Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Systemwiederherstellung kann myosprotect.dll nicht löschen (https://www.trojaner-board.de/159480-systemwiederherstellung-myosprotect-dll-loeschen.html)

daimerlein 06.10.2014 18:13
Systemwiederherstellung kann myosprotect.dll nicht löschen
 
Hallo, hab mir da was eingefangen.mein firefox spielt keine flash sachen mehr ab und es kommen ständig meldugen das skripte nicht ausgeführt werden können. ansonsten ist mein firefox ziemlich langsam geworden. ich hab avast suchen lassen und malewarebytes und iobit malwarescanner und spybot. keiner hat was gefunden erst als ich die windows system wiederherstellung laufen hab lassen kam die meldung das myosprotect.dll nicht gelöscht werden kann und nach googlesuche mit myosprotect bin ich hier gelandet und hoffe ihr könnt mir helfen das teil zu löschen.

schrauber 06.10.2014 18:23
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


daimerlein 06.10.2014 18:41
FRST Additions Logfile:
[CODE]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-10-2014
Ran by Thomas at 2014-10-06 18:36:14
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! antivirus (Disabled - Out of date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! antivirus (Disabled - Out of date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-abc.net Hard Drive Washer (Remove only) (HKLM\...\1-abc.net Hard Drive Washer) (Version: - )
AC3Filter 2.5b (HKLM\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.2.1.0 - Auslogics Labs Pty Ltd)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Azteca (HKLM\...\Azteca_is1) (Version: 1.0 - Media Contact LLC)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
CheckDrive (HKLM\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
Deutsche Sprachdatei für Winamp 5.02 v14 (HKLM\...\Winamp 5.02 Deutsche Sprachdatei v14) (Version: - )
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.5 - IObit)
DSL-Manager (HKLM\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version: - )
Epson Benutzerhandbuch WF-3520 Series (HKLM\...\WF-3520 Series Useg) (Version: - )
Epson Connect Guide (HKLM\...\Epson Connect Guide) (Version: - )
Epson Event Manager (HKLM\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3520 Series (HKLM\...\WF-3520 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fast CD Ripper version 1.5 (HKLM\...\Fast CD Ripper_is1) (Version: 1.5 - Fast CD Ripper)
FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Free Audio CD Burner version 1.2 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free DVD Video Burner version 1.2 (HKLM\...\Free DVD Video Burner_is1) (Version: - DVDVideoSoft Limited.)
Free FLV Converter V 6.7.3 (HKLM\...\Free FLV Converter_is1) (Version: 6.7.3.0 - Koyote Soft)
Free System Utilities (HKLM\...\{449e21e5-7674-4034-ab45-6eb6ec2bacac}) (Version: 1.1.3.0 - Covus Freemium GmbH)
Free SystemUtilities (Version: 1.1.3.0 - Covus Freemium GmbH) Hidden
Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.)
FreeRIP MP3 Converter 4.5.2 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Jasc Paint Shop Pro Studio (HKLM\...\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}) (Version: 1.00.0000 - Jasc Software Inc)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Komfort-Wecker 2.01 (HKLM\...\Komfort-Wecker_is1) (Version: 2.01 - )
Kyodai Mahjongg (HKLM\...\Kyodai Mahjongg_is1) (Version: - Rene-Gilles Deberdt)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.70.1044 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.31.1038.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
MainConcept DTV Decoder Standard (HKLM\...\{059A00AC-1205-423C-91C7-7E6168D804DA}) (Version: 1.5.0.2 - MainConcept GmbH)
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
SolSuite 2013 v13.5 (HKLM\...\SolSuite_is1) (Version: 13.5 - TreeCardGames)
SopCast 3.2.4 (HKLM\...\SopCast) (Version: 3.2.4 - SopCast.com)
Spotify (HKCU\...\Spotify) (Version: 0.9.4.169.gc0399df6 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Streamripper (Remove only) (HKLM\...\Streamripper) (Version: - )
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Explorer 5.9.3 (HKLM\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player 1.0.2 (HKLM\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)
Web Protect for Windows (HKLM\...\wp-adinject-adk) (Version: 10.0.0 - Web Protect) <==== ATTENTION
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XviD MPEG-4 Codec (HKLM\...\XviD) (Version: - )
Zip Opener Packages (HKCU\...\Zip Opener Packages) (Version: - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2570579559-1507674160-3812463377-1001_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

