Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Run DLL angegebenes Modul wurde nicht gefunden (https://www.trojaner-board.de/158647-run-dll-angegebenes-modul-wurde-gefunden.html)

bambam12 12.09.2014 23:56
Run DLL angegebenes Modul wurde nicht gefunden
 
Hallo Trojanerboard,
ich habe seit einiger Zeit das Problem, das beim booten meines Laptops jedes mal die Meldung : Run DLL angegebenes Modul wurde nicht gefunden
angezeigt wird.
Ich kann die Meldung bestätigen und kann ganz normal am Laptop weiterarbeiten.
Eine Einschränkung der Perfomance habe ich nicht bemerkt.
Nach durchforsten des Netzes bin ich auf euch gestoßen und habe gelesen das es wohl mehr Leute mit diesem Problem gibt und es sich dabei meist um Schadsoftware handelt.
Ich habe den WinZip Maleware protector laufen lassen und er hat mir 328 Schadsoftware-Bedrohungen gemeldet.
Antivir hat nichts gefunden.
Ich habe mir die Anweisungen aus eurem Board durchgelesen und mich Versucht daran zu halten.
Im Anhang sende ich die gezippten Textdateien : FRST, GMer und vom Maleware Protector.
Ich hoffe ich habs einigermaßen richtig gemacht und ihr könnt mir event helfen.

Vielen Dank schonmal
Gruß
bambam12

schrauber 13.09.2014 06:41
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

bambam12 13.09.2014 10:24
Hi Schrauber,
danke für die schnelle Rückantwort.
Ich hoffe so passts.
Ich habe auch den Log vom Maleware Protector angehängt.

Gruss



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Bemmerer (administrator) on MARKUS on 12-09-2014 23:58:54
Running from C:\Users\Bemmerer\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\Bemmerer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Users\Bemmerer\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-07-30] (Toshiba Europe GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-01-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Bemmerer\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Run: [Google Update] => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-30] (Google Inc.)
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" ,DLLRunAPISupport
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Bemmerer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Run: [Amazon Music] => C:\Users\Bemmerer\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\RunOnce: [Uninstall C:\Users\Bemmerer\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bemmerer\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\MountPoints2: {24be8aaf-d025-11de-a79a-806e6f6e6963} - E:\start.exe /auto
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\MountPoints2: {c43500cc-3594-11e2-9fb0-002622e9117e} - F:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\bemmerermarkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
URLSearchHook: HKLM-x32 - DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
URLSearchHook: HKCU - DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
URLSearchHook: HKCU - (No Name) - {dc84d6f4-abf5-441d-bdef-65f3f4d7aabe} - No File
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M913F5303-B1C3-4B5A-9C78-2A062DAB88C3&SearchSource=58&CUI=&UM=5&UP=SP8757FA0E-B617-42BF-B771-A56C3360277D&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M913F5303-B1C3-4B5A-9C78-2A062DAB88C3&SearchSource=58&CUI=&UM=5&UP=SP8757FA0E-B617-42BF-B771-A56C3360277D&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {A807240F-B8D4-4249-93AE-523CEA6D7A3B} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M913F5303-B1C3-4B5A-9C78-2A062DAB88C3&SearchSource=58&CUI=&UM=5&UP=SP8757FA0E-B617-42BF-B771-A56C3360277D&q={searchTerms}&SSPV=
SearchScopes: HKCU - {ABEFD42F-C53C-4053-8ACA-373F2D7ABC7D} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {BB97DFC1-48DE-46C7-B903-BE7ECE90F25E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} ->  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - DVDVideoSoft Toolbar - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239
FF DefaultSearchEngine: Conduit Search
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Bemmerer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Bemmerer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Bemmerer\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF SearchPlugin: C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-09-12]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3175297&SearchSource=48&UP=SP8757FA0E-B617-42BF-B771-A56C3360277D&SSPV=&SAT=SCH
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Default -> 598566CD354CBAF67B96B7C81CB4EF842CA391093FBBD68AD7A10151AD33AA36
CHR DefaultSearchURL: Default -> 24FEBF6AD705077C6791C6814D3535B6663AFE0F285B23468A1B2CD02402523F
CHR Plugin: (Shockwave Flash) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Bemmerer\Desktop\marion\npAmazonMP3DownloaderPlugin101727.dll No File
CHR Profile: C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30]
CHR Extension: (McAfee Security Scan+) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-24]
CHR Extension: (Google-Suche) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30]
CHR Extension: (SweetIM for Facebook) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2013-01-03]
CHR Extension: (Google Wallet) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (JDownloader) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh [2012-12-30]
CHR Extension: (Google Mail) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30]
CHR HKCU\...\Chrome\Extension: [oikliheaihindkomebcajofjponhlhhh] - C:\Users\Bemmerer\AppData\Local\CRE\oikliheaihindkomebcajofjponhlhhh.crx [2012-12-01]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2013-01-02]
CHR HKLM-x32\...\Chrome\Extension: [oikliheaihindkomebcajofjponhlhhh] - C:\Users\Bemmerer\AppData\Local\CRE\oikliheaihindkomebcajofjponhlhhh.crx [2012-12-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3516408 2013-07-05] (devolo AG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
S1 cdrbsvsd; No ImagePath
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-11-23] (Mobile Connector) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-07-05] (CACE Technologies)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 23:59 - 2014-09-12 23:59 - 00380416 _____ () C:\Users\Bemmerer\Downloads\Gmer-19357.exe
2014-09-12 23:58 - 2014-09-13 00:00 - 00023062 _____ () C:\Users\Bemmerer\Downloads\FRST.txt
2014-09-12 23:58 - 2014-09-12 23:58 - 00000000 ____D () C:\FRST
2014-09-12 23:56 - 2014-09-12 23:56 - 02105856 _____ (Farbar) C:\Users\Bemmerer\Downloads\FRST64.exe
2014-09-12 23:53 - 2014-09-12 23:55 - 00000478 _____ () C:\Users\Bemmerer\Downloads\defogger_disable.log
2014-09-12 23:53 - 2014-09-12 23:53 - 00000000 _____ () C:\Users\Bemmerer\defogger_reenable
2014-09-12 23:52 - 2014-09-12 23:52 - 00050477 _____ () C:\Users\Bemmerer\Downloads\Defogger.exe
2014-09-12 23:00 - 2014-09-12 23:00 - 00003112 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-09-12 23:00 - 2014-09-12 23:00 - 00001156 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-09-12 23:00 - 2014-09-12 23:00 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\Nico Mak Computing
2014-09-12 23:00 - 2014-09-12 23:00 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-09-12 23:00 - 2014-09-12 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-09-12 23:00 - 2014-09-12 23:00 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-09-12 23:00 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-09-12 22:59 - 2014-09-12 22:59 - 04892480 _____ (WinZip International LLC ) C:\Users\Bemmerer\Downloads\wzmp_8.exe
2014-09-12 22:47 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-12 22:47 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-12 22:47 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-12 22:47 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-12 22:47 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-12 22:47 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-12 22:47 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-12 22:47 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-12 22:47 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-12 22:47 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-12 22:47 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-12 22:47 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-12 22:47 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-12 22:47 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-12 22:47 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-12 22:47 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-12 22:47 - 2013-10-01 22:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-12 22:47 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-12 22:46 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-12 22:46 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-12 22:46 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-12 22:46 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-12 22:46 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-12 22:46 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-12 22:45 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-12 22:45 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-12 22:21 - 2014-09-12 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 21:46 - 2014-09-12 22:49 - 00000168 _____ () C:\Windows\setupact.log
2014-09-12 21:46 - 2014-09-12 21:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 21:45 - 2014-09-12 22:36 - 00002088 _____ () C:\Windows\PFRO.log
2014-09-12 21:29 - 2014-09-12 21:29 - 01619968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msoe.dll
2014-09-12 21:28 - 2014-09-12 21:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-12 21:27 - 2014-09-12 21:27 - 05345152 _____ (Dll-Files.com ) C:\Users\Bemmerer\Downloads\dff_fp3w-msoe.exe
2014-09-12 20:38 - 2014-09-12 20:38 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Bemmerer\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-09-12 20:32 - 2014-09-12 20:32 - 00044242 _____ () C:\Users\Bemmerer\Desktop\sfcdetails.txt
2014-09-11 19:10 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:10 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 19:10 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:10 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:10 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:10 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:10 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:10 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:10 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:10 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:10 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:10 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:10 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:10 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:10 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:10 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 19:10 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:10 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 19:10 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:10 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 19:10 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 19:10 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 19:10 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:10 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:10 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 19:10 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 19:10 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:10 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 19:10 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 19:10 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 19:10 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 19:10 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:10 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:10 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:10 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 19:10 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 19:10 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 19:10 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 19:10 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 19:10 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 19:10 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 19:10 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 19:09 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 19:09 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:09 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:09 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 19:09 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:09 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 19:09 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:09 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:09 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 19:09 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:09 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 19:09 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:09 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 19:09 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 19:14 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 19:14 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 19:14 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 19:14 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 19:13 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 19:13 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 19:13 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 19:13 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 19:13 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 19:13 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 19:13 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 19:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 19:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-03 21:11 - 2014-09-03 21:11 - 00000000 ____D () C:\Users\Bemmerer\AppData\Local\Adobe
2014-09-03 19:32 - 2014-09-03 19:33 - 173838160 _____ () C:\Users\Bemmerer\Downloads\New_PC_Studio_1.5.1.10064_2.exe
2014-08-31 22:31 - 2014-08-31 22:31 - 00002503 _____ () C:\Users\Public\Desktop\Serato DJ .lnk
2014-08-31 22:30 - 2014-08-31 22:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-31 09:19 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 09:19 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-31 09:19 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 06:28 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 06:28 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 06:28 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 06:28 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 06:27 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 06:27 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 06:27 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 06:27 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 06:27 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 06:27 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 06:27 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 06:27 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 06:27 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 06:27 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 18:59 - 2014-08-19 18:59 - 00002062 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-08-19 18:58 - 2014-08-19 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-08-19 18:28 - 2014-08-19 18:29 - 00000000 ____D () C:\Users\Bemmerer\Downloads\bpm
2014-08-19 18:18 - 2014-08-19 18:18 - 00652482 _____ () C:\Users\Bemmerer\Downloads\bpmanalyzer (1).zip
2014-08-18 19:28 - 2014-08-18 19:28 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-18 19:28 - 2014-08-18 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-18 19:26 - 2014-08-18 19:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-18 19:26 - 2014-08-18 19:28 - 00000000 ____D () C:\Program Files\iTunes
2014-08-18 19:26 - 2014-08-18 19:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-18 19:26 - 2014-08-18 19:26 - 00000000 ____D () C:\Program Files\iPod
2014-08-17 14:40 - 2014-08-17 14:40 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-17 14:40 - 2014-08-17 14:40 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-17 14:40 - 2014-08-17 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-17 14:40 - 2014-08-17 14:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-17 14:38 - 2014-08-17 14:39 - 03738080 _____ (Piriform Ltd) C:\Users\Bemmerer\Downloads\ccsetup416_slim.exe
2014-08-16 10:42 - 2014-08-16 10:42 - 00039216 _____ () C:\Users\Bemmerer\Downloads\Reloop-225244 Firmware 0.21 Uni(1).zip
2014-08-14 16:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 16:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 16:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 16:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 16:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 16:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 16:24 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 16:24 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:17 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 15:17 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 15:16 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 15:16 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 15:16 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 15:16 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 15:16 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 15:16 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 15:16 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 15:16 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 15:16 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 15:16 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 15:16 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 15:16 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 15:16 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 15:16 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 15:16 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 15:16 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 15:16 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 15:16 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 15:16 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 15:16 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 15:16 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:15 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 15:13 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 15:13 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 00:00 - 2014-09-12 23:58 - 00023062 _____ () C:\Users\Bemmerer\Downloads\FRST.txt
2014-09-12 23:59 - 2014-09-12 23:59 - 00380416 _____ () C:\Users\Bemmerer\Downloads\Gmer-19357.exe
2014-09-12 23:58 - 2014-09-12 23:58 - 00000000 ____D () C:\FRST
2014-09-12 23:56 - 2014-09-12 23:56 - 02105856 _____ (Farbar) C:\Users\Bemmerer\Downloads\FRST64.exe
2014-09-12 23:55 - 2014-09-12 23:53 - 00000478 _____ () C:\Users\Bemmerer\Downloads\defogger_disable.log
2014-09-12 23:53 - 2014-09-12 23:53 - 00000000 _____ () C:\Users\Bemmerer\defogger_reenable
2014-09-12 23:53 - 2009-12-05 19:11 - 00000000 ____D () C:\Users\Bemmerer
2014-09-12 23:52 - 2014-09-12 23:52 - 00050477 _____ () C:\Users\Bemmerer\Downloads\Defogger.exe
2014-09-12 23:29 - 2012-04-26 17:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 23:23 - 2009-07-14 06:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 23:23 - 2009-07-14 06:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 23:17 - 2012-10-30 17:06 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000UA.job
2014-09-12 23:14 - 2010-02-08 20:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 23:00 - 2014-09-12 23:00 - 00003112 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-09-12 23:00 - 2014-09-12 23:00 - 00001156 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-09-12 23:00 - 2014-09-12 23:00 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\Nico Mak Computing
2014-09-12 23:00 - 2014-09-12 23:00 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-09-12 23:00 - 2014-09-12 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-09-12 23:00 - 2014-09-12 23:00 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-09-12 22:59 - 2014-09-12 22:59 - 04892480 _____ (WinZip International LLC ) C:\Users\Bemmerer\Downloads\wzmp_8.exe
2014-09-12 22:56 - 2013-01-03 14:55 - 01494546 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 22:52 - 2012-04-29 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-12 22:51 - 2013-10-12 07:49 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec70ed06198a9.job
2014-09-12 22:50 - 2011-10-29 20:39 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-12 22:50 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-12 22:49 - 2014-09-12 21:46 - 00000168 _____ () C:\Windows\setupact.log
2014-09-12 22:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 22:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-12 22:36 - 2014-09-12 21:45 - 00002088 _____ () C:\Windows\PFRO.log
2014-09-12 22:21 - 2014-09-12 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 22:00 - 2012-01-22 20:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-12 22:00 - 2009-09-08 10:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-12 21:57 - 2011-07-24 14:08 - 00000000 ____D () C:\Users\Bemmerer\Documents\Mein Steuer-Sparbuch Heute
2014-09-12 21:57 - 2010-05-13 16:33 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-09-12 21:57 - 2009-09-08 09:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-12 21:54 - 2011-11-01 13:31 - 00000000 ____D () C:\ProgramData\Skype
2014-09-12 21:52 - 2014-01-14 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-12 21:46 - 2014-09-12 21:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 21:46 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-12 21:29 - 2014-09-12 21:29 - 01619968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msoe.dll
2014-09-12 21:28 - 2014-09-12 21:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-12 21:27 - 2014-09-12 21:27 - 05345152 _____ (Dll-Files.com ) C:\Users\Bemmerer\Downloads\dff_fp3w-msoe.exe
2014-09-12 21:19 - 2013-12-01 03:03 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-09-12 20:38 - 2014-09-12 20:38 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Bemmerer\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-09-12 20:32 - 2014-09-12 20:32 - 00044242 _____ () C:\Users\Bemmerer\Desktop\sfcdetails.txt
2014-09-12 19:17 - 2013-10-11 14:23 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000Core1cec67cb07e93a5.job
2014-09-11 21:58 - 2010-10-31 12:49 - 00000000 ____D () C:\Windows\rescache
2014-09-11 20:29 - 2012-04-26 17:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 20:29 - 2012-04-26 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 20:29 - 2012-04-26 17:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 19:07 - 2014-01-30 20:04 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 19:07 - 2009-07-14 19:58 - 00704520 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 19:07 - 2009-07-14 19:58 - 00152326 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 19:06 - 2009-07-14 07:13 - 01608640 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 20:21 - 2013-08-14 19:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 20:21 - 2009-12-12 21:04 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 20:20 - 2014-05-06 19:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 19:04 - 2013-11-03 01:02 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 19:04 - 2013-11-03 01:02 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-10 19:03 - 2013-11-03 01:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 19:03 - 2013-11-03 01:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 18:45 - 2010-01-31 13:45 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-05 04:10 - 2014-09-10 19:13 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 19:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 00:07 - 2014-01-03 15:58 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\Audacity
2014-09-03 21:11 - 2014-09-03 21:11 - 00000000 ____D () C:\Users\Bemmerer\AppData\Local\Adobe
2014-09-03 19:50 - 2013-03-12 15:27 - 00000000 ____D () C:\Users\Bemmerer\Desktop\markus liebe meines lebens
2014-09-03 19:33 - 2014-09-03 19:32 - 173838160 _____ () C:\Users\Bemmerer\Downloads\New_PC_Studio_1.5.1.10064_2.exe
2014-09-02 20:49 - 2010-01-23 20:41 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\vlc
2014-08-31 22:31 - 2014-08-31 22:31 - 00002503 _____ () C:\Users\Public\Desktop\Serato DJ .lnk
2014-08-31 22:31 - 2013-12-13 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato
2014-08-31 22:30 - 2014-08-31 22:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-31 22:30 - 2013-12-13 22:30 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-08-31 20:10 - 2014-03-25 19:10 - 00000000 ____D () C:\Users\Bemmerer\Downloads\serato
2014-08-31 19:23 - 2009-07-14 06:45 - 00362984 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 04:07 - 2014-08-31 09:19 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-31 09:19 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-31 09:19 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 20:14 - 2010-08-15 19:41 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\dvdcss
2014-08-19 21:14 - 2011-07-24 14:51 - 00000000 ____D () C:\Users\Bemmerer\Documents\WISO Lohnsteuer Ausgleich
2014-08-19 20:05 - 2014-09-11 19:10 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 19:10 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 19:00 - 2011-07-24 17:41 - 00000000 ____D () C:\Users\Bemmerer\Documents\Steuer-Sparbuch
2014-08-19 18:59 - 2014-08-19 18:59 - 00002062 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-08-19 18:59 - 2010-05-13 16:42 - 00001244 _____ () C:\Windows\wiso.ini
2014-08-19 18:59 - 2010-05-13 16:40 - 00000000 ____D () C:\Users\Bemmerer\AppData\Local\Buhl
2014-08-19 18:58 - 2014-08-19 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-08-19 18:30 - 2009-12-05 19:15 - 00000000 ____D () C:\Users\Bemmerer\AppData\Local\VirtualStore
2014-08-19 18:29 - 2014-08-19 18:28 - 00000000 ____D () C:\Users\Bemmerer\Downloads\bpm
2014-08-19 18:18 - 2014-08-19 18:18 - 00652482 _____ () C:\Users\Bemmerer\Downloads\bpmanalyzer (1).zip
2014-08-19 01:01 - 2014-09-11 19:10 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 19:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 19:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 19:09 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 19:09 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 19:09 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 19:10 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 19:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 19:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 19:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 19:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 19:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:08 - 2014-09-11 19:09 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:05 - 2014-09-11 19:10 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 19:10 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 19:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 19:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 19:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 19:09 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 19:10 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 19:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 19:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 19:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 19:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 19:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 19:09 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 19:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 19:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 19:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 19:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 19:10 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 19:10 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 19:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 19:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 19:10 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 19:10 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 19:10 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 19:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:23 - 2014-09-11 19:09 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:22 - 2014-09-11 19:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 19:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 19:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 19:09 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 19:09 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 19:09 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 19:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 19:09 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 19:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 19:09 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 19:09 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 19:10 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:38 - 2014-09-11 19:09 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:36 - 2014-09-11 19:10 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 19:28 - 2014-08-18 19:28 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-18 19:28 - 2014-08-18 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-18 19:28 - 2014-08-18 19:26 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-18 19:28 - 2014-08-18 19:26 - 00000000 ____D () C:\Program Files\iTunes
2014-08-18 19:28 - 2014-08-18 19:26 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-18 19:26 - 2014-08-18 19:26 - 00000000 ____D () C:\Program Files\iPod
2014-08-17 14:43 - 2011-11-01 13:31 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\Skype
2014-08-17 14:43 - 2009-09-08 09:34 - 00000000 ____D () C:\Windows\Panther
2014-08-17 14:40 - 2014-08-17 14:40 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-17 14:40 - 2014-08-17 14:40 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-17 14:40 - 2014-08-17 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-17 14:40 - 2014-08-17 14:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-17 14:39 - 2014-08-17 14:38 - 03738080 _____ (Piriform Ltd) C:\Users\Bemmerer\Downloads\ccsetup416_slim.exe
2014-08-16 10:42 - 2014-08-16 10:42 - 00039216 _____ () C:\Users\Bemmerer\Downloads\Reloop-225244 Firmware 0.21 Uni(1).zip
2014-08-16 10:24 - 2013-12-13 22:30 - 00001124 _____ () C:\Users\Public\Desktop\DJ Intro.lnk
2014-08-14 18:53 - 2009-09-08 10:25 - 00000000 ____D () C:\ProgramData\Microsoft Help

