\.rnd
2014-09-07 07:26 - 2014-09-07 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:05 - 2014-09-06 20:05 - 00000655 _____ () C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
2014-09-05 14:54 - 2014-09-05 14:54 - 00031370 _____ () C:\Users\1860\Documents\cc_20140905_145425.reg
2014-09-05 14:32 - 2014-09-05 14:30 - 00000000 ____D () C:\Users\1860\Desktop\steuer, viren, bileder,bewerbung,30 euro
2014-09-05 14:31 - 2014-09-05 14:31 - 04901352 _____ (Piriform Ltd) C:\Users\1860\Downloads\ccsetup417.exe
2014-09-05 14:31 - 2014-08-03 15:42 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-05 14:31 - 2014-08-03 15:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-05 04:10 - 2014-09-11 14:02 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 14:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-31 20:40 - 2014-03-18 16:08 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-31 18:34 - 2014-08-31 18:34 - 00345156 _____ () C:\Users\1860\Downloads\regsearch.zip
2014-08-31 18:14 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-31 18:12 - 2014-08-31 17:54 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 17:47 - 2014-08-31 17:47 - 00034169 _____ () C:\Windows\system32\hjtscanlist.txt
2014-08-31 17:40 - 2014-08-31 17:40 - 00002097 _____ () C:\Users\1860\Downloads\hjtscanlist.zip
2014-08-29 22:02 - 2014-08-29 22:02 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
2014-08-29 21:56 - 2014-08-29 21:56 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
2014-08-29 18:36 - 2014-08-29 18:36 - 00000000 ____D () C:\Users\1860\AppData\Roaming\qBittorrent
2014-08-29 18:35 - 2014-08-29 18:35 - 00000000 ____D () C:\Users\1860\.idlerc
2014-08-29 18:35 - 2014-03-06 14:15 - 00000000 ____D () C:\Users\1860
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 18:01 - 2014-08-29 18:01 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-29 12:30 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (3).exe
2014-08-29 12:30 - 2014-07-06 13:02 - 00011928 _____ () C:\Users\1860\Downloads\hijackthis.log
2014-08-29 12:29 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (2).exe
2014-08-29 10:44 - 2014-08-29 10:45 - 00937232 _____ (Crawler.com ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager [1].exe
2014-08-29 10:44 - 2014-08-29 10:44 - 00816064 _____ ( ) C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe
2014-08-29 06:38 - 2014-08-29 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-29 06:38 - 2014-07-30 18:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 06:37 - 2014-07-30 18:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-28 07:31 - 2014-08-21 10:24 - 00000000 ____D () C:\Users\1860\Documents\BewerbungsMaster
2014-08-28 06:49 - 2014-03-06 14:15 - 00000000 ____D () C:\Users\1860\AppData\Local\VirtualStore
2014-08-28 06:47 - 2014-05-08 12:09 - 00000000 ____D () C:\Users\1860\Desktop\bilder auto
2014-08-28 06:46 - 2014-08-28 06:46 - 00001785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arCV.lnk
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\arcv
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\arcv
2014-08-28 06:45 - 2014-08-28 06:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-28 06:44 - 2014-08-28 06:44 - 12601114 _____ () C:\Users\1860\Downloads\arcv.exe
2014-08-25 10:46 - 2014-08-21 10:28 - 00000003 _____ () C:\Users\1860\Documents\bmm.cfg
2014-08-25 10:46 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\BewerbungsMaster
2014-08-23 04:07 - 2014-08-28 06:38 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 06:38 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 06:38 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:37 - 2014-08-22 13:37 - 00040218 _____ () C:\Users\1860\Downloads\dbox_astra_matze (1).zip
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FlashFXP
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-08-22 13:19 - 2014-08-22 13:19 - 00000055 _____ () C:\Users\1860\Downloads\CCcam.cfg
2014-08-21 13:26 - 2014-08-21 13:25 - 00000000 ____D () C:\Users\1860\AppData\Roaming\elsterformular
2014-08-21 13:25 - 2014-08-21 13:25 - 00000000 ____D () C:\ProgramData\elsterformular
2014-08-21 10:27 - 2014-08-21 10:23 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-08-21 10:24 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 10:23 - 2014-08-21 10:23 - 00335872 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 05:06 - 2014-03-17 18:11 - 00000000 ____D () C:\Users\1860\AppData\Roaming\DAEMON Tools Lite
2014-08-20 12:21 - 2014-05-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLearn
2014-08-20 12:21 - 2014-05-01 18:52 - 00000000 ____D () C:\eLearn
2014-08-20 12:19 - 2014-08-20 12:18 - 25000000 _____ () C:\Users\1860\Downloads\Grande Punto eLEARN.part01 (1).rar
2014-08-19 20:05 - 2014-09-11 20:51 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 20:51 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-11 20:51 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 20:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 20:51 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 20:51 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 20:51 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 20:51 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 20:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 20:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 20:51 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 20:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 20:51 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 20:51 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 20:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 20:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 20:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 20:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 20:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 20:51 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 20:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 20:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 20:51 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 20:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 20:51 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 20:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 20:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 20:51 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 20:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 20:51 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 20:51 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 20:51 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 20:51 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 20:51 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 20:51 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 20:51 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 20:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 20:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 20:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 20:51 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 20:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 20:51 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 20:51 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 20:51 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 20:51 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 20:51 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 20:51 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 20:51 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 20:51 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 20:51 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 20:44 - 2014-08-18 20:44 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FX Flat
2014-08-18 19:14 - 2014-08-18 19:14 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Users\1860\AppData\Roaming\TeamViewer
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-18 19:13 - 2014-08-18 19:13 - 06304880 _____ (TeamViewer GmbH) C:\Users\1860\Downloads\TeamViewer_Setup_de.exe
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FX Flat
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 18:53 - 2014-08-18 18:52 - 00000000 ____D () C:\Program Files (x86)\Flat Trader
2014-08-18 18:50 - 2014-08-18 18:50 - 00000000 ____D () C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
2014-08-18 18:49 - 2014-08-18 18:48 - 26915558 _____ (FX Flat ) C:\Users\1860\Downloads\Flat Trader Setup.exe
2014-08-17 05:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-16 09:09 - 2014-08-16 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 09:09 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 09:08 - 2014-08-16 09:08 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 06:36 - 2014-08-16 06:36 - 00000000 ____D () C:\ProgramData\Sun
2014-08-16 06:34 - 2014-08-16 06:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-16 06:34 - 2014-08-16 06:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-16 06:34 - 2014-08-16 06:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-15 21:43 - 2014-08-15 21:43 - 00918440 _____ (Oracle Corporation) C:\Users\1860\Downloads\chromeinstall-7u67.exe
2014-08-15 19:36 - 2014-08-15 19:34 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
2014-08-15 19:34 - 2014-03-15 10:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-15 08:14 - 2014-08-15 08:14 - 01677928 _____ (Skype Technologies S.A.) C:\Users\1860\Downloads\SkypeSetup (2).exe
2014-08-15 05:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\1860\AppData\Local\Temp\avgnt.exe
C:\Users\1860\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 19:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by 1860 at 2014-09-13 18:34:14
Running from C:\Users\1860\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
arCV (HKLM-x32\...\{ACC1683B-5AB9-429A-88C2-D575424009D0}) (Version: 4.3.3 - Arne Reuter)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CopyTrans Control Center deinstallieren (HKCU\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.0816 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.0816 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
eLearn CDROM 1.0 (HKLM-x32\...\eLearn 1.2.1_is1) (Version:  - FIAT Auto S.p.A.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Flat Trader (HKCU\...\InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}) (Version: 2.38.56.7.2.1 - FX Flat)
Flat Trader (x32 Version: 2.38.56.7.2.1 - FX Flat) Hidden
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6321 - Realtek Semiconductor Corp.)
SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode Version 3.1.8.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.8.8 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-08-2014 04:45:27 arCV wird installiert
29-08-2014 16:31:57 Installed Python 2.7.2
31-08-2014 15:57:27 ComboFix created restore point
03-09-2014 12:24:13 Windows Update
10-09-2014 12:37:53 Removed Microsoft Office Professional Plus 2013
10-09-2014 12:38:42 PROPLUSR
10-09-2014 13:04:55 Nokia Connectivity Cable Driver wird entfernt
10-09-2014 13:46:34 Removed Python 2.7.2
10-09-2014 15:03:03 Removed Bonjour
11-09-2014 18:46:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-11 19:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FA62DF7-79A8-4232-9582-F1718B017E20} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15B696BE-385F-45D0-81E0-F1B0ADEDC9AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {208AA79F-9418-4C41-BF4E-687CE6F0BEF9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: {64BDF030-3E0D-4454-8A97-14E4F61D526A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6FAEB5A2-5CEE-43D7-8950-05A6AC803870} - System32\Tasks\{7D477009-58F9-4698-B334-40CE5E979124} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.106&amp;LastError=12007
Task: {77D07EF3-F7DB-4204-9EEF-D471241CD5C4} - \AutoKMS No Task File <==== ATTENTION
Task: {C5352DB3-4A18-4108-80C6-540773412094} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {C58DCE38-CD62-4901-9381-A142415BFC59} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-18 16:08 - 2009-08-13 13:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2014-08-15 19:34 - 2011-08-25 10:50 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2013-10-31 11:24 - 2013-10-31 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-12 11:41 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\1860\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: ST2012_Svc => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: Facebook Update => "C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleChromeAutoLaunch_643ADABA1D5F8841A8D9FF4E8733D2D0 => "C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\1860\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\1860\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-11 19:01:04.629
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-11 19:01:04.524
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-11 19:01:04.419
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-11 19:01:04.314
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.313
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.208
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.099
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:59:39.599
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:59:39.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 26%
Total physical RAM: 4003 MB
Available physical RAM: 2939.02 MB
Total Pagefile: 8004.19 MB
Available Pagefile: 6678.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:657.53 GB) (Free:301.88 GB) NTFS
Drive d: (Recover) (Fixed) (Total:38 GB) (Free:16.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E47B19CB)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=657.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