==================== Restore Points =========================

02-10-2014 21:34:39 Windows Update
04-10-2014 21:02:54 AA11
05-10-2014 22:30:10 Removed Skype Click to Call
06-10-2014 11:04:22 Wiederherstellungsvorgang
06-10-2014 11:37:20 Installed SpyHunter
06-10-2014 12:31:59 Removed SpyHunter
06-10-2014 15:41:26 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-11-06 15:55 - 00350743 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123simsen.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0110F05E-653C-42A8-963A-F12411132505} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-07] (AVAST Software)
Task: {0702EC2B-D37A-4C43-B19C-95272531EBE3} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2570579559-1507674160-3812463377-1001
Task: {078B44A3-D2BB-40DC-B9A4-1771A7C989EE} - System32\Tasks\DSite => C:\Users\Thomas\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {224C24D4-2629-40F3-A89C-A0115B1E32A6} - System32\Tasks\ASC7_SkipUac_Thomas => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2014-05-04] (IObit)
Task: {2D48368B-D3CE-4C33-8546-50E87F4D0C9E} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {4ED52B1F-47DE-498C-B58B-9D8E5A22ACDB} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {4F2A34D5-B6DC-4C02-A71C-6F2E53BD3B11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {5140E074-DF04-47EF-9AFD-593F309A0873} - System32\Tasks\QtraxPlayer => C:\Program Files\Microsoft Silverlight\sllauncher.exe [2014-05-13] (Microsoft Corporation)
Task: {60AFF1FB-268C-48E7-BF69-48D3FE59909F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {6663AF12-625D-43D0-AFA3-B695426D584F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {69B95C43-F87E-4E00-98B9-8FA353EA7DD0} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {6CC00F19-A1EF-4B6F-BA75-C2AAE9D7C75C} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-02] (IObit)
Task: {737490DE-0558-4FD9-B702-03474C486A4C} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {74E5D22D-1688-4DD2-8F83-63CE779D00EE} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [2014-05-06] (IObit)
Task: {7C177CA6-6CDA-4B26-A14B-344F6C67A45B} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe [2014-01-28] (Abelssoft)
Task: {824B2411-5FFA-4AF1-AFF7-11A54309AB1C} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe
Task: {8751105E-C7E8-458A-BBEB-F012E74C8AE1} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe [2013-12-17] (Malwarebytes Corporation)
Task: {BB336E5D-DAA4-47A9-93C9-123EE4449505} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {C169C296-AC13-4740-A3F1-84EEF6AF4BDB} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-08-01] (IObit)
Task: {C69E6B02-D8D2-41A8-8430-B73CA544724D} - System32\Tasks\CheckDriveBackgroundGuard => C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe [2014-01-28] (Abelssoft)
Task: {C8237913-0BF4-467E-A92F-535F41886D2E} - System32\Tasks\Freemium1ClickMaint => C:\Users\Thomas\Downloads\1Click.exe
Task: {DC05E5EC-73CD-4893-B312-CC0867BC89F7} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe
Task: {E0B32F6F-7A1F-4842-A6C3-8448CBE63401} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {E97BF940-F804-47A8-97B7-181B3FC366DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-01] (Adobe Systems Incorporated)
Task: {FFE95B65-D0FB-472C-B46A-9445240D8092} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2014-08-01] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CheckDriveBackgroundGuard.job => C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\Thomas\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