Some content of TEMP:
====================
C:\Users\Bemmerer\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-07 19:42

==================== End Of Log ============================
--- --- ---


GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-13 00:26:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Bemmerer\AppData\Local\Temp\pwddypoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                              fffff80003407000 27 bytes [A8, 00, 00, 00, 4C, 8B, 0D, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 557                              fffff8000340701d 77 bytes {AND AL, 0x20; MOV RCX, RSI; MOV RDX, RBX; CALL 0xffffffffffed104f}

---- User code sections - GMER 2.1 ----

.text    C:\Windows\SysWOW64\rundll32.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  00000000760c1465 2 bytes [0C, 76]
.text    C:\Windows\SysWOW64\rundll32.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000760c14bb 2 bytes [0C, 76]
.text    ...                                                                                              * 2

---- EOF - GMER 2.1 ----
[/CODE]
--- --- ---
Code:
Nico Mak Computing
WinZip Malware Protector
 
Datum der Überprüfung Freitag, 12. September 2014
Datenbankversion 1953
Gefundene Elemente insgesamt 328
Überprüfte Objekte: 302450
Abgelaufene Zeit: 00:30:15
Name Gefundene Elemente

Name der Infektion pup.optional-sbx
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 15
 
Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\conduit\apisupport\apisupport.dll
MD5 0
Signatur 7892090078857795451
Md5hash:  94b13ca31f6231952af7217b54ee6a78
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps
 machineid
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 mam_gk_userid
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 bck.valueapps.ct3175297.mam_gk_migrated_from_ls
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 bck.valueapps.ct3175297.mam_gk_globalkeysmigratedtolocalstorage
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 bck.valueapps.ct3175297.mam_gk_appsdata
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 bck.valueapps.ct3175297.mam_gk_configuration
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 bck.valueapps.ct3175297.mam_gk_appsconfig
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 bck.valueapps.ct3175297.mam_gk_settings
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 bck.valueapps.ct3175297.mam_gk_currentversion
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 bck.valueapps.ct3175297.mam_gk_persist_keys_list_key
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\valueapps\ch\repository
 bck.valueapps.ct3175297.mam_gk_localstoragetopersistantasync
 
 

Name der Infektion pup.optional
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 165
 
Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\conduit\apisupport\apisupport.old
MD5 0
Signatur 13703944724898287380
Md5hash:  d9cb22e27d7adcfb86f53a0a1eb5c05b
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\conduit\apisupport\apisupport_2.0.4.3\apisupport.dll
MD5 0
Signatur 13703944724898287380
Md5hash:  d9cb22e27d7adcfb86f53a0a1eb5c05b
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\conduit\apisupport\minisp_1.0.2.76\minisp.dll
MD5 0
Signatur 13064504724024262374
Md5hash:  3a3922bc16fb5677b75a0034569affba
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\conduit\apisupport\apisupport_2.0.1.1\apisupport.dll
MD5 0
Signatur 15192087716979061526
Md5hash:  e216bc3d5d26b0efca006e11bd48612d
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\conduit\apisupport\apisupport_2.0.1.3\apisupport.dll
MD5 0
Signatur 15192087716979061526
Md5hash:  73879f5479790085db4c707ce61a4b0a
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\conduit\apisupport\minisp_1.0.2.93\minisp.dll
MD5 0
Signatur 14303858478930070525
Md5hash:  f33b7830333164264c1b518eaa13a837
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\google\chrome\user data\default\extensions\oikliheaihindkomebcajofjponhlhhh\10.31.4.510_0\apisupport\apisupport.dll
MD5 0
Signatur 10742350729990545246
Md5hash:  c6d7703993fcc51a405e09b4b6085c8f
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\google\chrome\user data\default\extensions\oikliheaihindkomebcajofjponhlhhh\10.31.4.510_0\plugins\chromeapiplugin.dll
MD5 0
Signatur 2107004079272062650
Md5hash:  67789261821fdad768c21e7471c188ea
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\nativemessaging\ct3175297\1_0_0_4\tbmessaginghost.exe
MD5 0
Signatur 4813971715688780804
Md5hash:  8dbcc2812a15a5cf3b86faf02ea0f10e
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\nativemessaging\ct3175297\1_0_0_6\tbmessaginghost.exe
MD5 0
Signatur 13712358419143538258
Md5hash:  f0800351eb6315d533c80328dd0f9de1
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\nativemessaging\ct3175297\1_0_1_6\tbmessaginghost.exe
MD5 0
Signatur 10669768035710370092
Md5hash:  b34de952ff7fb3a3581f5135bc202222
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\local\tb\apisupport\apisupport.old
MD5 0
Signatur 8390352912090109859
Md5hash:  f9f5d64937d13eb0cb29a7f2b0295d56
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\roaming\opencandy\796500494a4d4983a5a007f20ecfe014\deltatb.exe
MD5 0
Signatur 315781437767941300
Md5hash:  5ac98c84160a9400db448d153c959bb6
 

Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\downloads\nebenkosten_easy_keygen_downloader_de_99071.exe
MD5 0
Signatur 4882867194897156660
Md5hash:  767228f5c58c922a3a0110a52e14dc99
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\apisupport
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\apisupport
 apisfileversion
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\apisupport
 apisfilepath
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\apisupport
 dllfileversion
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\apisupport
 dllfilepath
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 extensionslist
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.3175297a129713834391838668000000paramsgk1
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.twittertemplate_3175297a129713834391838668000000_lifetimesent
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.twittertemplate_3175297a129713834391838668000000_dailyactivity
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.jdownloader.gk.cached.response
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.jdownloader.gk.cached.response.expires
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.3175297a129713834391838668000000twittertemplate_notify_home
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.3175297a129713834391838668000000twittertemplate_notify_home_count
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.3175297a129713834391838668000000twittertemplate_notify_following
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.3175297a129713834391838668000000twittertemplate_notify_following_count
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.3175297a129713834391838668000000twittertemplate_notify_followers
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 ct3175297.3175297a129713834391838668000000twittertemplate_notify_followers_count
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\globalstorage\repository
 machineid
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\oikliheaihindkomebcajofjponhlhhh
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\oikliheaihindkomebcajofjponhlhhh\repository
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\chromeextdata\oikliheaihindkomebcajofjponhlhhh\repository
 ct3175297.searchrevert
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels
 lastchecktime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels
 interval
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels\1582287
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels\1582287
 lastupdatetime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels\1582287\feeds
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels\1582287\feeds
 1576530
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels\666138
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels\666138
 lastupdatetime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels\666138\feeds
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\channels\666138\feeds
 661999
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\1576530
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\1576530
 url
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\1576530
 title
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\1576530
 updatefeedinterval
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\1576530
 lastchecktime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\1576530
 isfeedmodified
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\1576530
 downloaderrorcount
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999
 url
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999
 title
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999
 updatefeedinterval
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999
 lastchecktime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999
 isfeedmodified
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999
 downloaderrorcount
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999
 lastdisplaytime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 139640
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 140008
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 149142
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 154554
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 157585
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 162218
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 165333
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 167056
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 167587
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 169566
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 187649
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\feeds\661999\history
 214325
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\sources
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\sources\ff_tb_ct2269050
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\sources\ff_tb_ct2269050
 666138
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\sources\ie_tb_ct3175297
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\data\sources\ie_tb_ct3175297
 1582287
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\registeredsources
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\registeredsources
 ff_tb_ct2269050
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 autoupdateenabled
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 showalerts
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 alpclientsservername
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 alpservicesservername
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 userid
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 firsttimestamp
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 loginmessagelastchecktime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 updateallfeedslasttime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 loginmessageintervalinminutes
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 loginmessagelastupdatetime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 showmessageafterusercloseinterval
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 messageappeartime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 defaultshowiconinsystemtray
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 autoupdateintervalinhours
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 autoupdateservername
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 autoupdateserverversion
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 alertwindowlastuserclosetime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 firsttimemessagedisplayed
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings
 samplealertwasshown
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\locales
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\locales
 lp_currentuilocale
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\locales\en
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\locales\en
 lp_lastupdatetime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\locales\en
 lp_lastchecktime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\locales\en
 lp_reloadintervalinhours
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\channelssettings
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\channelssettings
 url
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\channelssettings
 intervalsec
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\dynamicdialogs
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\dynamicdialogs
 url
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\dynamicdialogs
 intervalsec
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\dynamicdialogs
 lastrequesttime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\dynamicdialogs
 lastresponsetime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\dynamicdialogs
 errorcount
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\login
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\login
 url
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\login
 intervalsec
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\translation
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\translation
 url
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\translation
 intervalsec
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\usage
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\usage
 url
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\community alerts\settings\services\usage
 intervalsec
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\revertsettings
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\revertsettings
 homepage
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\revertsettings
 defaultsearchscope
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\revertsettings
 conduitlatesthomepage
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\settings
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\settings
 param5
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\settings
 param1
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\settings
 param2
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\settings
 param3
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar\emailnotifier
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar\emailnotifier\sourceslastchecktimes
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar\emailnotifier\sourceslastchecktimes
 ct2269050
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar\emailnotifier\sourceslastchecktimes
 ct3175297
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar\facebook
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar\facebook\infoservice
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar\facebook\infoservice\hxxp://facebook.conduit-services.com/settings.ashx?locale=en&browsertype=ie&toolbarversion=5.5.2.0
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar\facebook\infoservice\hxxp://facebook.conduit-services.com/settings.ashx?locale=en&browsertype=ie&toolbarversion=5.5.2.0
 lastrequesttime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar\facebook\infoservice\hxxp://facebook.conduit-services.com/settings.ashx?locale=en&browsertype=ie&toolbarversion=5.5.2.0
 lastreplytime
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduit\toolbar\facebook\infoservice\hxxp://facebook.conduit-services.com/settings.ashx?locale=en&browsertype=ie&toolbarversion=5.5.2.0
 errorcount
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduitsearchscopes
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\conduitsearchscopes
 {a807240f-b8d4-4249-93ae-523cea6d7a3b}
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\ff
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\conduit\ff
 ct3175297.userid
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}
 url
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}
 suggestionsurl_json
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}
 displayname
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}
 showsearchsuggestions
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}
 deleted
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\microsoft\windows\currentversion\run
 apisupport
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\clsid\{1aa60054-57d9-4f99-9a55-d0fbfbe7ecd3}
 
 
 

Name der Infektion pup.pricegong
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 28
 
Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\locallow\pricegong\data\mru.xml
MD5 0
Signatur 0
Md5hash:  be76b1beb4a8a725c5612f72727033d9
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 current_user
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 local_machine
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 country
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 server_req_url
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 cfg_last_modified
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 group
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 cfg_time_stamp
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 next_settings_check
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 settings_check_interval
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 impr_type
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 active_type
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 service_support
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 snooze_interval
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 up_impr_count
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 up_last_impr
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 pr_link_tag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 pr_link_style
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 pr_link_text
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 rs_link_tag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 rs_link_style
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 rs_link_text
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 extra_params
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 activation_date
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 updated_files
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\appdatalow\software\pricegong\settings
 isminimized
 
 

Name der Infektion malware.agent
Kategorie Generic Malware 
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\appdata\roaming\babsolution\shared\guninstaller.exe
MD5 0
Signatur 16056518383071809587
Md5hash:  b0f6507f8666e89dd9f192313d88eb98
 
 

Name der Infektion trojan.agent
Kategorie Trojan
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\desktop\marion die geilste\müller foto\qt5svg.dll
MD5 0
Signatur 2487227261059899764
Md5hash:  b2ef697b10aec16e87661d8d56efac5b
 
 

Name der Infektion malware.gen-r
Kategorie Generic Malware 
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich FileSystem
Details
Dateiname c:\users\bemmerer\downloads\openoffice - chip-installer.exe
MD5 0
Signatur 16447792500934195822
Md5hash:  5e222cbc6ffc1eca61aa772085c6f07d
 
 

Name der Infektion pup.installcore
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 34
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\1i1t1q1s
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\1i1t1q1s
 name
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\1i1t1q1s
 reg
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore
 t
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore
 tb
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore
 hp
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore
 ds
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\1u1q1h1jtgtbth1dtf1othte
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\1u1q1h1jtgtbth1dtf1othte
 name
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\1u1q1h1jtgtbth1dtf1othte
 reg
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0b1f1g1t1g2t1t0d1p1t1i1b
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0b1f1g1t1g2t1t0d1p1t1i1b
 uninstall
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2u1b0t2w1p1t1j
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2u1b0t2w1p1t1j
 uninstall
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0i0mtt1o1f1ctt0m1p1b1b1p1g1n1p1ctttatfyb
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0i0mtt1o1f1ctt0m1p1b1b1p1g1n1p1ctttatfyb
 uninstall
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0i0mtt1o1f1ctt0m1p1b1b1p1g1n1p1ctttatfyb
 sch_desc
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0i0mtt1o1f1ctt0m1p1b1b1p1g1n1p1ctttatfyb
 sch_link
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0i0mtt1o1f1ctt0m1p1b1b1p1g1n1p1ctttatfyb
 add_desc
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0i0mtt1o1f1ctt0m1p1b1b1p1g1n1p1ctttatfyb
 add_link
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0p1t1r1j1btt0t1f1f1i1s1t1ctt1o1f1ctt0i1g2z1p1c1g1p2ztt0e2v1e1i1f1c1p1cttyetfyb
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0p1t1r1j1btt0t1f1f1i1s1t1ctt1o1f1ctt0i1g2z1p1c1g1p2ztt0e2v1e1i1f1c1p1cttyetfyb
 uninstall
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0p1t1r1j1btt0t1f1f1i1s1t1ctt1o1f1ctt0i1g2z1p1c1g1p2ztt0e2v1e1i1f1c1p1cttyetfyb
 sch_desc
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0p1t1r1j1btt0t1f1f1i1s1t1ctt1o1f1ctt0i1g2z1p1c1g1p2ztt0e2v1e1i1f1c1p1cttyetfyb
 sch_link
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0p1t1r1j1btt0t1f1f1i1s1t1ctt1o1f1ctt0i1g2z1p1c1g1p2ztt0e2v1e1i1f1c1p1cttyetfyb
 add_desc
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0s2w1p1p2z0p1t1r1j1btt0t1f1f1i1s1t1ctt1o1f1ctt0i1g2z1p1c1g1p2ztt0e2v1e1i1f1c1p1cttyetfyb
 add_link
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0u1e1q1t2z1ptt0m1t1g1t1n1p1ctt1o1f1ctt0s2w1p1p2z0p1t1r1j1btttctftc
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0u1e1q1t2z1ptt0m1t1g1t1n1p1ctt1o1f1ctt0s2w1p1p2z0p1t1r1j1btttctftc
 uninstall
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0u1e1q1t2z1ptt0m1t1g1t1n1p1ctt1o1f1ctt0s2w1p1p2z0p1t1r1j1btttctftc
 sch_desc
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0u1e1q1t2z1ptt0m1t1g1t1n1p1ctt1o1f1ctt0s2w1p1p2z0p1t1r1j1btttctftc
 sch_link
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0u1e1q1t2z1ptt0m1t1g1t1n1p1ctt1o1f1ctt0s2w1p1p2z0p1t1r1j1btttctftc
 add_desc
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\installcore\uninstall\0u1e1q1t2z1ptt0m1t1g1t1n1p1ctt1o1f1ctt0s2w1p1p2z0p1t1r1j1btttctftc
 add_link
 
 

Name der Infektion pup.babylon
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 4
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\babsolution\updater
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\babsolution\updater
 schbugupd
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\babsolution\updater
 cr_ver
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\babsolution\updater
 task_st
 
 

Name der Infektion pup.delta
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 3
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}\instl
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}\instl\dfltlng
 
 
 

Name der Infektion pup.optional-sqt
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 27
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\files
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\files\chromehomepage
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\files\chromehomepage
 flag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\files\homepage
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\files\homepage
 flag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\files\selectedsearch
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\files\selectedsearch
 flag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\files\urlbarsearch
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\files\urlbarsearch
 flag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\list
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\list\item1
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\list\item1
 flag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\list\item2
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\list\item2
 flag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\list\item3
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\list\item3
 flag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\toolbar
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
 software\datamngr\toolbar
 flag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\datamngr
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\datamngr\list
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\datamngr\list\item1
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\datamngr\list\item1
 flag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\datamngr\list\item2
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\datamngr\list\item2
 flag
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\datamngr\list\item3
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\datamngr\list\item3
 flag
 
 

Name der Infektion pup.searchcertifiedtoolbar
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 3
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
 displayname
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
 url
 
 

Name der Infektion pup.sweetim
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 42
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 mgmediaplayer.gifanimator.1
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 mgmediaplayer.gifanimator.1\clsid
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 mgmediaplayer.gifanimator
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 mgmediaplayer.gifanimator\clsid
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_classes_root
 mgmediaplayer.gifanimator\curver
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\mediaplayer.graphicsutils.1
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\mediaplayer.graphicsutils.1\clsid
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\mediaplayer.graphicsutils
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\mediaplayer.graphicsutils\clsid
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\mediaplayer.graphicsutils\curver
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasapi32
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasapi32
 enablefiletracing
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasapi32
 enableconsoletracing
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasapi32
 filetracingmask
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasapi32
 consoletracingmask
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasapi32
 maxfilesize
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasapi32
 filedirectory
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasmancs
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasmancs
 enablefiletracing
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasmancs
 enableconsoletracing
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasmancs
 filetracingmask
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasmancs
 consoletracingmask
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasmancs
 maxfilesize
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\bundlesweetimsetup_rasmancs
 filedirectory
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasapi32
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasapi32
 enablefiletracing
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasapi32
 enableconsoletracing
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasapi32
 filetracingmask
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasapi32
 consoletracingmask
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasapi32
 maxfilesize
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasapi32
 filedirectory
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasmancs
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasmancs
 enablefiletracing
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasmancs
 enableconsoletracing
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasmancs
 filetracingmask
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasmancs
 consoletracingmask
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasmancs
 maxfilesize
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\tracing\sweetim_rasmancs
 filedirectory
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\windows\currentversion\shareddlls
 c:\program files (x86)\sweetim\toolbars\internet explorer\mghelperapp.exe
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\windows\currentversion\shareddlls
 c:\program files (x86)\sweetim\toolbars\internet explorer\mgtoolbarproxy.dll
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\sweetim
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\sweetim
 simapp_id
 
 

Name der Infektion pup.globalupdate
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 2
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\windows nt\currentversion\image file execution options\googleupdate.exe
 
 

Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\microsoft\windows nt\currentversion\image file execution options\googleupdate.exe
 disableexceptionchainvalidation
 
 

Name der Infektion Restricted Settings
Kategorie Security Disabler 
Bedrohungsstufe Medium
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich WindowsSettings
Details
Registrierungsschlüssel hkey_local_machine
 software\clients\startmenuinternet\iexplore.exe\shell\open\command
 
 
 

Name der Infektion pup.adware
Kategorie Potentially Unwanted Application
Bedrohungsstufe Low
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
 
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_local_machine
 software\classes\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}\instl\dfltlng
 dfltlng
 
 
© 2013 WinZip International LLC. All rights reserved.

schrauber 14.09.2014 06:39
WinZip Malware PRotector ist Fake!!