cosinus 13.09.2014 19:14
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {77D07EF3-F7DB-4204-9EEF-D471241CD5C4} - \AutoKMS No Task File <==== ATTENTION
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


alex1860 13.09.2014 19:32
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by 1860 at 2014-09-13 20:26:00 Run:1
Running from C:\Users\1860\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {77D07EF3-F7DB-4204-9EEF-D471241CD5C4} - \AutoKMS No Task File <==== ATTENTION
EmptyTemp:
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{77D07EF3-F7DB-4204-9EEF-D471241CD5C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77D07EF3-F7DB-4204-9EEF-D471241CD5C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
EmptyTemp: => Removed 500.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
und was is das was der da gefixt hat?

cosinus 13.09.2014 23:01
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


alex1860 14.09.2014 19:53
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6d9da7145eeca1439bf5dea893ca4e71
# engine=20148
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-14 06:45:55
# local_time=2014-09-14 08:45:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 97163 17399091 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 16004702 162350205 0 0
# scanned=423896
# found=138
# cleaned=0
# scan_time=15053
sh=CF9209557CC4828F1A8536F5AF66358A81393A75 ft=1 fh=b354853738a44732 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicApp.dll.vir"
sh=277966AAC8DD994109B77162DB82849EF1FC8D62 ft=1 fh=f7e7b232febc88cd vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicEng.dll.vir"
sh=431CA401E93A36C4FB726D12B16B4CC058A2C770 ft=1 fh=7cd1c9f2502352b3 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonicsrv.exe.vir"
sh=09AD2A1BCD218E1EA91FC53F55CB6A61770E1144 ft=1 fh=0234086e10d7e544 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll.vir"
sh=54002848ADA82AC181EAC551104FA02E8CBE4585 ft=1 fh=bfddd9982b578fa9 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\uninstall.exe.vir"
sh=54CBEECF2F4AB81622D6708E8A849E3663853F4D ft=1 fh=a481e6d08e557a48 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll.vir"
sh=23B3E5F508EB6FC76D67A873A5AAC2D34C3CE5E1 ft=1 fh=b86fe1495473b541 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgcommon.dll.vir"
sh=7DB65607A18C67C0C8C0310E0FF23A202AB3F070 ft=1 fh=9f565fd3b0ad3b83 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll.vir"
sh=3176C30E3A30990C42C968951B6BB2ADFD0B1C00 ft=1 fh=12a0591694d39321 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll.vir"
sh=08647AB20AED7B8385931FDF5B4A48165131A061 ft=1 fh=b4c21070436958b0 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll.vir"
sh=C6A9FB024D614702667E0768E0B673BA3A31F504 ft=1 fh=aa62bac49704426f vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe.vir"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll.vir"
sh=D09F832544B921CD7C61A7DB193F29EF6638AD88 ft=1 fh=58a116a27a6d5dbb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir"
sh=C6E3F8034D197C34D61701AC146694B6DBEC36CD ft=1 fh=7f9fa2fc68c7b7f4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll.vir"
sh=FC883B83DA2A9ED93AC2A4CEC9936268A6B264C2 ft=1 fh=80a06d85550fdea2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgArchive.dll.vir"
sh=F3001B5F58A6C6AB8DD7E6E63CB89D20F74EF228 ft=1 fh=f50ea5fcbc656251 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommon.dll.vir"
sh=2CF3C9FBCBEBAA6D75DE43CCC487D62954538F81 ft=1 fh=446d6a4df1e456fa vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll.vir"
sh=60FCD298549E0383DFACBE66420DC922D6BAAF84 ft=1 fh=73f28a50980afe65 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgconfig.dll.vir"
sh=531A5D492B39076AA7990DD76F41B762258B86A7 ft=1 fh=a45064434f491236 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll.vir"
sh=AE57E26160449200540B1FD8E839F1BD5A30327A ft=1 fh=c29c62a52f555ace vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mghooking.dll.vir"
sh=B6E78443D25AF8B978DC24D515DF7B2F673629CC ft=1 fh=ece232c764d65d89 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll.vir"
sh=42B14A7D72C6EDAF5140A2C7B95149B92473853C ft=1 fh=6f2c94e91302d1a2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir"
sh=B28C9BCA89A124EBD2EAAF5073370E7E0E87DB4E ft=1 fh=c56c5ff3b0e7703d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mglogger.dll.vir"
sh=87FF2D9A36B50B5A7DF4D08F87B92BEA86D7DAB7 ft=1 fh=71dc135578fffed6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll.vir"
sh=C86CF9524D11A2392A491EA15ED12D2CA890F249 ft=1 fh=ae21d71fff630a17 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll.vir"
sh=055E7A147AB9DCB141FDF58A0D3CCD825AE8B361 ft=1 fh=ac8cec2f7886b930 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir"
sh=73987118D6F1799B0B29DB00BF7248B20347BB46 ft=1 fh=d25a2527398bc729 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll.vir"
sh=C786E62AB09C10B6277F3E9CFC34207FE56E1FFA ft=1 fh=6c27d70c5686a2b1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll.vir"
sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll.vir"
sh=093FB06E67DB8C5562A823E389853340405B8724 ft=1 fh=1b5e6676818f2ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll.vir"
sh=A679EB39BB32DD88C09E150B0E5F7BAED12467A6 ft=1 fh=0ba701bbd4ac4b73 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll.vir"
sh=9B45902B8B791A84EC6F7D1AD2E8099410D1A467 ft=1 fh=3191d44e293b78d5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir"
sh=AE3254BDF03A347110068EF29CB15C7B554491F0 ft=1 fh=30381f993c8268c2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\SweetIM.exe.vir"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir"
sh=106F591B2BD500597B72796DE6CF1882C4F19F0A ft=1 fh=4ffdf32f906db695 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir"
sh=A50D4E8729EC3B275F6AFD9EE573E2A28546F01D ft=1 fh=b0987145db4c1583 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir"
sh=851CA33721CF5E710133B4D36EAF921ACEB4CD50 ft=1 fh=15365fabb2edd5be vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir"
sh=8B5C441500E865FC80A55583FC68036FAF7DAD06 ft=1 fh=c81a85374d8cfdb7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir"
sh=95581618E0DAA5F92543B429C7EB383C6D63B3AE ft=1 fh=0132ebbe85145cfb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir"
sh=41C2EC5BB47E9A40E309ABAA048BA1F742E43574 ft=1 fh=f7ee8c0d578659e0 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir"
sh=E32CD33BD92D0676F8F81103174AF5E4E9E3F38E ft=1 fh=0e4e3ab2b3f109e4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir"
sh=F5348CC7962B088ACCCD2F67138D43FB88DF67F2 ft=1 fh=5a321158315b5fe9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir"
sh=26B6B3788EF0A2A83A43DFE5E13F51B3E491A6F4 ft=1 fh=073310618d11024b vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir"
sh=10B68A9C897C5854EA80624B01EE8BECF7017F01 ft=1 fh=6858221c6d206eb6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir"
sh=B0C53EBE6A8C5B9B987F00F739D032767B291118 ft=1 fh=a07a814e5747bf62 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=E1C99225C4C16710DE3AF3D52300E1E943F7C84F ft=1 fh=f891ef12b7700e02 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SweetIM\Messenger\update\sweetimsetup.exe.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\1860\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=7664F6A327E5201011200E703489577A0971AB77 ft=1 fh=c71c0011451c6a93 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\1860\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\1860\AppData\Roaming\OpenCandy\A64EDC1D523D4528ADC4579F306A95A9\DeltaTB.exe.vir"
sh=8212984C1074E7019F8354A7D045356BE2122078 ft=1 fh=9a63cf42eeb31194 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\1860\AppData\Roaming\OpenCandy\A64EDC1D523D4528ADC4579F306A95A9\OCBrowserHelper_1.0.6.124.exe.vir"
sh=2B9306B52BB9FDDE632ABBEDC2F539A3A25BBE71 ft=1 fh=0762efd511f24141 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\1860\AppData\Roaming\OpenCandy\E0F1B444D1994717A56263A49E5875B7\Installer.exe.vir"
sh=3F1E3FEADF5EC6EE628449CBC22C5D985386C18F ft=1 fh=e743fc859d55bcb1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=CEED0957FDD0D0074873A8E6E6FFBED624EF688D ft=1 fh=d570debd54c02644 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\1860\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=E60C2DEE02DBBF2BA0919662CB6202EEA7853F84 ft=1 fh=0d8ae3cde2ce9365 vn="Variante von Win32/HiddenStart.B potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\1860\Desktop\bilder auto\........exe"
sh=79CEDF531C38CB51FDC9745BBCB60DC320AB8C57 ft=1 fh=a8f8923b5c4cdd39 vn="Variante von MSIL/HackTool.IdleKMS.A potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\1860\Desktop\bilder von schranz musik und house (1).AutoReactivation\KMSnano_setup.exe"
sh=BA374E40CDC43934935EFA55D090DA8C226AF889 ft=0 fh=0000000000000000 vn="Variante von Win32/HiddenStart.B potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\1860\Documents\UseNeXT\wizard\Microsoft Office Professional Plus (2013) Deutsch\Microsoft Office Pro Plus 2013-32 Bit\OFFICE15.iso"
sh=8EE90EA59C9DF059F8293CDB8B4BE74DFA02194C ft=0 fh=0000000000000000 vn="Variante von Win32/HiddenStart.B potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\1860\Documents\UseNeXT\wizard\Microsoft Office Professional Plus (2013) Deutsch\Microsoft Office Pro Plus 2013-64 Bit\OFFICE15.iso"
sh=D5F919B3EED3A6086802D857295A768FCBB09DEB ft=1 fh=b9137e29718c7836 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\1860\Documents\UseNeXT\wizard\Spyware Terminator Premium v3 + Patch + Anleitung\patch\magixprodukte-.universalpatch-neu.exe"
sh=8D50220DBE86508B071ED74929D0DD603968EC13 ft=1 fh=a146d0e40a207bb5 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\1860\Documents\UseNeXT\wizard\Spyware Terminator Premium v3 + Patch + Anleitung\patch\spyware.terminator.premium.2012.v3.0.0.54-patch.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\1860\Downloads\ccsetup416.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\1860\Downloads\ccsetup417.exe"
sh=AF76E8B4D4AC7CF95254244B580D55F69516CEA0 ft=0 fh=0000000000000000 vn="Variante von MSIL/HackTool.IdleKMS.A potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\1860\Downloads\KMSnano.v22.AutoReactivation.rar"
sh=3D67221BA1E0256AC027381CA21670BE26A82D35 ft=1 fh=7dcb11e992afefa4 vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe"
sh=CEED0957FDD0D0074873A8E6E6FFBED624EF688D ft=1 fh=d570debd54c02644 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=E60C2DEE02DBBF2BA0919662CB6202EEA7853F84 ft=1 fh=0d8ae3cde2ce9365 vn="Variante von Win32/HiddenStart.B potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\Desktop\bilder auto\........exe"
sh=79CEDF531C38CB51FDC9745BBCB60DC320AB8C57 ft=1 fh=a8f8923b5c4cdd39 vn="Variante von MSIL/HackTool.IdleKMS.A potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\Desktop\bilder von schranz musik und house (1).AutoReactivation\KMSnano_setup.exe"
sh=BA374E40CDC43934935EFA55D090DA8C226AF889 ft=0 fh=0000000000000000 vn="Variante von Win32/HiddenStart.B potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\Documents\UseNeXT\wizard\Microsoft Office Professional Plus (2013) Deutsch\Microsoft Office Pro Plus 2013-32 Bit\OFFICE15.iso"