==================== Loaded Modules (whitelisted) =============

2013-12-27 00:52 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 7\sqlite3.dll
2014-07-07 18:06 - 2014-07-07 18:06 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-06 10:05 - 2014-10-06 10:05 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100600\algo.dll
2013-06-05 17:12 - 2014-07-02 21:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-07 18:06 - 2014-07-07 18:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-12-27 00:52 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 7\webres.dll
2014-02-14 16:22 - 2014-02-14 16:22 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\21871ce315d4257cfe2052454e583368\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-14 16:23 - 2014-02-14 16:23 - 14971904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\c94e1e76e67ad518b4310a539f072832\Kies.Theme.ni.dll
2014-02-14 16:22 - 2014-02-14 16:22 - 01842688 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\0107366ee1ddeb3e9873c6fac6344bc1\Kies.UI.ni.dll
2014-02-14 16:22 - 2014-02-14 16:22 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8375369d3ac9c732c2ec8f6b5c9f2bb8\Kies.MVVM.ni.dll
2014-02-14 16:23 - 2014-02-14 16:23 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-12-27 01:01 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\IObit Malware Fighter\madExcept_.bpl
2013-12-27 01:01 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\IObit Malware Fighter\madBasic_.bpl
2013-12-27 01:01 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\IObit Malware Fighter\madDisAsm_.bpl
2013-12-27 01:01 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files\IObit\IObit Malware Fighter\WebUI.dll
2013-12-27 01:01 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
2013-12-27 01:01 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files\IObit\IObit Malware Fighter\libcurl-4.dll
2013-12-27 01:01 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
2013-10-05 00:38 - 2014-01-28 18:33 - 00019744 _____ () C:\Program Files\CheckDrive\AbStartManager.dll
2013-07-06 16:03 - 2014-01-28 18:33 - 00014112 _____ () C:\Program Files\CheckDrive\AbMessages.dll
2014-01-21 11:43 - 2014-06-04 15:17 - 00892288 _____ () C:\Program Files\IObit\Smart Defrag 3\webres.dll
2013-12-27 00:52 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madExcept_.bpl
2013-12-27 00:52 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madBasic_.bpl
2013-12-27 00:52 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-10-01 10:31 - 2014-09-24 07:09 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:84FBC595543CB3B9
AlternateDataStreams: C:\Users\Thomas\Rente.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Thomas\Rente.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files\Logitech\Vid\Vid.exe" -bootmode
MSCONFIG\startupreg: Logitech Vid HD => "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2570579559-1507674160-3812463377-500 - Administrator - Disabled)
Gast (S-1-5-21-2570579559-1507674160-3812463377-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2570579559-1507674160-3812463377-1002 - Limited - Enabled)
Thomas (S-1-5-21-2570579559-1507674160-3812463377-1001 - Administrator - Enabled) => C:\Users\Thomas

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2014 03:10:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x109c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/06/2014 01:29:58 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0xc0003005.

Error: (10/06/2014 00:23:33 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1428) WebCacheLocal: Fehler -1811 beim Öffnen von Protokolldatei C:\Users\Thomas\AppData\Local\Microsoft\Windows\WebCache\V010000E.log.

Error: (10/05/2014 11:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PCSUQuickScan.exe, Version: 0.0.0.0, Zeitstempel: 0x538467e6
Name des fehlerhaften Moduls: PCSUQuickScan.exe, Version: 0.0.0.0, Zeitstempel: 0x538467e6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006ee0
ID des fehlerhaften Prozesses: 0x63d0
Startzeit der fehlerhaften Anwendung: 0xPCSUQuickScan.exe0
Pfad der fehlerhaften Anwendung: PCSUQuickScan.exe1
Pfad des fehlerhaften Moduls: PCSUQuickScan.exe2
Berichtskennung: PCSUQuickScan.exe3

Error: (10/05/2014 11:40:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x5094
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/05/2014 01:24:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x318c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/05/2014 01:04:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x2de4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/05/2014 00:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x180c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/05/2014 00:20:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x89c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/05/2014 00:02:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (2536) WebCacheLocal: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\Thomas\AppData\Local\Microsoft\Windows\WebCache\V01.log.


System errors:
=============
Error: (10/06/2014 05:02:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (10/06/2014 05:02:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (10/06/2014 05:02:36 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (10/06/2014 05:02:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (10/06/2014 05:02:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070

Error: (10/06/2014 05:02:27 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (10/06/2014 05:02:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde nicht richtig gestartet.