Die Addition.txt von FRST fehlt noch.

bambam12 14.09.2014 21:39
Hi Schrauber,
Danke für die Info.
Ich habe gemäß Boardanweisung Maleware Protection entfernt.
Ich sende nochmal die Adition.txt und MBAM Log Dateien :

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Bemmerer at 2014-09-13 00:00:45
Running from C:\Users\Bemmerer\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Amazon.de (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version:  - Amazon EU S.a.r.L.)
Apowersoft Gratis - Audiorekorder V2.1.7 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.1.7 - Apowersoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{0FB2E75A-1024-331F-77EF-D45F71505D58}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2238.38827 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2238.38827 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
devolo dLAN Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.1.2.0 - devolo AG)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.4.3 - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
DJ Intro version 1.2.0 (HKLM-x32\...\{36625871-9D4B-4046-A837-677974F51CAC}_is1) (Version: 1.2.0 - Serato Audio Research)
dLAN Cockpit (x32 Version: 3.23.12 - devolo AG) Hidden
eBay (HKLM-x32\...\{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}) (Version: 1.0.4 - eBay Inc.)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.6.716 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.19.1015 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.19.1015 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.10.6.727 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Limited.)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MediaInfo Lite 0.7.27 (HKLM-x32\...\mediainfolite_is1) (Version: 0.7.27 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Müller Foto (HKLM-x32\...\Müller Foto) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
NAVIGON Fresh 3.2.0 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.2.0 - NAVIGON)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Reloop ASIO Driver 1.152 (HKLM\...\Reloop ASIO Driver 1.152) (Version: 1.152 - Reloop)
Serato DJ  (HKLM-x32\...\{cff70cd3-29c4-4043-b20c-e085773b05e0}) (Version: 1.6.3.7539 - )
Serato DJ  (x32 Version: 1.6.3.7539 - Serato) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.0.04.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.10.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
Toshiba Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)
Toshiba Photo Service - powered by myphotobook (x32 Version: 1.0.0 - myphotobook GmbH) Hidden
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.0.04.64 - TOSHIBA Corporation) Hidden
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.05 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.25.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.25.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.7 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{052CA271-6C3E-4B8F-9EEE-CEA84BC901DC}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CA2F3DF8-C8AE-4933-92F1-FE482442F6E6}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{DCACC42F-F801-4BBD-B621-DF93679D46CA}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-401722809-3301492424-1782163209-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bemmerer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-401722809-3301492424-1782163209-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bemmerer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

10-09-2014 17:00:28 Windows Update
10-09-2014 18:19:27 Windows Update
11-09-2014 17:00:33 Windows Update
12-09-2014 19:33:31 DLL-Files Fixer Fr, Sep 12, 14  21:33
12-09-2014 19:52:38 Removed Skype™ 6.11
12-09-2014 19:54:18 Removed SweetPacks bundle uninstaller
12-09-2014 19:57:09 Entfernt WISO Steuer-Sparbuch 2013
12-09-2014 19:58:05 Windows Live Sync wird entfernt
12-09-2014 19:59:22 Removed Adobe Reader XI (11.0.08) - Deutsch.
12-09-2014 20:01:50 Compatibility Pack für 2007 Office System wird entfernt
12-09-2014 20:03:19 Removed Internet Explorer Toolbar 4.6 by SweetPacks
12-09-2014 20:45:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09AB8EA5-313A-4B65-8114-0F24941B59D6} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {09AFECB4-8895-457B-8F37-D9E88D6A1AB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0FB1AAA7-0156-4206-979C-A1EA0E53CB71} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {24C86082-A3EA-4A7B-9214-BE785F8DB486} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {27AF819D-6D9E-417E-90AA-4D8695F6A406} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {30FFF7ED-5D95-4CC7-8158-39A8ACE1CEE2} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {4B8AF262-B0C5-421C-855D-CE3AC9D31377} - System32\Tasks\{FA64850A-E170-4E2D-86BF-72815796E26C} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.280&amp;LastError=12007
Task: {4EDD3F4A-E80F-403B-8B3B-37DE1C83E9B4} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {545374DE-6064-4874-9B85-4179CA83D8CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08] (Google Inc.)
Task: {5FCEAE72-5913-454C-B837-A9519641C99F} - System32\Tasks\GoogleUpdateTaskMachineCore1cec70ed06198a9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08] (Google Inc.)
Task: {75F2692A-8930-4E22-9955-F9914242B69C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000UA => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {82733C33-369D-4468-AC2A-A0414A14D744} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000Core => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {92FBFC4A-F569-4BBC-8001-70B15A397C6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000Core1cec67cb07e93a5 => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {9885B0E5-8A7C-47E1-B09B-952202966AB1} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {ABF3D0D2-2FF8-4C58-837B-21738D12C2E9} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {AE5BC9B1-2CE7-4606-BA6C-FC3033DB6138} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
Task: {BE5B4979-92C6-4E66-A27A-17C4652F22AD} - System32\Tasks\{5A168F88-AD44-4172-BB8C-D44769455E13} => C:\Program Files (x86)\PS3 Media Server\PMS.exe [2009-03-09] (A. Brochard)
Task: {CC383446-E3F1-4677-9FB8-E8DC7E5FF9F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08] (Google Inc.)
Task: {EB61ED43-A09E-4802-AEE4-423F4F9DAEA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {FC2215EE-7FCF-4789-850A-7747BB61425A} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec70ed06198a9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000Core1cec67cb07e93a5.job => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000UA.job => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-08-26 18:58 - 2009-08-26 18:58 - 00553984 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Bemmerer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-06-17 07:03 - 2014-07-22 22:46 - 03356480 _____ () C:\Users\Bemmerer\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-08-03 18:18 - 2009-08-03 18:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-12 23:00 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-09-12 23:00 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2014-09-12 23:00 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL
2014-09-12 20:27 - 2014-09-04 05:01 - 01098056 _____ () C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 20:27 - 2014-09-04 05:01 - 00174408 _____ () C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 20:29 - 2014-09-04 05:01 - 08577864 _____ () C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 20:30 - 2014-09-04 05:01 - 00331592 _____ () C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 20:26 - 2014-09-04 05:01 - 01660232 _____ () C:\Users\Bemmerer\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-12 22:21 - 2014-09-12 22:21 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-11 20:29 - 2014-09-11 20:29 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-401722809-3301492424-1782163209-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: ToshibaServiceStation => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2014 11:54:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2014 07:49:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 105145

Error: (09/01/2014 07:49:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 105145

Error: (09/01/2014 07:49:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/31/2014 10:42:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Serato_DJ_Intro.exe, Version 0.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1230

Startzeit: 01cfc55bcd9d18e6

Endzeit: 40

Anwendungspfad: C:\Program Files (x86)\Serato\DJ Intro\Serato_DJ_Intro.exe

Berichts-ID: 57c4c72f-314f-11e4-a67c-002622e9117e

Error: (08/31/2014 10:29:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/22/2014 08:29:11 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet

Error: (08/22/2014 08:29:11 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{24be8aab-d025-11de-a79a-806e6f6e6963} - 000000000000005C,0x0053c010,000000000026FFD0,0,0000000000270FE0,4096,[0]).


Vorgang:
  Schattenkopien werden übertragen

Kontext:
  Ausführungskontext: System Provider

Error: (08/19/2014 06:29:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/17/2014 03:50:39 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (09/12/2014 10:51:11 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/12/2014 10:49:25 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/12/2014 10:49:25 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/12/2014 10:36:40 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/12/2014 10:36:40 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/12/2014 09:46:00 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/12/2014 09:46:00 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/12/2014 06:52:22 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/12/2014 06:52:22 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/12/2014 06:36:50 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 51%
Total physical RAM: 4060.88 MB
Available physical RAM: 1955.45 MB
Total Pagefile: 8119.93 MB
Available Pagefile: 5567.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:47.62 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:140.51 GB) NTFS
Drive e: (ST2014) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4F73061C)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 14.09.2014
Suchlauf-Zeit: 11:46:22
Logdatei: Logdat MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.14.03
Rootkit Datenbank: v2014.09.13.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Bemmerer

Suchlauf-Art: Benutzerdefinierter Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 590597
Verstrichene Zeit: 5 Std, 8 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 1
PUP.Optional.Conduit, C:\Users\Bemmerer\AppData\Local\TBHostSupport\TBHostSupport_0.dll, , [d457bb324635b77f2ef4844e32d0738d],

Registrierungsschlüssel: 15
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}, , [37f41fce7407cb6b6352a58a9a667090],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, , [4be04ba2bcbfd4626a41103fea1aa759],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [81aa17d6b3c8082e88f616fea95ac739],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jcdgjdiieiljkfkdcloehkohchhpekkn, , [989329c42b508ea8541fb55a82813ac6],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, , [9c8fdc11a5d665d10e9d1d3210f46e92],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, , [b774e508f48703330a7aa4a42ada5ba5],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\BonanzaDealsLive, , [d655e508e992e94d0b9dc08f60a449b7],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\DataMngr, , [f437539a43388da984f4390e34d0837d],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [47e4e20b5f1ca78fdbdce3488c77ba46],
PUP.Optional.Babylon.A, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\BABSOLUTION\Updater, , [6cbf04e9fe7ded497704dc6c1de7f50b],
PUP.Optional.Conduit.A, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\CONDUIT\FF, , [8f9cec011566f4423cd34d0003017f81],
PUP.Optional.ValueApps.A, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\CONDUIT\ValueApps, , [280348a5601b7cba1f95bb761fe4f10f],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [85a69954106b42f4142c959c12f1f20e],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE, , [18134ba2e79466d0118a9fa83bc955ab],
PUP.Optional.Softonic.A, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\SOFTONIC\Universal Downloader, , [0f1c00ede09bff37e884021eb54ec937],

Registrierungswerte: 3
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {060CCC0C-551B-11E2-9B47-002622E9117E}, , [b774e508f48703330a7aa4a42ada5ba5]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, , [18134ba2e79466d0118a9fa83bc955ab]
PUP.Optional.Conduit, HKU\S-1-5-21-401722809-3301492424-1782163209-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TBHostSupport, "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Bemmerer\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin, , [1f0c6c815229979fcf5d74e7030150b0]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 18
PUP.Optional.OpenCandy, C:\Users\Bemmerer\AppData\Roaming\OpenCandy, , [9992826b80fba6909123d2fe20e2b54b],
PUP.Optional.OpenCandy, C:\Users\Bemmerer\AppData\Roaming\OpenCandy\796500494A4D4983A5A007F20ECFE014, , [9992826b80fba6909123d2fe20e2b54b],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, , [250600ed7209999d950ddbf636cc2ed2],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, , [250600ed7209999d950ddbf636cc2ed2],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, , [250600ed7209999d950ddbf636cc2ed2],
PUP.Optional.BonanzaDeals.A, C:\Users\Bemmerer\AppData\Local\BonanzaDealsLive, , [ac7fb9348cef979fe4bf8a4720e2fa06],
PUP.Optional.BonanzaDeals.A, C:\Users\Bemmerer\AppData\Local\BonanzaDealsLive\CrashReports, , [ac7fb9348cef979fe4bf8a4720e2fa06],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive, , [ce5d18d56615e84e8e176170bc46ea16],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive\CrashReports, , [ce5d18d56615e84e8e176170bc46ea16],
PUP.Optional.Conduit, C:\Users\Bemmerer\AppData\Local\TBHostSupport, , [d457bb324635b77f2ef4844e32d0738d],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.MindSpark.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\Allin1Convert_8h, , [280358956516ff371709c614fd053dc3],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.Conduit.A, C:\Users\Bemmerer\AppData\Local\TB\APISupport, , [f536905d7209e94d44aa08e07a88c739],
PUP.Optional.Conduit.A, C:\Users\Bemmerer\AppData\Local\TB\APISupport\MiniSP_1.0.2.152, , [f536905d7209e94d44aa08e07a88c739],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService, , [86a5638a116a0036feab608d15edf010],