sh=8EE90EA59C9DF059F8293CDB8B4BE74DFA02194C ft=0 fh=0000000000000000 vn="Variante von Win32/HiddenStart.B potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\Documents\UseNeXT\wizard\Microsoft Office Professional Plus (2013) Deutsch\Microsoft Office Pro Plus 2013-64 Bit\OFFICE15.iso"
sh=D5F919B3EED3A6086802D857295A768FCBB09DEB ft=1 fh=b9137e29718c7836 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\Documents\UseNeXT\wizard\Spyware Terminator Premium v3 + Patch + Anleitung\patch\magixprodukte-.universalpatch-neu.exe"
sh=8D50220DBE86508B071ED74929D0DD603968EC13 ft=1 fh=a146d0e40a207bb5 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\Documents\UseNeXT\wizard\Spyware Terminator Premium v3 + Patch + Anleitung\patch\spyware.terminator.premium.2012.v3.0.0.54-patch.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\Downloads\ccsetup416.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\Downloads\ccsetup417.exe"
sh=AF76E8B4D4AC7CF95254244B580D55F69516CEA0 ft=0 fh=0000000000000000 vn="Variante von MSIL/HackTool.IdleKMS.A potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\Downloads\KMSnano.v22.AutoReactivation.rar"
sh=3D67221BA1E0256AC027381CA21670BE26A82D35 ft=1 fh=7dcb11e992afefa4 vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe"
sh=B9A96D9AE94C4B42CA5499933F6DF218B3903768 ft=1 fh=966b3592656dc188 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=CEED0957FDD0D0074873A8E6E6FFBED624EF688D ft=1 fh=d570debd54c02644 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=E60C2DEE02DBBF2BA0919662CB6202EEA7853F84 ft=1 fh=0d8ae3cde2ce9365 vn="Variante von Win32/HiddenStart.B potenziell unsichere Anwendung" ac=I fn="C:\Users\1860\Desktop\bilder auto\........exe"
sh=79CEDF531C38CB51FDC9745BBCB60DC320AB8C57 ft=1 fh=a8f8923b5c4cdd39 vn="Variante von MSIL/HackTool.IdleKMS.A potenziell unsichere Anwendung" ac=I fn="C:\Users\1860\Desktop\bilder von schranz musik und house (1).AutoReactivation\KMSnano_setup.exe"
sh=BA374E40CDC43934935EFA55D090DA8C226AF889 ft=0 fh=0000000000000000 vn="Variante von Win32/HiddenStart.B potenziell unsichere Anwendung" ac=I fn="C:\Users\1860\Documents\UseNeXT\wizard\Microsoft Office Professional Plus (2013) Deutsch\Microsoft Office Pro Plus 2013-32 Bit\OFFICE15.iso"
sh=8EE90EA59C9DF059F8293CDB8B4BE74DFA02194C ft=0 fh=0000000000000000 vn="Variante von Win32/HiddenStart.B potenziell unsichere Anwendung" ac=I fn="C:\Users\1860\Documents\UseNeXT\wizard\Microsoft Office Professional Plus (2013) Deutsch\Microsoft Office Pro Plus 2013-64 Bit\OFFICE15.iso"
sh=D5F919B3EED3A6086802D857295A768FCBB09DEB ft=1 fh=b9137e29718c7836 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung" ac=I fn="C:\Users\1860\Documents\UseNeXT\wizard\Spyware Terminator Premium v3 + Patch + Anleitung\patch\magixprodukte-.universalpatch-neu.exe"
sh=8D50220DBE86508B071ED74929D0DD603968EC13 ft=1 fh=a146d0e40a207bb5 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung" ac=I fn="C:\Users\1860\Documents\UseNeXT\wizard\Spyware Terminator Premium v3 + Patch + Anleitung\patch\spyware.terminator.premium.2012.v3.0.0.54-patch.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\1860\Downloads\ccsetup416.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\1860\Downloads\ccsetup417.exe"
sh=AF76E8B4D4AC7CF95254244B580D55F69516CEA0 ft=0 fh=0000000000000000 vn="Variante von MSIL/HackTool.IdleKMS.A potenziell unsichere Anwendung" ac=I fn="C:\Users\1860\Downloads\KMSnano.v22.AutoReactivation.rar"
sh=3D67221BA1E0256AC027381CA21670BE26A82D35 ft=1 fh=7dcb11e992afefa4 vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe"
sh=14356CE568A01E3D939F30262016464E82F2599F ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\1aead6.msi"
sh=741518CA17409E0C108EA202464829E6C664ED1E ft=1 fh=52477f93f91d8732 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\Uninstaller\Uninstall.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=9923CDFE31FD9FDBB792557EEEADDA0B44877176 ft=1 fh=45549d446f3b5ace vn="Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe"
sh=CA3F51EC1897756636232998193325B830F22F26 ft=1 fh=3702c3e3af3ccb17 vn="Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat"
sh=DF974D788925D1A59859053A6B924ECF27AAC441 ft=1 fh=c446308f12e23ff8 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\ChromePasswordDecryptor\ChromePasswordDecryptor.exe"
sh=F674CADA247DF575B965E1E6BC00B3FB0F02971A ft=1 fh=c71c0011b6fa5efb vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\AsteriskPasswordSpy.exe"
sh=F014944F3161792470F7DFD496FEF92FBD38D064 ft=1 fh=a8334ff36438eb62 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\FacebookPasswordDecryptor.exe"
sh=C6176BA1393C72ED5244B45D96578AC9D456D225 ft=1 fh=989a331c0c1eec01 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\FireMasterCracker.exe"
sh=F06D14743ABF6521A3CEB244BA1D337BDCBDFA74 ft=0 fh=0000000000000000 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\FireMasterLinux.zip"
sh=3358ED9B25F6060738C311628DA9E86FC33D51F5 ft=1 fh=c71c0011948874a5 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\FtpPasswordDecryptor.exe"
sh=F7DD9F48CBFE50D19FC40B0D518A0FCB999B1859 ft=1 fh=c71c00114d4aee95 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\FTPPasswordSniffer.exe"
sh=57A5956CC7674F8AF099B8C0DEFF043E5D0F54B9 ft=1 fh=e24841ee28c3c37d vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\GooglePasswordDecryptor.exe"
sh=9F11E47EA4AFA9A0898C9213E8C331FAE6219579 ft=1 fh=6a1859889ef3bb9f vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\HashKracker.exe"
sh=215612E2D99A379F9D211AB04EC827EBEE17EEF7 ft=1 fh=c71c0011b6185930 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\IDMPasswordDecryptor.exe"
sh=F2833CB15EBAAB835FC7772E9B1DA463CAE3270F ft=1 fh=48eb964755c6e32c vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\InstantPDFPasswordRemover.exe"
sh=FBC93D0390115D3033431B0504A954D8CE2AF294 ft=1 fh=c71c001151d52eef vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\MailPasswordDecryptor.exe"
sh=0A5AFCBB047B80AA2430DDFCED45A58825907431 ft=1 fh=c71c001170d8a0a8 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\MessengerPasswordDecryptor.exe"
sh=F2EAD6F2149822C67B3E67C2F8A48995F20560B4 ft=1 fh=c71c00116087761f vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\MyspacePasswordDecryptor.exe"
sh=CB8A61570E652E613B945E91D0953BAC1A42F77C ft=1 fh=3b8f7a315dadb12a vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\MysqlPasswordAuditor.exe"
sh=EEE6CE0B47B839202AD23AC813F64116CDFC0589 ft=1 fh=c71c001132a61fa4 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\NetworkPasswordDecryptor.exe"
sh=1D20B435C889190D5F9E49A052E161D451EF338B ft=1 fh=4a326cf05da73e64 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\OraclePasswordAuditor.exe"
sh=E74F8B1802973C547CC79DD560A2E2A6012AF55D ft=1 fh=c71c0011bc83326e vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\OrbitPasswordDecryptor.exe"
sh=9234321EF03D70604342796107E54D1B518BAA9A ft=1 fh=0215841fc723f120 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\TwitterPasswordDecryptor.exe"
sh=D31A2E152D2FA1938F6B4B0ACCDCDEE48AB6ABDD ft=1 fh=e79d3ab14a3a5202 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\WindowsPasswordKracker.exe"
sh=5FC53CB9251B7CF17B673650C84138A2C2922402 ft=1 fh=c71c001179c6aabf vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SecurityXploded\SXPasswordSuite\YahooPasswordDecryptor.exe"
sh=E492582D44A4A0072FE272F035FB33516B523EE9 ft=1 fh=9ae7f7a1028ed936 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\Ad-Aware96Install.exe"
sh=EA91A7B4AB2DE640BBDAE944E5F91E6C479DCDDF ft=1 fh=9996c0ea4bfd5a76 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\avira_free_antivirus_de.exe"
sh=1FE22A525738360E62E16044F0D834741DA6609B ft=1 fh=2aa78ce5db66bd8e vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\camfrog (1).exe"
sh=1FE22A525738360E62E16044F0D834741DA6609B ft=1 fh=2aa78ce5db66bd8e vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\camfrog.exe"
sh=432E95C9B13671B563FDDECA6C408A763B4020F8 ft=1 fh=5a87b2eed39a59c6 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\ccsetup321.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\ccsetup410.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\ccsetup411.exe"
sh=31763DDD43CF771948C98B9ECD7F90AEB1EA19ED ft=1 fh=61bd808f4c13ed5d vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\cdbxp_setup_4.4.0.2971.exe"
sh=021965194A9F7FA30B2DD233B965B2C6795EFFC9 ft=1 fh=beafefbc344b5b29 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\disk-defrag-setup.exe"
sh=6ED0FA351F39B487C42F8BB4192EC7E8476BE1B2 ft=1 fh=cc07ac4d2421c28c vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\freeripmp3-setup.exe"
sh=5F4E50CCFB7EFBA30C0A3E5B32BBB6E0C373796E ft=1 fh=16f75965f975083e vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\FreeStudio.exe"
sh=3213088B0D3CA83E072A3632B5EBC023D0A3876A ft=1 fh=f96fa529a875a35b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\FreeYouTubeToMP3Converter (1).exe"
sh=846D95D63EDE9508EFC7CEEE1D145D7CE62988C3 ft=1 fh=ec23a4ae3310ce50 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\FreeYouTubetoMP3Converter.exe"
sh=250AD920C538EBAC63102E368FB642EE33AD0593 ft=1 fh=8e020e8f8829bf65 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\FreeYouTubeToMP3Converter_3.11.17.exe"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\MyPhoneExplorer_1.8.5.exe"
sh=5C1A1E0532A7E3B6D81BBCFA250E117FA380C533 ft=0 fh=0000000000000000 vn="Variante von Win32/SecurityXploded.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\Nicht bestätigt 775259.crdownload"
sh=7F3EF6221EDE49B7C8AFE6408236F3CD78154403 ft=1 fh=acc04c2ebcebd4bb vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\1860\Downloads\Wireless-Booster-Setup.exe"
sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
sh=04F4A8D7EFFD5F6F86824BBCD47C78195F54C262 ft=1 fh=0575a9179a032b84 vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\distro-abb-fix[1]"
sh=63981687FFC14608CDAE65C7EFEA1B24ACAF1DF4 ft=1 fh=c82ffca9f6717ccb vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\distro-search-protect-fix-3[1]"
sh=E4333469F3070D049E4FDA053756B96B9F59569B ft=1 fh=5e9b3d881266bb41 vn="Win32/Distromatic evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\distro-search-protect-fix-2[1]"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ApnIC[1].0"
sh=DB3C9B66B016BBEA367C20CDAE0F93F48BE2213A ft=1 fh=2148cccdef468b30 vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\distro-abb-fix[1]"
sh=63981687FFC14608CDAE65C7EFEA1B24ACAF1DF4 ft=1 fh=c82ffca9f6717ccb vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\distro-search-protect-fix-3[1]"
sh=E4333469F3070D049E4FDA053756B96B9F59569B ft=1 fh=5e9b3d881266bb41 vn="Win32/Distromatic evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\distro-search-protect-fix-2[1]"
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 14.09.2014
Suchlauf-Zeit: 10:23:11
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.14.03
Rootkit Datenbank: v2014.09.13.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: 1860