Error: (10/06/2014 03:10:45 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (10/06/2014 03:06:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (10/06/2014 03:06:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (10/06/2014 03:10:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b109c01cfe166d8a31f14C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll1a03e7f4-4d5a-11e4-9a01-00306724cd5b

Error: (10/06/2014 01:29:58 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0xc0003005

Error: (10/06/2014 00:23:33 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost1428WebCacheLocal: C:\Users\Thomas\AppData\Local\Microsoft\Windows\WebCache\V010000E.log-1811

Error: (10/05/2014 11:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PCSUQuickScan.exe0.0.0.0538467e6PCSUQuickScan.exe0.0.0.0538467e6c000000500006ee063d001cfe0e6710e0d80C:\Program Files\PC Speed Up\PCSUQuickScan.exeC:\Program Files\PC Speed Up\PCSUQuickScan.exee3a541b0-4cd9-11e4-bc51-00306724cd5b

Error: (10/05/2014 11:40:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b509401cfe0e5066ca5f0C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll46d1f7d0-4cd8-11e4-bc51-00306724cd5b

Error: (10/05/2014 01:24:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b318c01cfe08efb8b7fb8C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll39880ef8-4c82-11e4-a0ae-00306724cd5b

Error: (10/05/2014 01:04:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b2de401cfe08c21c26528C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll620c66d8-4c7f-11e4-a0ae-00306724cd5b

Error: (10/05/2014 00:21:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b180c01cfe0862d53eaacC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll6e3732a4-4c79-11e4-a0ae-00306724cd5b

Error: (10/05/2014 00:20:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b89c01cfe085f7641fc0C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll388e176c-4c79-11e4-a0ae-00306724cd5b

Error: (10/05/2014 00:02:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost2536WebCacheLocal: C:\Users\Thomas\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)


CodeIntegrity Errors:
===================================
Date: 2014-10-06 18:34:48.732
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-10-06 18:19:28.155
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-10-06 17:40:53.211
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-10-06 17:13:22.404
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-10-06 15:06:15.559
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-10-06 14:54:32.656
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-10-06 14:44:45.780
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-10-06 14:36:29.081
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-10-06 14:31:09.667
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-10-06 14:09:22.468
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 75%
Total physical RAM: 3327.24 MB
Available physical RAM: 808.73 MB
Total Pagefile: 6654.48 MB
Available Pagefile: 3078.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1875.75 MB