Dateien: 92
PUP.Optional.Conduit, C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll, , [37f41fce7407cb6b6352a58a9a667090],
PUP.Optional.Conduit.A, C:\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport_2.0.1.3\ApiSupport.dll, , [6ac108e564173006509c073d6c94bc44],
PUP.Optional.Conduit.A, C:\Users\Bemmerer\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.93\MiniSP.dll, , [1d0e0fdebac1ff378ef6b98c15eb7987],
PUP.Optional.ClientConnect, C:\Users\Bemmerer\AppData\Local\NativeMessaging\CT3175297\1_0_1_6\TBMessagingHost.exe, , [9c8fd31a1a610e281036b5fa20e18f71],
PUP.Optional.ClientConnect, C:\Users\Bemmerer\AppData\Local\TB\APISupport\APISupport.old, , [101b8a63b4c76bcbe165357a2fd20df3],
PUP.Optional.Conduit, C:\Users\Bemmerer\AppData\Local\TB\APISupport\MiniSP_1.0.2.152\MiniSP.dll, , [a8835a93e794b086d53af89cfb067090],
PUP.Optional.SweetIM, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\mgHelperGCFB.dll, , [b279d6172a51a49255cc0e14dd28b24e],
PUP.Optional.ClientConnect, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh\10.31.4.510_0\APISupport\APISupport.dll, , [ee3d3db062192c0a4006b5fa61a09f61],
PUP.Optional.ClientConnect, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe, , [1a11a34a97e4e056d175ecc36b9612ee],
PUP.Optional.ClientConnect, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh\10.31.4.510_0\plugins\ChromeApiPlugin.dll, , [6dbedc11afcc2313fc4a466907fa6f91],
PUP.Optional.Softonic.A, C:\Users\Bemmerer\Downloads\SoftonicDownloader_fuer_javaexe.exe, , [3fec31bc4d2e0432984f939cab56b64a],
PUP.Optional.Koyote.A, C:\Users\Bemmerer\Downloads\FreeVideoConverterSetup-r135-n-bf.exe, , [ec3f7479532892a414cba8a76f920bf5],
PUP.Optional.GoForFiles.A, C:\Users\Bemmerer\Downloads\nebenkosten_easy_keygen_downloader_de_99071.exe, , [da5178754338b680d2263eec8978d32d],
PUP.Optional.DownloadSponsor, C:\Users\Bemmerer\Downloads\Audacity - CHIP-Downloader.exe, , [a784cd2086f5f046e8cddfe1ed17f40c],
PUP.Optional.InstallCore.A, C:\Users\Bemmerer\Downloads\VuuPC_Setup.exe, , [50db13dae893c472f36d0232e21f38c8],
PUP.Optional.Conduit.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\searchplugins\conduit-search.xml, , [ed3eab42f98239fd20a5ea12dd25d030],
PUP.Optional.BrowserDefender.A, C:\Windows\System32\Tasks\BrowserDefendert, , [7ab18667e89391a589f2d737ea192bd5],
PUP.Optional.Babylon.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\searchplugins\babylon.xml, , [171464894c2fd462194cda4cfc07f20e],
PUP.Optional.BProtector.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences, , [b5768766b1ca979f0abc272364a025db],
PUP.Optional.OpenCandy, C:\Users\Bemmerer\AppData\Roaming\OpenCandy\796500494A4D4983A5A007F20ECFE014\5472.ico, , [9992826b80fba6909123d2fe20e2b54b],
PUP.Optional.OpenCandy, C:\Users\Bemmerer\AppData\Roaming\OpenCandy\796500494A4D4983A5A007F20ECFE014\EBB77268-338F-4C6A-8590-AD88FED26F4A, , [9992826b80fba6909123d2fe20e2b54b],
PUP.Optional.OpenCandy, C:\Users\Bemmerer\AppData\Roaming\OpenCandy\796500494A4D4983A5A007F20ECFE014\OCBrowserHelper_1.0.6.125.exe, , [9992826b80fba6909123d2fe20e2b54b],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, , [250600ed7209999d950ddbf636cc2ed2],
PUP.Optional.Conduit, C:\Users\Bemmerer\AppData\Local\TBHostSupport\TBHostSupport.dll, , [d457bb324635b77f2ef4844e32d0738d],
PUP.Optional.Conduit, C:\Users\Bemmerer\AppData\Local\TBHostSupport\TBHostSupport_0.dll, , [d457bb324635b77f2ef4844e32d0738d],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\1.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\a.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\b.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\c.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\d.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\e.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\f.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\g.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\h.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\i.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\J.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\k.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\l.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\m.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\mru.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\n.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\o.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\p.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\q.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\r.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\s.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\t.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\u.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\v.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\w.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\x.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\y.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.PriceGong.A, C:\Users\Bemmerer\AppData\LocalLow\PriceGong\Data\z.xml, , [02299855f18ad1651c1651835ca6f40c],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\128.png, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\16.png, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\48.png, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\background.html, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\fbsim.js, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\logger.js, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\main.js, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\manifest.json, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\messagehandler.js, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.SweetIM.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\simapp.js, , [fb30aa43324989ade1b6b82f758d16ea],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService\repository.xml, , [86a5638a116a0036feab608d15edf010],
PUP.Optional.Conduit.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (                  "homepage": "hxxp://search.conduit.com/?ctid=CT3175297&SearchSource=48&UP=SP8757FA0E-B617-42BF-B771-A56C3360277D&SSPV=&SAT=SCH"), ,[f734af3e1f5c58de234eff31699c6997]
PUP.Optional.Conduit.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (              "homepage": "hxxp://search.conduit.com/?ctid=CT3175297&SearchSource=48&UP=SP8757FA0E-B617-42BF-B771-A56C3360277D&SSPV=&SAT=SCH",), ,[28032bc2b7c4280e69086dc3b451e41c]
PUP.Optional.Conduit.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (  "homepage": "hxxp://search.conduit.com/?ctid=CT3175297&SearchSource=48&UP=SP8757FA0E-B617-42BF-B771-A56C3360277D&SSPV=",), ,[50dbeeff7cfff83e462b7cb425e0bb45]
PUP.Optional.Conduit.A, C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (              "session.startup_urls": [ "hxxp://search.conduit.com/?ctid=CT3175297&SearchSource=48&SAT=SCH" ]), ,[0c1feb02e7941c1ab3ef0d235ea7c937]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), ,[46e574791368300665941c1317ee38c8]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), ,[9e8d09e42655f44207f2e04f7f86669a]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), ,[4edddf0e45368aacc336b778be470bf5]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), ,[2ffc85684932e45256a35bd4d13419e7]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "de");), ,[62c9b5389cdf4fe77c7d250a1de85da3]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), ,[74b7bb32304bb6808772a887976ebb45]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), ,[62c92ebfe89342f4e415b07f37ce649c]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "38403924000000000000701a041929e6");), ,[88a3b33a93e814225d9c34fb22e3ee12]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15878");), ,[60cb7875136841f5cd2cc16e38cd7987]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), ,[919a15d8ec8f6fc7ef0a81aea85d6799]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), ,[c76412dba0db2610e61382ad7a8bb64a]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), ,[4fdcd81556253afcb2475ad5c63ff808]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), ,[f13a57961764b87e6792b17efc0934cc]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), ,[cd5e47a6c3b84de990690c23d53050b0]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), ,[3bf06f7eb6c5e2547584d659c04542be]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), ,[f239be2f47340b2ba1580c23e81d37c9]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), ,[67c4a14c433870c6ad4c70bf9a6baa56]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.21.5");), ,[7facdb12ccaf5ed82acfe6493cc940c0]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.21.5");), ,[57d4f9f4aecd4fe7f009d55a91748b75]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.21.513:06:49");), ,[2407e805790265d1ec0d57d84abbf907]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), ,[c76478756c0fe5512dcc7cb3dd287e82]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=121562&tt=180613_ndt4&tsp=4921");), ,[151644a9176440f6fcfd8ca37d8808f8]
PUP.Optional.Delta.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), ,[220909e4770471c56d8c52dd7b8ac937]
PUP.Optional.Conduit.A, C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");), ,[84a75b9276051a1c391bff319d68c937]

Physische Sektoren: 0
(No malicious items detected)


(end)
Gruß
BamBam

schrauber 15.09.2014 14:43
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

bambam12 15.09.2014 15:40
Hi,
habe Antivir und MS Essentials deaktiviert.
Combofix hat wegen Essetials trotzdem gemeckert ( ist noch aktiv ), konnte aber starten

Code:
ComboFix 14-09-14.01 - Bemmerer 15.09.2014  16:19:07.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4061.2786 [GMT 2:00]
ausgeführt von:: c:\users\Bemmerer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bemmerer\AppData\Roaming\Microsoft\engine_ag.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-15 bis 2014-09-15  ))))))))))))))))))))))))))))))
.
.
2014-09-15 14:28 . 2014-09-15 14:28        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-09-15 14:28 . 2014-09-15 14:28        --------        d-----w-        c:\users\bemmerermarkus\AppData\Local\temp
2014-09-14 09:36 . 2014-09-15 14:09        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 09:36 . 2014-09-14 09:36        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-14 09:36 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-09-14 09:36 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-09-14 09:36 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-09-14 09:36 . 2011-03-25 18:42        338432        ----a-w-        c:\windows\SysWow64\sqlite36_engine.dll
2014-09-14 09:36 . 2011-05-13 10:16        493056        ----a-w-        c:\windows\SysWow64\dhRichClient3.dll
2014-09-14 08:02 . 2014-08-21 03:43        11319192        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17EC2420-E873-44F9-8734-8E2AC2B29755}\mpengine.dll
2014-09-13 23:06 . 2014-09-13 23:06        --------        d-----w-        c:\program files (x86)\Lame For Audacity
2014-09-13 19:46 . 2014-05-08 09:32        3178496        ----a-w-        c:\windows\system32\rdpcorets.dll
2014-09-13 19:46 . 2014-05-08 09:32        16384        ----a-w-        c:\windows\system32\RdpGroupPolicyExtension.dll
2014-09-13 19:46 . 2014-01-09 02:22        5694464        ----a-w-        c:\windows\SysWow64\mstscax.dll
2014-09-13 19:46 . 2014-01-03 22:44        6574592        ----a-w-        c:\windows\system32\mstscax.dll
2014-09-12 22:43 . 2014-09-12 22:43        --------        d-----w-        c:\program files (x86)\7-Zip
2014-09-12 21:58 . 2014-09-14 16:33        --------        d-----w-        C:\FRST
2014-09-12 21:00 . 2014-09-14 09:13        --------        d-----w-        c:\users\Bemmerer\AppData\Roaming\Nico Mak Computing
2014-09-12 20:46 . 2012-08-23 14:10        19456        ----a-w-        c:\windows\system32\drivers\rdpvideominiport.sys
2014-09-12 20:46 . 2012-08-23 11:12        192000        ----a-w-        c:\windows\SysWow64\rdpendp_winip.dll
2014-09-12 20:46 . 2012-08-23 14:13        243200        ----a-w-        c:\windows\system32\rdpudd.dll
2014-09-12 20:46 . 2012-08-23 10:51        228864        ----a-w-        c:\windows\system32\rdpendp_winip.dll
2014-09-12 20:45 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-12 20:45 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-09-12 19:57 . 2014-08-21 03:43        11319192        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-12 19:29 . 2014-09-12 19:29        1619968        ----a-w-        c:\windows\SysWow64\msoe.dll
2014-09-12 19:28 . 2014-09-12 19:28        --------        d-----w-        c:\programdata\Logs
2014-09-11 17:09 . 2014-08-18 22:18        639488        ----a-w-        c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-09-10 17:14 . 2014-08-01 11:53        1031168        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-09-10 17:14 . 2014-08-01 11:35        793600        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 17:14 . 2014-06-24 03:29        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-09-10 17:14 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2014-09-10 17:13 . 2014-07-07 02:06        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-10 17:13 . 2014-07-07 02:06        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-10 17:13 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-09-10 17:13 . 2014-07-07 01:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-09-10 17:13 . 2014-07-07 01:39        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-09-10 17:13 . 2014-09-05 02:10        578048        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-10 17:13 . 2014-09-05 02:05        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-09-10 17:01 . 2014-06-27 02:08        2777088        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-09-10 17:01 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-03 19:11 . 2014-09-03 19:11        --------        d-----w-        c:\users\Bemmerer\AppData\Local\Adobe
2014-08-31 20:30 . 2014-08-31 20:30        --------        d-----w-        c:\programdata\Package Cache
2014-08-31 07:22 . 2014-08-20 07:08        1169712        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D02D19F-428F-49F0-B009-85B56B0AA36D}\gapaengine.dll
2014-08-31 07:19 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-08-31 07:19 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-31 07:19 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-21 04:28 . 2014-05-14 16:23        44512        ----a-w-        c:\windows\system32\wups2.dll
2014-08-21 04:28 . 2014-05-14 16:23        58336        ----a-w-        c:\windows\system32\wuauclt.exe
2014-08-21 04:28 . 2014-05-14 16:21        2620928        ----a-w-        c:\windows\system32\wucltux.dll
2014-08-21 04:28 . 2014-05-14 16:23        2477536        ----a-w-        c:\windows\system32\wuaueng.dll
2014-08-21 04:27 . 2014-05-14 16:23        38880        ----a-w-        c:\windows\system32\wups.dll
2014-08-21 04:27 . 2014-05-14 16:20        97792        ----a-w-        c:\windows\system32\wudriver.dll
2014-08-21 04:27 . 2014-05-14 16:17        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2014-08-21 04:27 . 2014-05-14 16:23        36320        ----a-w-        c:\windows\SysWow64\wups.dll
2014-08-21 04:27 . 2014-05-14 16:23        700384        ----a-w-        c:\windows\system32\wuapi.dll
2014-08-21 04:27 . 2014-05-14 16:23        581600        ----a-w-        c:\windows\SysWow64\wuapi.dll
2014-08-21 04:27 . 2014-05-14 07:23        198600        ----a-w-        c:\windows\system32\wuwebv.dll
2014-08-21 04:27 . 2014-05-14 07:23        179656        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2014-08-21 04:27 . 2014-05-14 07:17        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2014-08-21 04:27 . 2014-05-14 07:20        36864        ----a-w-        c:\windows\system32\wuapp.exe
2014-08-18 17:26 . 2014-08-18 17:26        --------        d-----w-        c:\program files\iPod
2014-08-18 17:26 . 2014-08-18 17:28        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-18 17:26 . 2014-08-18 17:28        --------        d-----w-        c:\program files\iTunes
2014-08-18 17:26 . 2014-08-18 17:28        --------        d-----w-        c:\program files (x86)\iTunes
2014-08-17 12:40 . 2014-08-17 12:40        --------        d-----w-        c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-11 18:29 . 2012-04-26 15:48        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-11 18:29 . 2012-04-26 15:48        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 18:21 . 2009-12-12 19:04        101694776        ----a-w-        c:\windows\system32\MRT.exe
2014-08-20 07:08 . 2013-11-06 14:32        1169712        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-10 13:01 . 2014-08-10 13:01        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-05 07:20 . 2009-12-13 12:14        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 16:05 . 2014-07-17 16:05        269008        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2014-07-17 16:05 . 2013-06-18 20:50        125584        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-16 03:23 . 2014-08-14 13:16        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-14 13:16        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-07-15 12:19 . 2013-05-06 10:58        42040        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-07-14 02:12 . 2014-08-14 13:15        10924376        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BCEECA8-1CBC-4DF4-BF4C-4BDF2F3A0A72}\mpengine.dll
2014-07-14 02:02 . 2014-08-14 13:13        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 13:13        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-14 13:16        7168        ----a-w-        c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-14 13:16        7168        ----a-w-        c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-14 13:16        6656        ----a-w-        c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-14 13:16        7168        ----a-w-        c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-14 13:16        7168        ----a-w-        c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-14 13:16        7168        ----a-w-        c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-14 13:16        6656        ----a-w-        c:\windows\SysWow64\KBDBASH.DLL
2014-07-04 07:07 . 2013-03-30 19:45        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-06-30 22:24 . 2014-08-14 14:25        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-14 14:25        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-14 13:17        14175744        ----a-w-        c:\windows\system32\shell32.dll
2014-06-18 02:18 . 2014-07-12 10:01        692736        ----a-w-        c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-12 10:01        646144        ----a-w-        c:\windows\SysWow64\osk.exe
2000-07-14 22:00        136192        --sha-r-        c:\windows\SysWOW64\MSDERUN.DLL
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmazonMP3DownloaderHelper"="c:\users\Bemmerer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
"Amazon Music"="c:\users\Bemmerer\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-07-22 3356480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-04 751184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\bemmerermarkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnsusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 18:29]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cec70ed06198a9.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08 18:30]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08 18:30]
.
2014-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000Core1cec67cb07e93a5.job
- c:\users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-30 15:06]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000UA.job
- c:\users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-30 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Bemmerer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Bemmerer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
URLSearchHooks-{dc84d6f4-abf5-441d-bdef-65f3f4d7aabe} - (no file)
BHO-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
Toolbar-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
Wow6432Node-HKCU-Run-APISupport - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - c:\program files (x86)\DVDVideoSoft\tbDVDV.dll
AddRemove-Free Video to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1 - c:\users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\extensions\cliqz@cliqz.com\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-15  16:33:21
ComboFix-quarantined-files.txt  2014-09-15 14:33
.
Vor Suchlauf: 13 Verzeichnis(se), 54.595.846.144 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 53.941.374.976 Bytes frei
.
- - End Of File - - 1C4FF1983777D905B9FC8D39792CC643
A36C5E4F47E84449FF07ED3517B43A31
Gruß
bambam