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 313209
Verstrichene Zeit: 21 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1898B668-CCF5-429F-A86F-9837E5439D77}, In Quarantäne, [a6e5c12cdd9ea0964f8196683dc59769],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
achja bei dem onlinescanner hab ich jetzt nix gelöscht oder so

cosinus 14.09.2014 22:18
Zitat:
C:\Users\1860\Documents\UseNeXT\wizard\Microsoft Office Professional Plus (2013) Deutsch\Microsoft Office Pro Plus 2013-32 Bit\OFFICE15.iso"
C:\Users\1860\Documents\UseNeXT\wizard\Microsoft Office Professional Plus (2013) Deutsch\Microsoft Office Pro Plus 2013-64 Bit\OFFICE15.iso"
C:\Users\1860\Documents\UseNeXT\wizard\Spyware Terminator Premium v3 + Patch + Anleitung\patch\magixprodukte-.universalpatch-neu.exe"
C:\Users\1860\Documents\UseNeXT\wizard\Spyware Terminator Premium v3 + Patch + Anleitung\patch\spyware.terminator.premium.2012.v3.0.0.54-patch.exe"
C:\Users\1860\Downloads\KMSnano.v22.AutoReactivation.rar
Aha. Soviel also zum Thema du hättest alles Illegale gelöscht und UseNext wird ja nur für Freeware und von deiner Frau genutzt.

alex1860 15.09.2014 06:12
ich hab doch erwähnt das ich es von nem bekannten hab.ich hab da kein spyware terminator gehabt. das office hab ich deinstalliert. was soll ich da jetzt löschen oder so und mit dem online Scanner was da löschen. ?

cosinus 15.09.2014 09:15
Ich fühl mich langsam ein wenig veräppelt.

Erst hast du es von einem Bekannten das UseNext, dann soll das Zeug nur von deiner Frau sein. Es sieht aber ganz offensichtlich so aus, als hättest du Office und Spyware Terminator gecrackt darüber runtergeladen und installiert. Ok, Office ist deinstalliert, aber warum hast du dich geweigert UseNext zu deinstallieren und warum lässt du das gecrackte Spyware Terminator drauf?