==================== Drives ================================

Drive c: (Festplatte neu ) (Fixed) (Total:259.07 GB) (Free:34.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive l: (Festplatte neu Reserve) (Fixed) (Total:39.02 GB) (Free:38.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2B3D2B3C)
Partition 1: (Active) - (Size=259.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS)
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014
Ran by Thomas (administrator) on DOMMEPUTER on 06-10-2014 18:35:11
Running from C:\Users\Thomas\Downloads
Loaded Profile: Thomas (Available profiles: Thomas)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Abelssoft) C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adblock) C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-09-12] (Realtek Semiconductor)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-10-30] (Samsung Electronics)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-07] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk
ShortcutTarget: Heimdal.lnk -> C:\Program Files\Heimdal\Client\HeimdalAgent.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Thomas\AppData\Roaming\Windows Net Data\net.exe (No File)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE01926618D4ECA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://search.certified-toolbar.com?si=&st=bs&tid=6787&ver=4.4&ts=1380715361162&tguid=66920-6787-1380715361162-D5367A4AA689EDEC53061565D003EB30&q={searchTerms}
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://search.certified-toolbar.com?si=&st=bs&tid=6787&ver=4.4&ts=1380715361162&tguid=66920-6787-1380715361162-D5367A4AA689EDEC53061565D003EB30&q={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 38 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\znbv219f.default-1412453000272
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\znbv219f.default-1412453000272\Extensions\youtubeunblocker@unblocker.yt [2014-10-05]
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\znbv219f.default-1412453000272\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-05]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\znbv219f.default-1412453000272\extensions\ascsurfingprotection@iobit.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> D66422C4F34F5351FD856EAF1D7954C34FF507ECBB198FD449024FCFF69A8CD3
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> A3102230FE54712A910FC8BC8D14008BD3E371FFCE4CB7A4F0304923015D9AA1
CHR DefaultSearchProvider: Default -> C909338F95A18B0B2FA930303896C2499E19D8A8A3FE7FB1AB4230E24B76C133
CHR DefaultSearchURL: Default -> E318E4E8859F40A06ACFBDE57AD6054FEFC2805DA7E5A0F60E93F9669FBD49D8
CHR CustomProfile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-06]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-06]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-05-14]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-06]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-06]
CHR Extension: (Ads Removal) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-26]
CHR Extension: (Ads Removal) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-02-07]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-07]
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Thomas\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-02-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-07] (AVAST Software)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36936 2014-09-10] (Just Develop It) <==== ATTENTION
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-17] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-17] (NVIDIA Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567144 2014-08-13] (Mister Group)
S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [X]
S2 HPSLPSVC; C:\Users\Thomas\AppData\Local\Temp\7zS62CF\hpslpsvc32.dll [X]
S2 SystemStoreService; "C:\Program Files\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-07] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-06-06] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872192 2009-12-01] (C-Media Inc)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [75640 2014-04-10] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-06] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 nvax; C:\Windows\System32\drivers\nvax.sys [53376 2005-04-13] (NVIDIA Corporation)
S3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [414464 2005-04-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [507408 2009-09-11] (TechniSat Digital, S.A.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
S1 ASPI32; No ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U2 hdservice.exe; No ImagePath
R3 pxkbf; System32\drivers\pxkbf.sys [X]
R1 pxrts; System32\drivers\pxrts.sys [X]
R0 pxscan; System32\drivers\pxscan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 18:35 - 2014-10-06 18:35 - 00025127 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-10-06 18:34 - 2014-10-06 18:35 - 00000000 ____D () C:\FRST
2014-10-06 18:33 - 2014-10-06 18:33 - 01101312 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe
2014-10-06 14:37 - 2014-10-06 14:37 - 00001039 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-06 13:38 - 2014-10-06 13:38 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-06 13:37 - 2014-10-06 14:33 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-10-06 13:36 - 2014-10-06 13:36 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-06 13:35 - 2014-10-06 13:35 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas\Downloads\SpyHunter-Installer.exe
2014-10-06 00:23 - 2014-10-06 15:01 - 00000672 _____ () C:\Windows\setupact.log
2014-10-06 00:23 - 2014-10-06 15:00 - 00008724 _____ () C:\Windows\PFRO.log
2014-10-06 00:23 - 2014-10-06 00:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-06 00:20 - 2014-10-06 00:20 - 00001024 _____ () C:\Users\Thomas\Desktop\MyPC Backup.lnk
2014-10-06 00:20 - 2014-10-06 00:20 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-10-06 00:20 - 2014-10-06 00:20 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-10-05 23:50 - 2014-10-05 23:50 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\QuickScan
2014-10-05 23:47 - 2014-10-05 23:47 - 05671272 _____ (Speedchecker Limited ) C:\Users\Thomas\Downloads\pcbeschleunigen_7b54c84ef2ff4dafb408d426e996acbe_.exe
2014-10-05 23:11 - 2014-10-05 23:11 - 00000944 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-05 23:09 - 2014-10-05 23:09 - 04965896 _____ (Piriform Ltd) C:\Users\Thomas\Downloads\ccsetup418.exe
2014-10-05 22:49 - 2014-10-05 22:49 - 00071880 _____ (Prevx) C:\Windows\system32\PxSecure.dll-9844084
2014-10-05 22:48 - 2014-10-05 23:05 - 00000051 _____ () C:\Windows\wininit.ini
2014-10-05 22:48 - 2014-10-05 22:48 - 00945272 _____ (Prevx) C:\Users\Thomas\Downloads\prevxcsifree.exe
2014-10-04 23:12 - 2014-10-04 23:12 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\LavasoftStatistics