schrauber 16.09.2014 09:53
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

bambam12 16.09.2014 17:11
Hi Schrauber,
da hast du mir ja richtig was zu tun gegeben. :crazy:
Ich bin zur Zeit noch auf Arbeit, werde mich aber heute nachmittag gleich dran
hocken und die die Logs posten.

PS: ich war bis jetzt noch nie in einem Board unterwegs und bin begeistert
wie schnell und kompetent einem geholfen wird.
Grooßes Lob und vielen Dank dafür. :daumenhoc

Gruß
bambam

Hi,
anbei :

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.09.2014
Suchlauf-Zeit: 16:28:30
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.16.04
Rootkit Datenbank: v2014.09.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Bemmerer

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 394123
Verstrichene Zeit: 26 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
# AdwCleaner v3.310 - Bericht erstellt am 16/09/2014 um 17:53:22
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Bemmerer - MARKUS
# Gestartet von : C:\Users\Bemmerer\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Local\NativeMessaging
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Local\WhiteListing
Ordner Gelöscht : C:\Users\Bemmerer\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Roaming\GrabPro
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eType
Ordner Gelöscht : C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh
Datei Gelöscht : C:\Users\Bemmerer\AppData\Local\CRE\oikliheaihindkomebcajofjponhlhhh.crx
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\invalidprefs.js
Datei Gelöscht : C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\user.js
Datei Gelöscht : C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\user.js

***** [ Tasks ] *****

Task Gelöscht : BrowserDefendert
Task Gelöscht : GoforFilesUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\oikliheaihindkomebcajofjponhlhhh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oikliheaihindkomebcajofjponhlhhh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etype_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etype_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etypesetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etypesetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etypeuninstall_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\etypeuninstall_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Schlüssel Gelöscht : HKCU\Software\58edad9b735ee45
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_crash-ball_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_crash-ball_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-image-convert-and-resize_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-image-convert-and-resize_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Lyrmix
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.1 (x86 de)

[ Datei : C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.toolbarCollapsed", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");

[ Datei : C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\wno56xx6.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.order.1", "Delta Search");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 07 2011 21:02:32 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jun 26 2011 19:59:53 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 18:16:21 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "80c53a8b-9627-4403-b9bf-f57405acec53");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb");

-\\ Google Chrome v

[ Datei : C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : oikliheaihindkomebcajofjponhlhhh

*************************

AdwCleaner[R0].txt - [11048 octets] - [16/09/2014 17:00:47]
AdwCleaner[S0].txt - [10272 octets] - [16/09/2014 17:53:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10333 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bemmerer on 16.09.2014 at 18:01:09,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-401722809-3301492424-1782163209-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A807240F-B8D4-4249-93AE-523CEA6D7A3B}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bemmerer\AppData\Roaming\mozilla\firefox\profiles\tk8k7aht.default-1371899395239\minidumps [133 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.09.2014 at 18:06:27,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gruß
bambam

schrauber 17.09.2014 08:11

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

bambam12 18.09.2014 19:33
Hi,
die Meldung Run DLL ... kommt nicht mehr.
Anbei die Logs :

Eset
Code:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=155a4dd740156048bf8debeecafaccc2
# engine=20217
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-18 05:27:42
# local_time=2014-09-18 07:27:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 9828 155609840 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 692656 52367378 0 0
# scanned=240217
# found=34
# cleaned=0
# scan_time=7266
sh=3096A6D6D5007B947C86A7FE8E72EEB3C86E80B3 ft=1 fh=6df4c99aadb2d5ea vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport.dll.vir"
sh=3661EDB38BCB034EA00F78F9144D975333C786BA ft=1 fh=0c96e457c8798f6f vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport.old.vir"
sh=0084D680F9DDE34CC4E41D4233DB9D8694DE5F88 ft=1 fh=db06912410ad131a vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport_1.0.1.6\ApiSupport.dll.vir"
sh=4C647D60B445220E1F2300C979433DF7C0F119B4 ft=1 fh=dd908f5a44627dda vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport_1.0.1.9\ApiSupport.dll.vir"
sh=E0C40AC460D16773DA3546A23508774E7898D893 ft=1 fh=3e6b5ab950259002 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport_2.0.1.0\ApiSupport.dll.vir"
sh=D68B6F04BDEAE5E8335F52C4A32E08D91A80505E ft=1 fh=adf7011657306ae6 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport_2.0.1.1\ApiSupport.dll.vir"
sh=0E7E5F4C697E7E0A77575D8D62C4C6357CCD3B02 ft=1 fh=cb46e2c2bd0b7bca vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport_2.0.2.0\ApiSupport.dll.vir"
sh=69AF8D82BD65216B649368B4F1A0CB2708D296E1 ft=1 fh=10fa131a8ddb2fc9 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport_2.0.3.3\ApiSupport.dll.vir"
sh=3661EDB38BCB034EA00F78F9144D975333C786BA ft=1 fh=0c96e457c8798f6f vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport_2.0.4.3\ApiSupport.dll.vir"
sh=3096A6D6D5007B947C86A7FE8E72EEB3C86E80B3 ft=1 fh=6df4c99aadb2d5ea vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\APISupport_2.0.5.9\ApiSupport.dll.vir"
sh=82D24D65704A0F5B86CD6330D82D3AF721D13053 ft=1 fh=02b8c93c6a999a99 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\MiniSP_1.0.1.36\MiniSP.dll.vir"
sh=4FB6442ACD0A9F8AD73B7DC811D66571DB9589DE ft=1 fh=f9aed8ee2a32270f vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.40\MiniSP.dll.vir"
sh=17CCE05F40D9ECE31DB0841419226BBCDEA130B7 ft=1 fh=24fc0f30760f8ecb vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.51\MiniSP.dll.vir"
sh=4694896D296941721C0D8D609E512AE1B7FD2FF4 ft=1 fh=1053b6b83f30c1d5 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.55\MiniSP.dll.vir"
sh=C5F21C12A5C2066BBAE8587380FAAFA01F739B38 ft=1 fh=67bd6377e7694521 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.60\MiniSP.dll.vir"
sh=7B747225FCFD7B718513C61724F85F9DE3A3DEB1 ft=1 fh=741c83cdb80b287a vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.76\MiniSP.dll.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
sh=420AC42118A028FEE557FEC189141E95919110BF ft=1 fh=b3c9729cf11470f1 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\NativeMessaging\CT3175297\1_0_0_10\TBMessagingHost.exe.vir"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\NativeMessaging\CT3175297\1_0_0_4\TBMessagingHost.exe.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\NativeMessaging\CT3175297\1_0_0_6\TBMessagingHost.exe.vir"
sh=47684BC9F96872C4134DD46689D013BD8E51A14A ft=1 fh=47ffb6bc73749a57 vn="Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Local\NativeMessaging\CT3175297\1_0_0_9\TBMessagingHost.exe.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=7664F6A327E5201011200E703489577A0971AB77 ft=1 fh=c71c0011451c6a93 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bemmerer\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir"
sh=91DC006B84C4F51ADCADC1BB498E3376FC40130E ft=1 fh=c3b5952672b90e6f vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=95ADC7925C2BB20FACE637E7031972F8E208FA33 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx"
sh=0D08B150836BA8C568EFD4654C89B19E633A2A66 ft=1 fh=0692936737a46503 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bemmerer\Desktop\markus liebe meines lebens\FreeYouTubeDownload3-1-39-1015.exe"
sh=2D47123B8608D4818326B72C005E229E93FBC145 ft=1 fh=ac498f0af5877273 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bemmerer\Downloads\dff_fp3w-msoe.exe"
sh=A0568D09534897E74347CD9C2761AA20EDE8E4FF ft=1 fh=14d84de0168ddc4e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bemmerer\Downloads\OpenOffice - CHIP-Installer.exe"
sh=F0A005C883ACD8AFBC89C69CC3313910BBAE65E6 ft=1 fh=bbf01bf3cbbf4262 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bemmerer\Downloads\speedupmypc.exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bemmerer\Downloads\wzmp_8.exe"
sh=F43A66F5AC79276A3E27467D5DD100DDCFA61891 ft=1 fh=80399c2706f2ad8c vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bemmerer\Downloads\Konverter\FFSetup3.0.1.exe"
sh=2DE50229B0B0A12BF5A2C2467711C78300A70598 ft=0 fh=0000000000000000 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bemmerer\Downloads\Konverter\FFSetup3.0.1.zip"
Check up
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop                 
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Adobe Flash Player 15.0.0.152 
 Mozilla Firefox (32.0.1)
 Google Chrome 37.0.2062.103 
 Google Chrome 37.0.2062.120 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Bemmerer (administrator) on MARKUS on 18-09-2014 20:25:22
Running from C:\Users\Bemmerer\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Bemmerer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Users\Bemmerer\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Farbar) C:\Users\Bemmerer\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-07-30] (Toshiba Europe GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-01-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Bemmerer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Run: [Amazon Music] => C:\Users\Bemmerer\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-401722809-3301492424-1782163209-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\bemmerermarkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKLM-x32 - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {ABEFD42F-C53C-4053-8ACA-373F2D7ABC7D} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {BB97DFC1-48DE-46C7-B903-BE7ECE90F25E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} ->  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Bemmerer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Bemmerer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Bemmerer\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/)
FF SearchPlugin: C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Cliqz Beta - C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\Extensions\cliqz@cliqz.com.xpi [2014-09-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-09-12]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Bemmerer\AppData\Roaming\Mozilla\Firefox\Profiles\tk8k7aht.default-1371899395239\extensions\cliqz@cliqz.com