Meine Hinweise waren doch eindeutig, Supportstop bis alles Illegale entfernt ist.

alex1860 16.09.2014 05:45
hallo
ich hab niemals den terminator geladen geschweige installiert.mein bekannter hat ja zugriff auf mein lappi.und somit auf usenext.aber in zukunft nicht mehr da psswort reinkommt.und frau mich sowas nicht.
sonst hät ich ja gelöscht.
das office hab ich deinstalliert.
nur die setup nicht gelöscht.
aber ich sag mal so was soll ich da löschen mit dem eset?
der hat einiges gefunden.
soll ich das löschen lassen?nochmal suchlauf oder wie?

cosinus 16.09.2014 09:34
Zitat:
ich hab niemals den terminator geladen geschweige installiert
Du vllt nicht, aber der Mist ist auf diesem System nunmal installiert.

Zitat:
und somit auf usenext.
Deinstallieren. Dann gehts hier auch weiter.

alex1860 16.09.2014 11:13
usenext is weg

cosinus 16.09.2014 13:35
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

alex1860 16.09.2014 14:17
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by 1860 at 2014-09-16 15:14:47
Running from C:\Users\1860\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
arCV (HKLM-x32\...\{ACC1683B-5AB9-429A-88C2-D575424009D0}) (Version: 4.3.3 - Arne Reuter)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CopyTrans Control Center deinstallieren (HKCU\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.0816 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.0816 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
eLearn CDROM 1.0 (HKLM-x32\...\eLearn 1.2.1_is1) (Version:  - FIAT Auto S.p.A.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Flat Trader (HKCU\...\InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}) (Version: 2.38.56.7.2.1 - FX Flat)
Flat Trader (x32 Version: 2.38.56.7.2.1 - FX Flat) Hidden
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6321 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode Version 3.1.8.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.8.8 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-08-2014 04:45:27 arCV wird installiert
29-08-2014 16:31:57 Installed Python 2.7.2
31-08-2014 15:57:27 ComboFix created restore point
03-09-2014 12:24:13 Windows Update
10-09-2014 12:37:53 Removed Microsoft Office Professional Plus 2013
10-09-2014 12:38:42 PROPLUSR
10-09-2014 13:04:55 Nokia Connectivity Cable Driver wird entfernt
10-09-2014 13:46:34 Removed Python 2.7.2
10-09-2014 15:03:03 Removed Bonjour
11-09-2014 18:46:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-11 19:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FA62DF7-79A8-4232-9582-F1718B017E20} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15B696BE-385F-45D0-81E0-F1B0ADEDC9AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {208AA79F-9418-4C41-BF4E-687CE6F0BEF9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: {64BDF030-3E0D-4454-8A97-14E4F61D526A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6FAEB5A2-5CEE-43D7-8950-05A6AC803870} - System32\Tasks\{7D477009-58F9-4698-B334-40CE5E979124} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.106&amp;LastError=12007
Task: {C5352DB3-4A18-4108-80C6-540773412094} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {C58DCE38-CD62-4901-9381-A142415BFC59} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-10] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job => C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-18 16:08 - 2009-08-13 13:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2014-08-15 19:34 - 2011-08-25 10:50 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2013-10-31 11:24 - 2013-10-31 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-13 20:28 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\1860\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2010-06-25 13:49 - 2010-06-25 13:49 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-06-25 13:49 - 2010-06-25 13:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00051016 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00716616 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00100168 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 04061000 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 00394568 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 10:30 - 2014-03-02 04:35 - 01647432 _____ () C:\Windows.old\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: ST2012_Svc => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: Facebook Update => "C:\Users\1860\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleChromeAutoLaunch_643ADABA1D5F8841A8D9FF4E8733D2D0 => "C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\1860\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\1860\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2014 01:17:56 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "Boot (C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Die Startoptimierung konnte aufgrund fehlenden Speicherplatzes nicht abgeschlossen werden. (0x89000019)

Error: (09/14/2014 08:51:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/14/2014 04:32:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/14/2014 04:32:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/16/2014 05:35:32 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/16/2014 05:35:32 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/16/2014 05:35:31 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/16/2014 05:35:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/16/2014 05:35:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/16/2014 05:35:29 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/15/2014 02:57:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}


Microsoft Office Sessions:
=========================
Error: (09/16/2014 01:17:56 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Boot (C:)Die Startoptimierung konnte aufgrund fehlenden Speicherplatzes nicht abgeschlossen werden. (0x89000019)

Error: (09/14/2014 08:51:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/14/2014 04:32:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\1860\Downloads\esetsmartinstaller_deu (1).exe

Error: (09/14/2014 04:32:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\1860\Downloads\esetsmartinstaller_deu (1).exe