2014-10-03 17:21 - 2014-10-03 17:31 - 110100480 _____ () C:\Users\Thomas\Downloads\Stargate.SG1.S01E01.German.DL.DVD.x.264-TVS.part02.rar
2014-10-03 17:07 - 2014-10-03 17:18 - 110100480 _____ () C:\Users\Thomas\Downloads\Stargate.SG1.S01E01.German.DL.DVD.x.264-TVS.part01(1).rar
2014-10-03 16:57 - 2014-10-03 17:05 - 110100480 _____ () C:\Users\Thomas\Downloads\Stargate.SG1.S01E01.German.DL.DVD.x.264-TVS.part01.rar
2014-10-02 19:17 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 17:34 - 2014-10-01 17:34 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\OpenOffice
2014-10-01 15:42 - 2014-09-01 20:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-10-01 15:41 - 2014-10-06 15:00 - 00000000 ____D () C:\Program Files\Web Protect
2014-10-01 12:03 - 2014-10-01 12:03 - 00359988 _____ () C:\Users\Thomas\Desktop\bookmarks.html
2014-10-01 10:56 - 2014-10-01 10:56 - 17903792 _____ (Adobe Systems Incorporated) C:\Users\Thomas\Downloads\install_flash_player.exe
2014-10-01 10:31 - 2014-10-01 10:31 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-01 10:31 - 2014-10-01 10:31 - 00001084 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-29 15:28 - 2014-09-29 15:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-29 11:24 - 2014-10-06 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-09-29 11:22 - 2014-09-29 11:22 - 01101648 _____ () C:\Users\Thomas\Downloads\Malwarebytes Anti Exploit - CHIP-Installer.exe
2014-09-29 11:17 - 2014-09-29 11:17 - 00000166 _____ () C:\Windows\system32\mbae-default.log
2014-09-28 10:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 23:56 - 2014-10-01 10:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-22 23:25 - 2014-09-22 23:25 - 35775054 _____ () C:\Users\Thomas\Downloads\TV-20140922-1948-5301.webm.h264.mp4
2014-09-19 10:49 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-09-19 10:48 - 2014-09-04 21:14 - 00032928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-09-18 01:24 - 2014-09-18 01:24 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-18 01:23 - 2014-09-18 01:24 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-09-18 01:15 - 2014-09-18 01:15 - 00000000 ____D () C:\Users\Thomas\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-09-18 01:07 - 2014-09-18 01:14 - 164858324 _____ () C:\Users\Thomas\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2014-09-15 22:12 - 2014-10-01 17:38 - 00000000 ____D () C:\Users\Thomas\Desktop\Black Hawks
2014-09-12 10:25 - 2014-09-12 10:25 - 03086040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-09-12 10:25 - 2014-09-12 10:25 - 02566872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 02474200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-09-12 10:25 - 2014-09-12 10:25 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-09-12 10:25 - 2014-09-12 10:25 - 00916696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 00215656 _____ (NVIDIA Corporation) C:\Windows\system32\NVCOSMU.DLL
2014-09-12 10:24 - 2014-09-12 10:24 - 00018944 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvsmu.sys
2014-09-12 10:22 - 2014-09-12 10:22 - 00953856 _____ (NVIDIA Corporation) C:\Windows\system32\fdco2.dll
2014-09-12 10:22 - 2014-09-12 10:22 - 00758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2014-09-12 10:22 - 2014-09-12 10:22 - 00296936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmf6232.sys
2014-09-12 10:22 - 2014-09-12 10:22 - 00207464 _____ (NVIDIA Corporation) C:\Windows\system32\nvconrm.dll
2014-09-12 10:22 - 2014-09-12 10:22 - 00010084 _____ () C:\Windows\system32\Drivers\nvphy.bin
2014-09-12 10:21 - 2014-07-02 07:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-09-12 10:19 - 2014-09-12 10:19 - 11283344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-12 10:18 - 2014-09-12 10:19 - 24198088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 15296456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 11222048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 10681176 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-12 10:18 - 2014-09-12 10:18 - 03988952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 01054552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234052.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 00907552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234052.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 00907096 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 00869152 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-09-12 00:48 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:48 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:48 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:48 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:48 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:48 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:48 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:48 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:48 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:48 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:48 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:48 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:48 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:48 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:48 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:48 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:48 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:48 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:48 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:48 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:48 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:48 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:48 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:48 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:48 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:48 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:48 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:48 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:48 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:48 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 12:51 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 12:51 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 12:51 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 12:51 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 12:51 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 12:51 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-07 14:19 - 2014-09-07 14:19 - 00021446 _____ () C:\Users\Thomas\Documents\duschen cd 1.dxp
2014-09-07 14:07 - 2014-09-07 14:07 - 00001824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-09-07 14:07 - 2014-09-07 14:07 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Canneverbe Limited