Chrome:
=======
CHR HomePage: Default -> 455BC4FA7E6EABDF5B9CE1C09524A90E5525D12525B879E1455F8D33B4D667C1
CHR DefaultSearchKeyword: Default -> 598566CD354CBAF67B96B7C81CB4EF842CA391093FBBD68AD7A10151AD33AA36
CHR DefaultSearchProvider: Default -> 8635002361AF6CAC95BF3772F4A09209DE9FC6B136ADECF7839CE51D6ADC7EAF
CHR DefaultSearchURL: Default -> 24FEBF6AD705077C6791C6814D3535B6663AFE0F285B23468A1B2CD02402523F
CHR Profile: C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (No Name) - C:\Users\Bemmerer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh [2012-12-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3516408 2013-07-05] (devolo AG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
S1 cdrbsvsd; No ImagePath
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-11-23] (Mobile Connector) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-07-05] (CACE Technologies)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 20:24 - 2014-09-18 20:24 - 00052344 _____ () C:\Users\Bemmerer\Desktop\FRST.txt
2014-09-18 20:15 - 2014-09-18 20:15 - 00000907 _____ () C:\Users\Bemmerer\Desktop\checkup.txt
2014-09-18 20:07 - 2014-09-18 20:07 - 00854417 _____ () C:\Users\Bemmerer\Desktop\SecurityCheck.exe
2014-09-16 18:01 - 2014-09-16 18:01 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 18:00 - 2014-09-16 18:00 - 01016035 _____ (Thisisu) C:\Users\Bemmerer\Desktop\JRT.exe
2014-09-16 17:59 - 2014-09-16 18:00 - 01016035 _____ (Thisisu) C:\Users\Bemmerer\Downloads\JRT.exe
2014-09-16 17:00 - 2014-09-16 17:53 - 00000000 ____D () C:\AdwCleaner
2014-09-16 17:00 - 2014-09-16 16:58 - 01373475 _____ () C:\Users\Bemmerer\Desktop\AdwCleaner_3.310.exe
2014-09-16 16:58 - 2014-09-16 16:58 - 01373475 _____ () C:\Users\Bemmerer\Downloads\AdwCleaner_3.310.exe
2014-09-16 16:26 - 2014-09-16 16:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 16:25 - 2014-09-16 16:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bemmerer\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-16 16:25 - 2014-09-16 16:25 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-16 16:25 - 2014-09-16 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-16 16:25 - 2014-09-16 16:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-16 16:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-16 16:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-16 16:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 16:33 - 2014-09-15 16:33 - 00024993 _____ () C:\ComboFix.txt
2014-09-15 16:16 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-15 16:16 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-15 16:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-15 16:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-15 16:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-15 16:16 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-15 16:16 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-15 16:16 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-15 16:12 - 2014-09-15 16:33 - 00000000 ____D () C:\Qoobox
2014-09-15 16:11 - 2014-09-15 16:30 - 00000000 ____D () C:\Windows\erdnt
2014-09-15 16:08 - 2014-09-15 16:08 - 05578360 ____R (Swearware) C:\Users\Bemmerer\Desktop\ComboFix.exe
2014-09-14 18:32 - 2014-09-14 18:32 - 02105856 _____ (Farbar) C:\Users\Bemmerer\Downloads\FRST64(2).exe
2014-09-14 18:31 - 2014-09-14 18:31 - 02105856 _____ (Farbar) C:\Users\Bemmerer\Downloads\FRST64(1).exe
2014-09-14 18:30 - 2014-09-14 18:30 - 00050477 _____ () C:\Users\Bemmerer\Downloads\Defogger(1).exe
2014-09-14 11:36 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-09-14 11:36 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-09-14 11:34 - 2014-09-14 11:34 - 01101648 _____ () C:\Users\Bemmerer\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-09-14 11:25 - 2014-09-14 11:25 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Bemmerer\Downloads\rkill64.com
2014-09-14 11:24 - 2014-09-14 11:24 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Bemmerer\Downloads\eXplorer64.exe
2014-09-14 11:18 - 2014-09-14 11:19 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Bemmerer\Downloads\eXplorer.exe
2014-09-14 11:18 - 2014-09-14 11:18 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Bemmerer\Downloads\rkill.com
2014-09-14 01:06 - 2014-09-14 01:06 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-09-14 01:05 - 2014-09-14 01:05 - 00000000 ____D () C:\Users\Bemmerer\Downloads\Lame
2014-09-13 21:46 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-13 21:46 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-13 21:46 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-13 21:46 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-13 00:43 - 2014-09-13 00:43 - 01110476 _____ () C:\Users\Bemmerer\Downloads\7z920.exe
2014-09-13 00:43 - 2014-09-13 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-13 00:43 - 2014-09-13 00:43 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-09-12 23:59 - 2014-09-12 23:59 - 00380416 _____ () C:\Users\Bemmerer\Downloads\Gmer-19357.exe
2014-09-12 23:58 - 2014-09-18 20:25 - 00017140 _____ () C:\Users\Bemmerer\Downloads\FRST.txt
2014-09-12 23:58 - 2014-09-18 20:25 - 00000000 ____D () C:\FRST
2014-09-12 23:56 - 2014-09-12 23:56 - 02105856 _____ (Farbar) C:\Users\Bemmerer\Downloads\FRST64.exe
2014-09-12 23:53 - 2014-09-14 18:30 - 00000478 _____ () C:\Users\Bemmerer\Downloads\defogger_disable.log
2014-09-12 23:53 - 2014-09-12 23:53 - 00000000 _____ () C:\Users\Bemmerer\defogger_reenable
2014-09-12 23:52 - 2014-09-12 23:52 - 00050477 _____ () C:\Users\Bemmerer\Downloads\Defogger.exe
2014-09-12 23:00 - 2014-09-14 11:13 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\Nico Mak Computing
2014-09-12 22:59 - 2014-09-12 22:59 - 04892480 _____ (WinZip International LLC ) C:\Users\Bemmerer\Downloads\wzmp_8.exe
2014-09-12 22:47 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-12 22:47 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-12 22:47 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-12 22:47 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-12 22:47 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-12 22:47 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-12 22:47 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-12 22:47 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-12 22:47 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-12 22:47 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-12 22:47 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-12 22:47 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-12 22:47 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-12 22:47 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-12 22:47 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-12 22:47 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-12 22:46 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-12 22:46 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-12 22:46 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-12 22:46 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-12 22:45 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-12 22:45 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-12 22:21 - 2014-09-12 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 21:46 - 2014-09-18 17:13 - 00001344 _____ () C:\Windows\setupact.log
2014-09-12 21:46 - 2014-09-12 21:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 21:45 - 2014-09-16 17:55 - 00027286 _____ () C:\Windows\PFRO.log
2014-09-12 21:29 - 2014-09-12 21:29 - 01619968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msoe.dll
2014-09-12 21:28 - 2014-09-12 21:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-12 21:27 - 2014-09-12 21:27 - 05345152 _____ (Dll-Files.com ) C:\Users\Bemmerer\Downloads\dff_fp3w-msoe.exe
2014-09-12 20:38 - 2014-09-12 20:38 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Bemmerer\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-09-11 19:10 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:10 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 19:10 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:10 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:10 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:10 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:10 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:10 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:10 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:10 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:10 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:10 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:10 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:10 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:10 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:10 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 19:10 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:10 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 19:10 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:10 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 19:10 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 19:10 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 19:10 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:10 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:10 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 19:10 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 19:10 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:10 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 19:10 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 19:10 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 19:10 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 19:10 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:10 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:10 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:10 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 19:10 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 19:10 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 19:10 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 19:10 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 19:10 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 19:10 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 19:10 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 19:09 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 19:09 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:09 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:09 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 19:09 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:09 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 19:09 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:09 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:09 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 19:09 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:09 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 19:09 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:09 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 19:09 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 19:14 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 19:14 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 19:14 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 19:14 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 19:13 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 19:13 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 19:13 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 19:13 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 19:13 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 19:13 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 19:13 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 19:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 19:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-03 21:11 - 2014-09-03 21:11 - 00000000 ____D () C:\Users\Bemmerer\AppData\Local\Adobe
2014-09-03 19:32 - 2014-09-03 19:33 - 173838160 _____ () C:\Users\Bemmerer\Downloads\New_PC_Studio_1.5.1.10064_2.exe
2014-08-31 22:31 - 2014-08-31 22:31 - 00002503 _____ () C:\Users\Public\Desktop\Serato DJ .lnk
2014-08-31 22:30 - 2014-08-31 22:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-31 09:19 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 09:19 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-31 09:19 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 06:28 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 06:28 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 06:28 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 06:28 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 06:27 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 06:27 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 06:27 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 06:27 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 06:27 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 06:27 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 06:27 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 06:27 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 06:27 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 06:27 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 18:59 - 2014-08-19 18:59 - 00002062 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-08-19 18:58 - 2014-08-19 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-08-19 18:28 - 2014-08-19 18:29 - 00000000 ____D () C:\Users\Bemmerer\Downloads\bpm
2014-08-19 18:18 - 2014-08-19 18:18 - 00652482 _____ () C:\Users\Bemmerer\Downloads\bpmanalyzer (1).zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 20:25 - 2014-09-12 23:58 - 00017140 _____ () C:\Users\Bemmerer\Downloads\FRST.txt
2014-09-18 20:25 - 2014-09-12 23:58 - 00000000 ____D () C:\FRST
2014-09-18 20:24 - 2014-09-18 20:24 - 00052344 _____ () C:\Users\Bemmerer\Desktop\FRST.txt
2014-09-18 20:17 - 2012-10-30 17:06 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000UA.job
2014-09-18 20:15 - 2014-09-18 20:15 - 00000907 _____ () C:\Users\Bemmerer\Desktop\checkup.txt
2014-09-18 20:14 - 2010-02-08 20:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 20:07 - 2014-09-18 20:07 - 00854417 _____ () C:\Users\Bemmerer\Desktop\SecurityCheck.exe
2014-09-18 20:00 - 2013-01-03 14:55 - 01860241 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 19:29 - 2012-04-26 17:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 19:17 - 2013-10-11 14:23 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000Core1cec67cb07e93a5.job
2014-09-18 17:21 - 2009-07-14 06:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 17:21 - 2009-07-14 06:45 - 00019024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 17:15 - 2011-10-29 20:39 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-18 17:14 - 2013-10-12 07:49 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec70ed06198a9.job
2014-09-18 17:13 - 2014-09-12 21:46 - 00001344 _____ () C:\Windows\setupact.log
2014-09-18 17:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 18:01 - 2014-09-16 18:01 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 18:00 - 2014-09-16 18:00 - 01016035 _____ (Thisisu) C:\Users\Bemmerer\Desktop\JRT.exe
2014-09-16 18:00 - 2014-09-16 17:59 - 01016035 _____ (Thisisu) C:\Users\Bemmerer\Downloads\JRT.exe
2014-09-16 17:55 - 2014-09-12 21:45 - 00027286 _____ () C:\Windows\PFRO.log
2014-09-16 17:53 - 2014-09-16 17:00 - 00000000 ____D () C:\AdwCleaner
2014-09-16 17:53 - 2012-12-30 19:06 - 00000000 ____D () C:\Users\Bemmerer\AppData\Local\CRE
2014-09-16 16:58 - 2014-09-16 17:00 - 01373475 _____ () C:\Users\Bemmerer\Desktop\AdwCleaner_3.310.exe
2014-09-16 16:58 - 2014-09-16 16:58 - 01373475 _____ () C:\Users\Bemmerer\Downloads\AdwCleaner_3.310.exe
2014-09-16 16:26 - 2014-09-16 16:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 16:25 - 2014-09-16 16:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bemmerer\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-16 16:25 - 2014-09-16 16:25 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-16 16:25 - 2014-09-16 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-16 16:25 - 2014-09-16 16:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 16:33 - 2014-09-15 16:33 - 00024993 _____ () C:\ComboFix.txt
2014-09-15 16:33 - 2014-09-15 16:12 - 00000000 ____D () C:\Qoobox
2014-09-15 16:33 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-15 16:30 - 2014-09-15 16:11 - 00000000 ____D () C:\Windows\erdnt
2014-09-15 16:28 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-15 16:08 - 2014-09-15 16:08 - 05578360 ____R (Swearware) C:\Users\Bemmerer\Desktop\ComboFix.exe
2014-09-14 18:32 - 2014-09-14 18:32 - 02105856 _____ (Farbar) C:\Users\Bemmerer\Downloads\FRST64(2).exe
2014-09-14 18:31 - 2014-09-14 18:31 - 02105856 _____ (Farbar) C:\Users\Bemmerer\Downloads\FRST64(1).exe
2014-09-14 18:30 - 2014-09-14 18:30 - 00050477 _____ () C:\Users\Bemmerer\Downloads\Defogger(1).exe
2014-09-14 18:30 - 2014-09-12 23:53 - 00000478 _____ () C:\Users\Bemmerer\Downloads\defogger_disable.log
2014-09-14 18:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-14 18:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2014-09-14 18:14 - 2014-04-11 23:48 - 00000000 ____D () C:\Users\Bemmerer\AppData\Local\TB
2014-09-14 17:34 - 2010-10-31 12:49 - 00000000 ____D () C:\Windows\rescache
2014-09-14 11:36 - 2011-11-26 22:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 11:34 - 2014-09-14 11:34 - 01101648 _____ () C:\Users\Bemmerer\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-09-14 11:25 - 2014-09-14 11:25 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Bemmerer\Downloads\rkill64.com
2014-09-14 11:24 - 2014-09-14 11:24 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Bemmerer\Downloads\eXplorer64.exe
2014-09-14 11:19 - 2014-09-14 11:18 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Bemmerer\Downloads\eXplorer.exe
2014-09-14 11:18 - 2014-09-14 11:18 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Bemmerer\Downloads\rkill.com
2014-09-14 11:13 - 2014-09-12 23:00 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\Nico Mak Computing
2014-09-14 01:16 - 2014-01-03 15:58 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\Audacity
2014-09-14 01:06 - 2014-09-14 01:06 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-09-14 01:05 - 2014-09-14 01:05 - 00000000 ____D () C:\Users\Bemmerer\Downloads\Lame
2014-09-13 00:43 - 2014-09-13 00:43 - 01110476 _____ () C:\Users\Bemmerer\Downloads\7z920.exe
2014-09-13 00:43 - 2014-09-13 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-13 00:43 - 2014-09-13 00:43 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-09-13 00:28 - 2012-04-29 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-12 23:59 - 2014-09-12 23:59 - 00380416 _____ () C:\Users\Bemmerer\Downloads\Gmer-19357.exe
2014-09-12 23:56 - 2014-09-12 23:56 - 02105856 _____ (Farbar) C:\Users\Bemmerer\Downloads\FRST64.exe
2014-09-12 23:53 - 2014-09-12 23:53 - 00000000 _____ () C:\Users\Bemmerer\defogger_reenable
2014-09-12 23:53 - 2009-12-05 19:11 - 00000000 ____D () C:\Users\Bemmerer
2014-09-12 23:52 - 2014-09-12 23:52 - 00050477 _____ () C:\Users\Bemmerer\Downloads\Defogger.exe
2014-09-12 22:59 - 2014-09-12 22:59 - 04892480 _____ (WinZip International LLC ) C:\Users\Bemmerer\Downloads\wzmp_8.exe
2014-09-12 22:50 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-12 22:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-12 22:21 - 2014-09-12 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 22:00 - 2012-01-22 20:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-12 22:00 - 2009-09-08 10:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-12 21:57 - 2011-07-24 14:08 - 00000000 ____D () C:\Users\Bemmerer\Documents\Mein Steuer-Sparbuch Heute
2014-09-12 21:57 - 2010-05-13 16:33 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-09-12 21:57 - 2009-09-08 09:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-12 21:54 - 2011-11-01 13:31 - 00000000 ____D () C:\ProgramData\Skype
2014-09-12 21:52 - 2014-01-14 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-12 21:46 - 2014-09-12 21:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 21:46 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-12 21:29 - 2014-09-12 21:29 - 01619968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msoe.dll
2014-09-12 21:28 - 2014-09-12 21:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-12 21:27 - 2014-09-12 21:27 - 05345152 _____ (Dll-Files.com ) C:\Users\Bemmerer\Downloads\dff_fp3w-msoe.exe
2014-09-12 20:38 - 2014-09-12 20:38 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Bemmerer\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-09-11 20:29 - 2012-04-26 17:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 20:29 - 2012-04-26 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 20:29 - 2012-04-26 17:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 19:07 - 2014-01-30 20:04 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 19:07 - 2009-07-14 19:58 - 00704520 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 19:07 - 2009-07-14 19:58 - 00152326 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 19:06 - 2009-07-14 07:13 - 01608640 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 20:21 - 2013-08-14 19:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 20:21 - 2009-12-12 21:04 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 20:20 - 2014-05-06 19:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 19:04 - 2013-11-03 01:02 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 19:04 - 2013-11-03 01:02 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-10 19:03 - 2013-11-03 01:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 19:03 - 2013-11-03 01:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 18:45 - 2010-01-31 13:45 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-05 04:10 - 2014-09-10 19:13 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 19:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 21:11 - 2014-09-03 21:11 - 00000000 ____D () C:\Users\Bemmerer\AppData\Local\Adobe
2014-09-03 19:50 - 2013-03-12 15:27 - 00000000 ____D () C:\Users\Bemmerer\Desktop\markus liebe meines lebens
2014-09-03 19:33 - 2014-09-03 19:32 - 173838160 _____ () C:\Users\Bemmerer\Downloads\New_PC_Studio_1.5.1.10064_2.exe
2014-09-02 20:49 - 2010-01-23 20:41 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\vlc
2014-08-31 22:31 - 2014-08-31 22:31 - 00002503 _____ () C:\Users\Public\Desktop\Serato DJ .lnk
2014-08-31 22:31 - 2013-12-13 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato
2014-08-31 22:30 - 2014-08-31 22:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-31 22:30 - 2013-12-13 22:30 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-08-31 20:10 - 2014-03-25 19:10 - 00000000 ____D () C:\Users\Bemmerer\Downloads\serato
2014-08-31 19:23 - 2009-07-14 06:45 - 00362984 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 04:07 - 2014-08-31 09:19 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-31 09:19 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-31 09:19 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 20:14 - 2010-08-15 19:41 - 00000000 ____D () C:\Users\Bemmerer\AppData\Roaming\dvdcss
2014-08-19 21:14 - 2011-07-24 14:51 - 00000000 ____D () C:\Users\Bemmerer\Documents\WISO Lohnsteuer Ausgleich
2014-08-19 20:05 - 2014-09-11 19:10 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 19:10 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 19:00 - 2011-07-24 17:41 - 00000000 ____D () C:\Users\Bemmerer\Documents\Steuer-Sparbuch
2014-08-19 18:59 - 2014-08-19 18:59 - 00002062 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-08-19 18:59 - 2010-05-13 16:42 - 00001244 _____ () C:\Windows\wiso.ini
2014-08-19 18:59 - 2010-05-13 16:40 - 00000000 ____D () C:\Users\Bemmerer\AppData\Local\Buhl
2014-08-19 18:58 - 2014-08-19 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-08-19 18:30 - 2009-12-05 19:15 - 00000000 ____D () C:\Users\Bemmerer\AppData\Local\VirtualStore
2014-08-19 18:29 - 2014-08-19 18:28 - 00000000 ____D () C:\Users\Bemmerer\Downloads\bpm
2014-08-19 18:18 - 2014-08-19 18:18 - 00652482 _____ () C:\Users\Bemmerer\Downloads\bpmanalyzer (1).zip
2014-08-19 01:01 - 2014-09-11 19:10 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 19:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 19:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 19:09 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 19:09 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 19:09 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 19:10 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 19:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 19:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 19:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 19:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 19:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:08 - 2014-09-11 19:09 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:05 - 2014-09-11 19:10 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 19:10 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 19:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 19:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