CodeIntegrity Errors:
===================================
  Date: 2014-09-11 19:01:04.629
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-11 19:01:04.524
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-11 19:01:04.419
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-11 19:01:04.314
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.418
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.313
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.208
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 18:04:29.099
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:59:39.599
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:59:39.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 53%
Total physical RAM: 4003 MB
Available physical RAM: 1860.86 MB
Total Pagefile: 8004.19 MB
Available Pagefile: 5586.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:657.53 GB) (Free:298.66 GB) NTFS
Drive d: (Recover) (Fixed) (Total:38 GB) (Free:16.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E47B19CB)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=657.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by 1860 (administrator) on 1860-PC on 16-09-2014 15:14:22
Running from C:\Users\1860\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1495459556-2568946141-1351117670-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1495459556-2568946141-1351117670-1000\...\Run: [GoogleChromeAutoLaunch_643ADABA1D5F8841A8D9FF4E8733D2D0] => C:\Windows.old\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464 2014-03-02] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\1860\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\1860\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (YouTube) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Adblock Plus) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-29]
CHR Extension: (Google-Suche) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Google Mail) - C:\Users\1860\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2011-08-25] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-17] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [76400 2011-01-25] (Atheros Communications, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-16] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 20:47 - 2014-09-14 20:47 - 00021645 _____ () C:\Users\1860\Desktop\eset.txt
2014-09-14 16:32 - 2014-09-14 16:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-14 15:50 - 2014-09-14 15:50 - 02347384 _____ (ESET) C:\Users\1860\Downloads\esetsmartinstaller_deu (1).exe
2014-09-14 11:08 - 2014-09-14 11:09 - 02347384 _____ (ESET) C:\Users\1860\Downloads\esetsmartinstaller_deu.exe
2014-09-14 10:49 - 2014-09-14 10:49 - 00001312 _____ () C:\Users\1860\Desktop\mbam.txt
2014-09-14 10:22 - 2014-09-16 05:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 10:22 - 2014-09-14 10:22 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 10:22 - 2014-09-14 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 10:22 - 2014-09-14 10:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 10:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 10:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-14 10:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-14 10:21 - 2014-09-14 10:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\1860\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 18:34 - 2014-09-16 15:08 - 00027210 _____ () C:\Users\1860\Desktop\Addition.txt
2014-09-13 18:31 - 2014-09-16 15:14 - 00011905 _____ () C:\Users\1860\Desktop\FRST.txt
2014-09-13 18:26 - 2014-09-13 18:26 - 00000624 _____ () C:\Users\1860\Desktop\JRT.txt
2014-09-13 18:20 - 2014-09-13 18:20 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 18:19 - 2014-09-13 18:19 - 00003438 _____ () C:\Users\1860\Desktop\AdwCleaner[S1].txt
2014-09-13 18:13 - 2014-09-13 18:13 - 00076957 _____ () C:\Users\1860\Desktop\1&1 DSL - Ihre Bestell-Zusammenfassung.htm
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\Users\1860\Desktop\1&1 DSL - Ihre Bestell-Zusammenfassung_files
2014-09-13 18:11 - 2014-09-13 18:08 - 01373475 _____ () C:\Users\1860\Desktop\AdwCleaner_3.310.exe
2014-09-13 18:11 - 2014-09-10 16:06 - 02105856 _____ (Farbar) C:\Users\1860\Desktop\FRST64.exe
2014-09-13 18:10 - 2014-09-13 18:09 - 01016261 _____ (Thisisu) C:\Users\1860\Desktop\JRT.exe
2014-09-13 18:09 - 2014-09-13 18:09 - 01016261 _____ (Thisisu) C:\Users\1860\Downloads\JRT.exe
2014-09-13 18:08 - 2014-09-13 18:08 - 01373475 _____ () C:\Users\1860\Downloads\AdwCleaner_3.310.exe
2014-09-12 18:05 - 2014-09-12 18:05 - 00146183 _____ () C:\Users\1860\Downloads\YouTube-Unblocker-056 (2).crx
2014-09-12 18:04 - 2014-09-12 18:04 - 00146183 _____ () C:\Users\1860\Downloads\YouTube-Unblocker-056 (1).crx
2014-09-11 20:51 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 20:51 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 20:51 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 20:51 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 20:51 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 20:51 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 20:51 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 20:51 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 20:51 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 20:51 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 20:51 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 20:51 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 20:51 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 20:51 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 20:51 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 20:51 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 20:51 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 20:51 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 20:51 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 20:51 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 20:51 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 20:51 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 20:51 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 20:51 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 20:51 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 20:51 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 20:51 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 20:51 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 20:51 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 20:51 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 20:51 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 20:51 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 20:51 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 20:51 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 20:51 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 20:51 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 20:51 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 20:51 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 20:51 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 20:51 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 20:51 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 20:51 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 20:51 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 20:51 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 20:51 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 20:51 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 20:51 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 20:51 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 20:51 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 20:51 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 20:51 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 20:51 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 20:51 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 20:51 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 20:51 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 20:51 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 20:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 20:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 19:08 - 2014-09-11 19:08 - 00014839 _____ () C:\ComboFix.txt
2014-09-11 14:03 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 14:03 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 14:03 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 14:03 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 14:02 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 14:02 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 14:02 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 14:02 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 14:02 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 14:02 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 14:02 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\Users\1860\Downloads\FRST-OlderVersion
2014-09-10 14:57 - 2014-09-10 14:57 - 00000000 ____D () C:\Users\1860\AppData\Roaming\AppSplash
2014-09-09 20:52 - 2014-09-10 17:20 - 00024679 _____ () C:\Users\1860\Downloads\Addition.txt
2014-09-09 20:51 - 2014-09-16 15:14 - 00000000 ____D () C:\FRST
2014-09-09 20:51 - 2014-09-10 17:20 - 00049700 _____ () C:\Users\1860\Downloads\FRST.txt
2014-09-09 20:50 - 2014-09-10 16:06 - 02105856 _____ (Farbar) C:\Users\1860\Downloads\FRST64.exe
2014-09-09 20:34 - 2014-09-09 20:34 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 18:47 - 2014-09-09 18:47 - 00064150 _____ () C:\Users\1860\Downloads\Extras.Txt
2014-09-09 18:46 - 2014-09-09 18:46 - 00123594 _____ () C:\Users\1860\Downloads\OTL.Txt
2014-09-09 18:31 - 2014-09-09 18:31 - 00602112 _____ (OldTimer Tools) C:\Users\1860\Downloads\otl.exe
2014-09-08 19:06 - 2014-09-13 20:28 - 00011224 _____ () C:\Windows\PFRO.log
2014-09-07 07:26 - 2014-09-13 20:28 - 00000616 _____ () C:\Windows\setupact.log
2014-09-07 07:26 - 2014-09-07 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:05 - 2014-09-06 20:05 - 00000655 _____ () C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
2014-09-05 14:54 - 2014-09-05 14:54 - 00031370 _____ () C:\Users\1860\Documents\cc_20140905_145425.reg
2014-09-05 14:31 - 2014-09-05 14:31 - 04901352 _____ (Piriform Ltd) C:\Users\1860\Downloads\ccsetup417.exe
2014-09-05 14:30 - 2014-09-05 14:32 - 00000000 ____D () C:\Users\1860\Desktop\steuer, viren, bileder,bewerbung,30 euro
2014-08-31 18:34 - 2014-08-31 18:34 - 00345156 _____ () C:\Users\1860\Downloads\regsearch.zip
2014-08-31 17:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-31 17:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-31 17:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-31 17:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-31 17:54 - 2014-09-11 19:08 - 00000000 ____D () C:\Qoobox
2014-08-31 17:54 - 2014-08-31 18:12 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 17:49 - 2014-09-11 18:52 - 05576769 ____R (Swearware) C:\Users\1860\Desktop\ComboFix.exe
2014-08-31 17:47 - 2014-08-31 17:47 - 00034169 _____ () C:\Windows\system32\hjtscanlist.txt
2014-08-31 17:40 - 2014-08-31 17:40 - 00002097 _____ () C:\Users\1860\Downloads\hjtscanlist.zip
2014-08-29 22:02 - 2014-08-29 22:02 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
2014-08-29 21:56 - 2014-08-29 21:56 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
2014-08-29 18:36 - 2014-08-29 18:36 - 00000000 ____D () C:\Users\1860\AppData\Roaming\qBittorrent
2014-08-29 18:35 - 2014-08-29 18:35 - 00000000 ____D () C:\Users\1860\.idlerc
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 18:27 - 2014-09-09 14:44 - 00001024 _____ () C:\.rnd
2014-08-29 18:25 - 2014-09-13 18:15 - 00001108 _____ () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-29 18:24 - 2014-09-10 14:57 - 00000000 ____D () C:\Program Files (x86)\OneBrowse
2014-08-29 18:01 - 2014-08-29 18:01 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-29 12:29 - 2014-08-29 12:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (3).exe
2014-08-29 12:29 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (2).exe
2014-08-29 06:37 - 2014-08-29 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-28 06:46 - 2014-08-28 06:46 - 00001785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arCV.lnk
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\arcv
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\arcv
2014-08-28 06:45 - 2014-08-28 06:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-28 06:44 - 2014-08-28 06:44 - 12601114 _____ () C:\Users\1860\Downloads\arcv.exe
2014-08-28 06:38 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 06:38 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 06:38 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:37 - 2014-08-22 13:37 - 00040218 _____ () C:\Users\1860\Downloads\dbox_astra_matze (1).zip
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FlashFXP
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-08-22 13:19 - 2014-08-22 13:19 - 00000055 _____ () C:\Users\1860\Downloads\CCcam.cfg
2014-08-21 13:25 - 2014-08-21 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\elsterformular
2014-08-21 13:25 - 2014-08-21 13:25 - 00000000 ____D () C:\ProgramData\elsterformular
2014-08-21 10:28 - 2014-08-25 10:46 - 00000003 _____ () C:\Users\1860\Documents\bmm.cfg
2014-08-21 10:24 - 2014-08-28 07:31 - 00000000 ____D () C:\Users\1860\Documents\BewerbungsMaster
2014-08-21 10:24 - 2014-08-25 10:46 - 00000000 ____D () C:\ProgramData\BewerbungsMaster
2014-08-21 10:24 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 10:23 - 2014-08-21 10:27 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-08-21 10:23 - 2014-08-21 10:23 - 00335872 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-20 12:18 - 2014-08-20 12:19 - 25000000 _____ () C:\Users\1860\Downloads\Grande Punto eLEARN.part01 (1).rar
2014-08-19 06:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 06:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 06:26 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 06:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 06:26 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 06:26 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 06:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 06:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 06:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 06:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-18 20:44 - 2014-08-18 20:44 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FX Flat
2014-08-18 19:14 - 2014-08-18 19:14 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Users\1860\AppData\Roaming\TeamViewer
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-18 19:13 - 2014-08-18 19:13 - 06304880 _____ (TeamViewer GmbH) C:\Users\1860\Downloads\TeamViewer_Setup_de.exe
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FX Flat
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 18:52 - 2014-08-18 18:53 - 00000000 ____D () C:\Program Files (x86)\Flat Trader
2014-08-18 18:50 - 2014-08-18 18:50 - 00000000 ____D () C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
2014-08-18 18:48 - 2014-08-18 18:49 - 26915558 _____ (FX Flat ) C:\Users\1860\Downloads\Flat Trader Setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 15:14 - 2014-09-13 18:31 - 00011905 _____ () C:\Users\1860\Desktop\FRST.txt
2014-09-16 15:14 - 2014-09-09 20:51 - 00000000 ____D () C:\FRST
2014-09-16 15:08 - 2014-09-13 18:34 - 00027210 _____ () C:\Users\1860\Desktop\Addition.txt
2014-09-16 14:25 - 2014-05-25 21:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-16 14:16 - 2014-03-06 14:04 - 01052819 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 14:01 - 2014-03-10 14:55 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000UA.job
2014-09-16 14:01 - 2014-03-10 14:55 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1495459556-2568946141-1351117670-1000Core.job
2014-09-16 12:12 - 2014-03-15 06:33 - 00000000 ____D () C:\Users\1860\Documents\UseNeXT
2014-09-16 12:11 - 2014-03-15 06:33 - 00000000 ____D () C:\Users\1860\AppData\Roaming\UseNeXT
2014-09-16 12:05 - 2009-07-14 19:58 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-09-16 12:05 - 2009-07-14 19:58 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-09-16 12:05 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 05:22 - 2014-05-25 21:14 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-16 05:15 - 2014-09-14 10:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 20:47 - 2014-09-14 20:47 - 00021645 _____ () C:\Users\1860\Desktop\eset.txt
2014-09-14 16:32 - 2014-09-14 16:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-14 15:50 - 2014-09-14 15:50 - 02347384 _____ (ESET) C:\Users\1860\Downloads\esetsmartinstaller_deu (1).exe
2014-09-14 11:09 - 2014-09-14 11:08 - 02347384 _____ (ESET) C:\Users\1860\Downloads\esetsmartinstaller_deu.exe
2014-09-14 10:49 - 2014-09-14 10:49 - 00001312 _____ () C:\Users\1860\Desktop\mbam.txt
2014-09-14 10:22 - 2014-09-14 10:22 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 10:22 - 2014-09-14 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 10:22 - 2014-09-14 10:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 10:21 - 2014-09-14 10:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\1860\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 20:35 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 20:35 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 20:28 - 2014-09-08 19:06 - 00011224 _____ () C:\Windows\PFRO.log
2014-09-13 20:28 - 2014-09-07 07:26 - 00000616 _____ () C:\Windows\setupact.log
2014-09-13 20:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 18:26 - 2014-09-13 18:26 - 00000624 _____ () C:\Users\1860\Desktop\JRT.txt
2014-09-13 18:20 - 2014-09-13 18:20 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 18:19 - 2014-09-13 18:19 - 00003438 _____ () C:\Users\1860\Desktop\AdwCleaner[S1].txt
2014-09-13 18:15 - 2014-08-29 18:25 - 00001108 _____ () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-13 18:15 - 2013-12-21 16:51 - 00000000 ____D () C:\AdwCleaner
2014-09-13 18:14 - 2014-03-06 14:43 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Spotify
2014-09-13 18:13 - 2014-09-13 18:13 - 00076957 _____ () C:\Users\1860\Desktop\1&1 DSL - Ihre Bestell-Zusammenfassung.htm
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\Users\1860\Desktop\1&1 DSL - Ihre Bestell-Zusammenfassung_files
2014-09-13 18:09 - 2014-09-13 18:10 - 01016261 _____ (Thisisu) C:\Users\1860\Desktop\JRT.exe
2014-09-13 18:09 - 2014-09-13 18:09 - 01016261 _____ (Thisisu) C:\Users\1860\Downloads\JRT.exe
2014-09-13 18:08 - 2014-09-13 18:11 - 01373475 _____ () C:\Users\1860\Desktop\AdwCleaner_3.310.exe
2014-09-13 18:08 - 2014-09-13 18:08 - 01373475 _____ () C:\Users\1860\Downloads\AdwCleaner_3.310.exe
2014-09-13 12:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-13 10:44 - 2014-03-06 14:49 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Skype
2014-09-12 18:05 - 2014-09-12 18:05 - 00146183 _____ () C:\Users\1860\Downloads\YouTube-Unblocker-056 (2).crx
2014-09-12 18:04 - 2014-09-12 18:04 - 00146183 _____ () C:\Users\1860\Downloads\YouTube-Unblocker-056 (1).crx
2014-09-12 16:03 - 2014-03-06 14:44 - 00000000 ____D () C:\Users\1860\AppData\Local\Spotify
2014-09-11 20:50 - 2014-03-12 20:13 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 20:47 - 2014-05-12 08:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 19:08 - 2014-09-11 19:08 - 00014839 _____ () C:\ComboFix.txt
2014-09-11 19:08 - 2014-08-31 17:54 - 00000000 ____D () C:\Qoobox
2014-09-11 19:03 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-11 18:52 - 2014-08-31 17:49 - 05576769 ____R (Swearware) C:\Users\1860\Desktop\ComboFix.exe
2014-09-10 17:20 - 2014-09-09 20:52 - 00024679 _____ () C:\Users\1860\Downloads\Addition.txt
2014-09-10 17:20 - 2014-09-09 20:51 - 00049700 _____ () C:\Users\1860\Downloads\FRST.txt
2014-09-10 16:06 - 2014-09-13 18:11 - 02105856 _____ (Farbar) C:\Users\1860\Desktop\FRST64.exe
2014-09-10 16:06 - 2014-09-10 16:06 - 00000000 ____D () C:\Users\1860\Downloads\FRST-OlderVersion
2014-09-10 16:06 - 2014-09-09 20:50 - 02105856 _____ (Farbar) C:\Users\1860\Downloads\FRST64.exe
2014-09-10 15:16 - 2014-05-11 13:23 - 00000000 ____D () C:\ProgramData\Nokia
2014-09-10 15:16 - 2014-05-11 13:19 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-09-10 15:00 - 2014-03-06 14:23 - 00109896 _____ () C:\Users\1860\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-10 14:59 - 2009-07-14 06:45 - 00431024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 14:57 - 2014-09-10 14:57 - 00000000 ____D () C:\Users\1860\AppData\Roaming\AppSplash
2014-09-10 14:57 - 2014-08-29 18:24 - 00000000 ____D () C:\Program Files (x86)\OneBrowse
2014-09-10 14:57 - 2014-03-31 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 14:48 - 2014-03-17 19:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 14:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-10 14:45 - 2014-03-17 19:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-10 14:45 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-09-10 14:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-10 14:41 - 2009-07-14 04:34 - 00000387 _____ () C:\Windows\win.ini
2014-09-09 20:34 - 2014-09-09 20:34 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 20:34 - 2014-03-06 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 20:34 - 2014-03-06 16:27 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 20:34 - 2014-03-06 15:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 18:47 - 2014-09-09 18:47 - 00064150 _____ () C:\Users\1860\Downloads\Extras.Txt
2014-09-09 18:46 - 2014-09-09 18:46 - 00123594 _____ () C:\Users\1860\Downloads\OTL.Txt
2014-09-09 18:31 - 2014-09-09 18:31 - 00602112 _____ (OldTimer Tools) C:\Users\1860\Downloads\otl.exe
2014-09-09 14:44 - 2014-08-29 18:27 - 00001024 _____ () C:\.rnd
2014-09-07 07:26 - 2014-09-07 07:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 20:05 - 2014-09-06 20:05 - 00000655 _____ () C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
2014-09-05 14:54 - 2014-09-05 14:54 - 00031370 _____ () C:\Users\1860\Documents\cc_20140905_145425.reg
2014-09-05 14:32 - 2014-09-05 14:30 - 00000000 ____D () C:\Users\1860\Desktop\steuer, viren, bileder,bewerbung,30 euro
2014-09-05 14:31 - 2014-09-05 14:31 - 04901352 _____ (Piriform Ltd) C:\Users\1860\Downloads\ccsetup417.exe
2014-09-05 14:31 - 2014-08-03 15:42 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-05 14:31 - 2014-08-03 15:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-05 04:10 - 2014-09-11 14:02 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 14:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-31 20:40 - 2014-03-18 16:08 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-08-31 18:34 - 2014-08-31 18:34 - 00345156 _____ () C:\Users\1860\Downloads\regsearch.zip
2014-08-31 18:14 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-31 18:12 - 2014-08-31 17:54 - 00000000 ____D () C:\Windows\erdnt
2014-08-31 17:47 - 2014-08-31 17:47 - 00034169 _____ () C:\Windows\system32\hjtscanlist.txt
2014-08-31 17:40 - 2014-08-31 17:40 - 00002097 _____ () C:\Users\1860\Downloads\hjtscanlist.zip
2014-08-29 22:02 - 2014-08-29 22:02 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
2014-08-29 21:56 - 2014-08-29 21:56 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
2014-08-29 18:36 - 2014-08-29 18:36 - 00000000 ____D () C:\Users\1860\AppData\Roaming\qBittorrent
2014-08-29 18:35 - 2014-08-29 18:35 - 00000000 ____D () C:\Users\1860\.idlerc
2014-08-29 18:35 - 2014-03-06 14:15 - 00000000 ____D () C:\Users\1860
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
2014-08-29 18:28 - 2014-08-29 18:28 - 00000000 ____D () C:\Users\1860\AppData\Local\Easy BitTorrent Client
2014-08-29 18:01 - 2014-08-29 18:01 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-08-29 12:30 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (3).exe
2014-08-29 12:30 - 2014-07-06 13:02 - 00011928 _____ () C:\Users\1860\Downloads\hijackthis.log
2014-08-29 12:29 - 2014-08-29 12:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\1860\Downloads\HiJackThis204 (2).exe
2014-08-29 06:38 - 2014-08-29 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-29 06:38 - 2014-07-30 18:17 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 06:37 - 2014-07-30 18:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-28 07:31 - 2014-08-21 10:24 - 00000000 ____D () C:\Users\1860\Documents\BewerbungsMaster
2014-08-28 06:49 - 2014-03-06 14:15 - 00000000 ____D () C:\Users\1860\AppData\Local\VirtualStore
2014-08-28 06:47 - 2014-05-08 12:09 - 00000000 ____D () C:\Users\1860\Desktop\bilder auto
2014-08-28 06:46 - 2014-08-28 06:46 - 00001785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arCV.lnk
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\Program Files (x86)\arcv
2014-08-28 06:46 - 2014-08-28 06:46 - 00000000 ____D () C:\arcv
2014-08-28 06:45 - 2014-08-28 06:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-28 06:44 - 2014-08-28 06:44 - 12601114 _____ () C:\Users\1860\Downloads\arcv.exe
2014-08-25 10:46 - 2014-08-21 10:28 - 00000003 _____ () C:\Users\1860\Documents\bmm.cfg
2014-08-25 10:46 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\BewerbungsMaster
2014-08-23 04:07 - 2014-08-28 06:38 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 06:38 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 06:38 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:37 - 2014-08-22 13:37 - 00040218 _____ () C:\Users\1860\Downloads\dbox_astra_matze (1).zip
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FlashFXP
2014-08-22 13:26 - 2014-08-22 13:26 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-08-22 13:19 - 2014-08-22 13:19 - 00000055 _____ () C:\Users\1860\Downloads\CCcam.cfg
2014-08-21 13:26 - 2014-08-21 13:25 - 00000000 ____D () C:\Users\1860\AppData\Roaming\elsterformular
2014-08-21 13:25 - 2014-08-21 13:25 - 00000000 ____D () C:\ProgramData\elsterformular
2014-08-21 10:27 - 2014-08-21 10:23 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-08-21 10:24 - 2014-08-21 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 10:23 - 2014-08-21 10:23 - 00335872 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-08-21 10:23 - 2014-08-21 10:23 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-08-21 05:06 - 2014-03-17 18:11 - 00000000 ____D () C:\Users\1860\AppData\Roaming\DAEMON Tools Lite
2014-08-20 12:21 - 2014-05-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLearn
2014-08-20 12:21 - 2014-05-01 18:52 - 00000000 ____D () C:\eLearn
2014-08-20 12:19 - 2014-08-20 12:18 - 25000000 _____ () C:\Users\1860\Downloads\Grande Punto eLEARN.part01 (1).rar
2014-08-19 20:05 - 2014-09-11 20:51 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 20:51 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-11 20:51 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 20:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 20:51 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 20:51 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 20:51 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 20:51 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 20:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 20:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 20:51 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 20:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 20:51 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 20:51 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 20:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 20:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 20:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 20:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 20:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 20:51 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 20:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 20:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 20:51 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 20:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 20:51 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 20:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 20:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 20:51 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 20:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 20:51 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 20:51 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 20:51 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 20:51 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 20:51 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 20:51 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 20:51 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 20:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 20:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 20:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 20:51 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 20:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 20:51 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 20:51 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 20:51 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 20:51 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 20:51 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 20:51 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 20:51 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 20:51 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 20:51 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 20:44 - 2014-08-18 20:44 - 00000000 ____D () C:\Users\1860\AppData\Roaming\FX Flat
2014-08-18 19:14 - 2014-08-18 19:14 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Users\1860\AppData\Roaming\TeamViewer
2014-08-18 19:14 - 2014-08-18 19:14 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-18 19:13 - 2014-08-18 19:13 - 06304880 _____ (TeamViewer GmbH) C:\Users\1860\Downloads\TeamViewer_Setup_de.exe
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FX Flat
2014-08-18 18:53 - 2014-08-18 18:53 - 00000000 ____D () C:\Users\1860\AppData\Roaming\InstallShield Installation Information
2014-08-18 18:53 - 2014-08-18 18:52 - 00000000 ____D () C:\Program Files (x86)\Flat Trader
2014-08-18 18:50 - 2014-08-18 18:50 - 00000000 ____D () C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
2014-08-18 18:49 - 2014-08-18 18:48 - 26915558 _____ (FX Flat ) C:\Users\1860\Downloads\Flat Trader Setup.exe
2014-08-17 05:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\1860\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 13:15