Some content of TEMP:
====================
C:\Users\Bemmerer\AppData\Local\Temp\avgnt.exe
C:\Users\Bemmerer\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 17:18

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Bemmerer at 2014-09-18 20:25:55
Running from C:\Users\Bemmerer\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Amazon.de (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version:  - Amazon EU S.a.r.L.)
Apowersoft Gratis - Audiorekorder V2.1.7 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.1.7 - Apowersoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{0FB2E75A-1024-331F-77EF-D45F71505D58}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2238.38827 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2238.38827 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
devolo dLAN Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.1.2.0 - devolo AG)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.4.3 - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
DJ Intro version 1.2.0 (HKLM-x32\...\{36625871-9D4B-4046-A837-677974F51CAC}_is1) (Version: 1.2.0 - Serato Audio Research)
dLAN Cockpit (x32 Version: 3.23.12 - devolo AG) Hidden
eBay (HKLM-x32\...\{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}) (Version: 1.0.4 - eBay Inc.)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.6.716 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.19.1015 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.19.1015 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.10.6.727 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Limited.)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MediaInfo Lite 0.7.27 (HKLM-x32\...\mediainfolite_is1) (Version: 0.7.27 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Müller Foto (HKLM-x32\...\Müller Foto) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
NAVIGON Fresh 3.2.0 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.2.0 - NAVIGON)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Reloop ASIO Driver 1.152 (HKLM\...\Reloop ASIO Driver 1.152) (Version: 1.152 - Reloop)
Serato DJ  (HKLM-x32\...\{cff70cd3-29c4-4043-b20c-e085773b05e0}) (Version: 1.6.3.7539 - )
Serato DJ  (x32 Version: 1.6.3.7539 - Serato) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.0.04.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.10.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
Toshiba Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)
Toshiba Photo Service - powered by myphotobook (x32 Version: 1.0.0 - myphotobook GmbH) Hidden
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.0.04.64 - TOSHIBA Corporation) Hidden
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.05 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.25.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.25.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.7 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{052CA271-6C3E-4B8F-9EEE-CEA84BC901DC}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CA2F3DF8-C8AE-4933-92F1-FE482442F6E6}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{DCACC42F-F801-4BBD-B621-DF93679D46CA}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-09-2014 19:33:31 DLL-Files Fixer Fr, Sep 12, 14  21:33
12-09-2014 19:52:38 Removed Skype™ 6.11
12-09-2014 19:54:18 Removed SweetPacks bundle uninstaller
12-09-2014 19:57:09 Entfernt WISO Steuer-Sparbuch 2013
12-09-2014 19:58:05 Windows Live Sync wird entfernt
12-09-2014 19:59:22 Removed Adobe Reader XI (11.0.08) - Deutsch.
12-09-2014 20:01:50 Compatibility Pack für 2007 Office System wird entfernt
12-09-2014 20:03:19 Removed Internet Explorer Toolbar 4.6 by SweetPacks
12-09-2014 20:45:18 Windows Update
13-09-2014 23:17:05 Windows Update
15-09-2014 14:16:21 ComboFix created restore point
18-09-2014 15:05:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-15 16:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09AB8EA5-313A-4B65-8114-0F24941B59D6} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {09AFECB4-8895-457B-8F37-D9E88D6A1AB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0FB1AAA7-0156-4206-979C-A1EA0E53CB71} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {24C86082-A3EA-4A7B-9214-BE785F8DB486} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {27AF819D-6D9E-417E-90AA-4D8695F6A406} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {4B8AF262-B0C5-421C-855D-CE3AC9D31377} - System32\Tasks\{FA64850A-E170-4E2D-86BF-72815796E26C} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.280&amp;LastError=12007
Task: {4EDD3F4A-E80F-403B-8B3B-37DE1C83E9B4} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {545374DE-6064-4874-9B85-4179CA83D8CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08] (Google Inc.)
Task: {5FCEAE72-5913-454C-B837-A9519641C99F} - System32\Tasks\GoogleUpdateTaskMachineCore1cec70ed06198a9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08] (Google Inc.)
Task: {75F2692A-8930-4E22-9955-F9914242B69C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000UA => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {82733C33-369D-4468-AC2A-A0414A14D744} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000Core => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {92FBFC4A-F569-4BBC-8001-70B15A397C6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000Core1cec67cb07e93a5 => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {9885B0E5-8A7C-47E1-B09B-952202966AB1} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {BE5B4979-92C6-4E66-A27A-17C4652F22AD} - System32\Tasks\{5A168F88-AD44-4172-BB8C-D44769455E13} => C:\Program Files (x86)\PS3 Media Server\PMS.exe [2009-03-09] (A. Brochard)
Task: {CC383446-E3F1-4677-9FB8-E8DC7E5FF9F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08] (Google Inc.)
Task: {EB61ED43-A09E-4802-AEE4-423F4F9DAEA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {FC2215EE-7FCF-4789-850A-7747BB61425A} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec70ed06198a9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000Core1cec67cb07e93a5.job => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-401722809-3301492424-1782163209-1000UA.job => C:\Users\Bemmerer\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-09-08 17:53 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-26 18:58 - 2009-08-26 18:58 - 00553984 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Bemmerer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-06-17 07:03 - 2014-07-22 22:46 - 03356480 _____ () C:\Users\Bemmerer\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-08-03 18:18 - 2009-08-03 18:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-12 22:21 - 2014-09-12 22:21 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: ToshibaServiceStation => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 08:09:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 08:09:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 08:04:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 05:20:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 05:20:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 05:20:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 05:20:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2014 05:19:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/18/2014 05:24:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.185.96.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.6.0305.00

        Quellpfad: 4.6.0305.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (09/18/2014 05:13:37 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/18/2014 05:13:37 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/18/2014 05:12:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.185.96.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.6.0305.00

        Quellpfad: 4.6.0305.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (09/18/2014 04:37:29 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/18/2014 04:37:29 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/17/2014 02:03:08 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/17/2014 02:03:08 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/17/2014 08:15:45 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/17/2014 08:07:27 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-15 16:28:05.584
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-15 16:28:05.210
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 43%
Total physical RAM: 4060.88 MB
Available physical RAM: 2277.08 MB
Total Pagefile: 8119.93 MB
Available Pagefile: 6123.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:47.36 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:140.51 GB) NTFS
Drive e: (ST2014) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4F73061C)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gruß
bambam

schrauber 19.09.2014 09:52
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

bambam12 19.09.2014 15:18
Hallo Schrauber,
hat alles perfekt funktioniert und läuft !!!
Vielen Dank !!!!

Gruß
bambam

schrauber 20.09.2014 15:00
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19