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

und was michhier beunruhigt, da steht irgendwo dabei hard disk fehler.auf einem der protokolle. so und als nächstes wie gehts ddann weiter?

cosinus 16.09.2014 15:43
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Spyware Terminator
C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
C:\Users\1860\AppData\Roaming\qBittorrent
C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
C:\Users\1860\AppData\Local\Easy BitTorrent Client
C:\Users\1860\Documents\UseNeXT
C:\Users\1860\AppData\Roaming\UseNeXT
C:\Users\1860\Downloads\KMSnano.v22.AutoReactivation.rar
C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
C:\Windows.old\Program Files (x86)\SecurityXploded
C:\Documents and Settings\1860\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000
C:\Documents and Settings\1860\Desktop\bilder auto\........exe
C:\Documents and Settings\1860\Desktop\bilder von schranz musik und house (1).AutoReactivation\KMSnano_setup.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


alex1860 16.09.2014 16:00
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by 1860 at 2014-09-16 16:57:11 Run:2
Running from C:\Users\1860\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Spyware Terminator
C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz
C:\Users\1860\AppData\Roaming\qBittorrent
C:\Users\1860\AppData\Roaming\Easy BitTorrent Client
C:\Users\1860\AppData\Local\Easy BitTorrent Client
C:\Users\1860\Documents\UseNeXT
C:\Users\1860\AppData\Roaming\UseNeXT
C:\Users\1860\Downloads\KMSnano.v22.AutoReactivation.rar
C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe
C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe
C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe
C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8}
C:\Windows.old\Program Files (x86)\SecurityXploded
C:\Documents and Settings\1860\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000
C:\Documents and Settings\1860\Desktop\bilder auto\........exe
C:\Documents and Settings\1860\Desktop\bilder von schranz musik und house (1).AutoReactivation\KMSnano_setup.exe
       
*****************

MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\Spyware Terminator" => File/Directory not found.
C:\Users\1860\Downloads\gist2794364-68d8e90bee246710daec296bc9c68bccb0ea3c3f.tar.gz => Moved successfully.
C:\Users\1860\AppData\Roaming\qBittorrent => Moved successfully.
C:\Users\1860\AppData\Roaming\Easy BitTorrent Client => Moved successfully.
C:\Users\1860\AppData\Local\Easy BitTorrent Client => Moved successfully.
C:\Users\1860\Documents\UseNeXT => Moved successfully.
C:\Users\1860\AppData\Roaming\UseNeXT => Moved successfully.
C:\Users\1860\Downloads\KMSnano.v22.AutoReactivation.rar => Moved successfully.
"C:\Users\1860\Downloads\SpywareTerminatorSetup_CB-DL-Manager.exe" => File/Directory not found.
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 => Moved successfully.
"C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5" => File/Directory not found.
C:\Users\1860\Downloads\avira_de_av__r0ij9fgnxa1yb4agvitd_wsp.exe => Moved successfully.
C:\Users\1860\Downloads\avira_de_av__7h9xxx1fgezq3qpfft0r_wsp.exe => Moved successfully.
C:\Users\1860\Downloads\avira_de_av__ieufi9euwix87i2gugcy_wsp.exe => Moved successfully.
C:\Users\1860\Documents\{95EA60FC-B631-470C-98A7-B6EC973B6AA8} => Moved successfully.
C:\Windows.old\Program Files (x86)\SecurityXploded => Moved successfully.
C:\Documents and Settings\1860\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 => Moved successfully.
C:\Documents and Settings\1860\Desktop\bilder auto\........exe => Moved successfully.
C:\Documents and Settings\1860\Desktop\bilder von schranz musik und house (1).AutoReactivation\KMSnano_setup.exe => Moved successfully.

==== End of Fixlog ====
und was ist das mit dem hard disk problem wo ich da bei dem scan gesehen hab?
und was war das jetzt?

cosinus 16.09.2014 22:45
Zitat:
und was ist das mit dem hard disk problem wo ich da bei dem scan gesehen hab?
Vergiss die Meldungen, die beziehen sich nur auf eine Datei von Combofix. Nix mit Hardware.

Wie siehts mit deinem Rechner aus, was ist aus dem Urspruingsproblem?

alex1860 17.09.2014 05:09
naja es geht so lala. wenig besser.was is den mit den ergebnissen die der online Scanner gefunden hat? nicht löschen?

cosinus 17.09.2014 08:28
Zitat:
naja es geht so lala. wenig besser.
Geh mal das hier durch => http://www.trojaner-board.de/71631-p...tml#post425616

Zitat:
was is den mit den ergebnissen die der online Scanner gefunden hat? nicht löschen?
Was meinst du wohl was wir mit dem letzten FRST Fix gemacht haben :D

alex1860 17.09.2014 12:26
wie is das mit dem alldup?? welche muss ich da dann auswählen damit er ja nur dann eine davon behält?

cosinus 17.09.2014 12:50
Zitat:
wie is das mit dem alldup??
Bitte was :confused:

alex1860 17.09.2014 12:53
du hast gesagt ich soll das mal abarbeiten. da steht ein tip mit dem programm AllDup.
welche dateien wenn er doppelte gefunde hat muss ichauswählen? um das ich noch eine davon hab? weil es zeigt mir zum beispiel drei gleiche dateien an, zb. drei mal hanssöllner lied das gleiche. und wieviel muss ich anhacken davon damit ich eins davon behalte? oder sind das nur duplikate die das programm findet beim scan

cosinus 17.09.2014 13:10
Ach das meinste :D

Ob du doppelte Dateien aufspüren und löschen willst musst du doch entscheiden, ist doch deine Datenablage und nicht mehr

Wieviel findet der dann da, wenn das nicht soviel ist kannst du ja manuell aussortieren

alex1860 17.09.2014 13:28
104 gb findet er.
aber wlche dateien muss ich da anklicken? nich das ich alles auswähle und er löscht mir dann alles. angenommen er findet dreimal ein lied dasselbe und zeigt mir das an. muss oder kann ich das dann 3mal löschen und das eine bleibt übrig oder sind dann alle weg und ich hab das lied gar nicht mehr

cosinus 17.09.2014 14:54
Lass das mit allDup dann lieber sein.

alex1860 17.09.2014 14:57
kannst mir ja kurz sagen bitte willd anich soviel doppeltes haben

cosinus 17.09.2014 15:32
Nun mach doch erstmal die normale Reinigung. Musik und Videos löschen brtingt nur freien Speicherplatz aber Windows wird dadurch nicht (signifikant) schneller.

alex1860 17.09.2014 15:36
na die reiningung hab ich gemacht mit dem bordmittel. war nich viel. was kann ich den da noch machen?

cosinus 17.09.2014 15:39
Ordner Windows.old gelöscht?

alex1860 17.09.2014 16:12
ne hab ich nich! da sind noch paar lieder von mir drauf und so in dem ordner.wusste ich ob ich den noch brauche oder nich .


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55