2014-09-07 14:07 - 2014-09-07 14:07 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-09-07 14:06 - 2014-09-07 14:07 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-09-07 14:05 - 2014-09-07 14:05 - 05412944 _____ (Canneverbe Limited ) C:\Users\Thomas\Downloads\cdbxp_setup_4.5.4.5000_minimal.exe
2014-09-06 12:15 - 2014-09-07 12:26 - 00000000 ____D () C:\Users\Thomas\Desktop\ripped
2014-09-06 11:50 - 2014-09-07 12:22 - 00004264 _____ () C:\Windows\cdplayer.ini
2014-09-06 11:49 - 2014-09-07 11:36 - 00001534 _____ () C:\ProgramData\ss.ini
2014-09-06 11:49 - 2014-09-06 11:49 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-09-06 11:49 - 2014-09-06 11:49 - 00000000 ____D () C:\ProgramData\FreeRIP MP3 Converter
2014-09-06 11:49 - 2014-09-06 11:49 - 00000000 ____D () C:\Program Files\FreeRIP
2014-09-06 11:48 - 2014-09-06 11:48 - 02173272 _____ (GreenTree Applications SRL) C:\Users\Thomas\Downloads\freeripmp3-setup-4.5.2.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 18:27 - 2013-06-05 18:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-06 18:23 - 2013-06-05 16:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-06 18:00 - 2013-06-06 18:00 - 00000290 _____ () C:\Windows\Tasks\DSite.job
2014-10-06 17:03 - 2014-03-31 10:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 17:02 - 2013-06-06 16:12 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-06 15:08 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 15:08 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 15:06 - 2014-03-31 10:09 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-10-06 15:06 - 2013-07-06 16:03 - 00000278 _____ () C:\Windows\Tasks\CheckDriveBackgroundGuard.job
2014-10-06 15:06 - 2013-06-05 16:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 15:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 14:57 - 2013-06-06 18:00 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DSite
2014-10-06 14:37 - 2014-03-31 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 14:37 - 2014-03-31 10:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-06 13:30 - 2013-12-27 00:52 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-06 13:27 - 2014-01-01 12:50 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-10-06 13:27 - 2013-06-07 11:20 - 00000000 ____D () C:\Windows\system32\SPReview
2014-10-06 13:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system
2014-10-06 13:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-10-06 13:07 - 2009-10-16 18:41 - 01316471 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 00:31 - 2013-06-06 16:03 - 00000000 ___RD () C:\Program Files\Skype
2014-10-06 00:29 - 2014-04-04 23:25 - 00000000 ____D () C:\Program Files\qaul.net
2014-10-06 00:23 - 2014-08-31 21:54 - 00000000 ____D () C:\Program Files\OXXOGames
2014-10-06 00:11 - 2009-10-16 20:22 - 00000000 ____D () C:\Program Files\Google
2014-10-06 00:10 - 2013-06-09 01:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
2014-10-06 00:09 - 2009-10-16 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-06 00:08 - 2013-12-05 15:44 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-10-06 00:07 - 2014-08-24 17:54 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-10-05 23:20 - 2009-10-21 23:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-05 23:11 - 2013-12-09 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-05 23:11 - 2013-12-09 13:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 22:07 - 2009-11-09 03:24 - 00000000 ____D () C:\Windows\Minidump
2014-10-04 21:07 - 2009-10-16 19:30 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Winamp
2014-10-04 11:10 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-03 15:05 - 2009-10-28 12:34 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DivX
2014-10-02 19:07 - 2013-06-14 18:06 - 00021267 _____ () C:\Users\Thomas\Documents\Fahrtenbuch.ods
2014-10-02 15:10 - 2009-10-16 19:06 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 11:10 - 2013-06-05 18:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-01 10:57 - 2013-06-05 18:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-01 10:57 - 2013-06-05 18:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-29 23:11 - 2014-08-05 19:48 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2014-09-29 11:50 - 2014-01-03 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-09-29 11:50 - 2013-11-20 14:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-09-29 00:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-28 12:00 - 2009-10-26 17:23 - 00000000 ____D () C:\Users\Thomas\Desktop\Musi
2014-09-24 19:58 - 2013-06-09 01:48 - 00000000 ____D () C:\Users\Thomas\Desktop\Musi neu
2014-09-22 23:34 - 2009-10-22 19:56 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-09-19 10:50 - 2013-12-18 12:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NVIDIA Corporation
2014-09-19 10:50 - 2013-06-05 17:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-18 10:35 - 2009-10-16 21:06 - 00104560 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 10:32 - 2009-07-14 06:33 - 00388392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 01:25 - 2009-10-16 22:12 - 00000000 ____D () C:\Users\Thomas\Desktop\Programme
2014-09-18 01:25 - 2009-10-16 20:57 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-09-18 01:23 - 2009-10-16 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.0
2014-09-17 11:15 - 2013-06-24 10:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 04:13 - 2013-10-30 11:45 - 02193560 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-09-15 09:06 - 2009-10-16 19:15 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 17:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 10:29 - 2013-06-05 17:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-12 10:24 - 2013-06-24 11:14 - 00600680 _____ (NVIDIA Corporation) C:\Windows\system32\nvusmu.exe
2014-09-12 10:22 - 2013-06-24 11:14 - 00600680 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2014-09-12 10:21 - 2004-01-23 15:07 - 00000000 ____D () C:\temp
2014-09-12 10:20 - 2013-06-05 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-12 10:19 - 2009-07-14 00:09 - 16122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-09-12 10:18 - 2014-01-07 22:47 - 00021215 _____ () C:\Windows\system32\nvinfo.pb
2014-09-12 10:18 - 2013-02-26 00:22 - 14498552 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-09-12 10:18 - 2013-02-26 00:22 - 02814656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-09-12 10:09 - 2014-01-01 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-09-12 00:47 - 2013-08-15 23:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:42 - 2014-05-01 23:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 00:42 - 2009-10-16 22:57 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 23:33 - 2013-06-07 00:56 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\SolSuite
2014-09-06 15:14 - 2009-11-14 14:33 - 00018944 ___SH () C:\Users\Thomas\Thumbs.db

Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\CloudBackup1613.exe
C:\Users\Thomas\AppData\Local\Temp\pvxinst370.exe
C:\Users\Thomas\AppData\Local\Temp\pvxinst884.exe
C:\Users\Thomas\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-05 15:24

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 07.10.2014 13:43
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

daimerlein 07.10.2014 18:06
Combofix Logfile:
Code:
ComboFix 14-10-04.01 - Thomas 07.10.2014  18:38:39.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3327.1735 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\runter\ComboFix.exe
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MyPC Backup
c:\program files\MyPC Backup\AlphaVSS.51.x86.dll
c:\program files\MyPC Backup\AlphaVSS.52.x64.dll
c:\program files\MyPC Backup\AlphaVSS.52.x86.dll
c:\program files\MyPC Backup\AlphaVSS.60.x64.dll
c:\program files\MyPC Backup\AlphaVSS.60.x86.dll
c:\program files\MyPC Backup\AlphaVSS.Common.dll
c:\program files\MyPC Backup\AWSSDK.dll
c:\program files\MyPC Backup\BackupStack.exe
c:\program files\MyPC Backup\Configuration Updater.exe
c:\program files\MyPC Backup\Crypto32.dll
c:\program files\MyPC Backup\Crypto64.dll
c:\program files\MyPC Backup\Database\mpcb_backup_conf.db
c:\program files\MyPC Backup\Database\mpcb_file_cache.db
c:\program files\MyPC Backup\Database\mpcb_queues.db
c:\program files\MyPC Backup\Database\mpcb_settings.db
c:\program files\MyPC Backup\Database\mpcb_sig_cache.db
c:\program files\MyPC Backup\de_DE.mo
c:\program files\MyPC Backup\diffstack.dll
c:\program files\MyPC Backup\es_ES.mo
c:\program files\MyPC Backup\fr_FR.mo
c:\program files\MyPC Backup\GetText.dll
c:\program files\MyPC Backup\it_IT.mo
c:\program files\MyPC Backup\LinqBridge.dll
c:\program files\MyPC Backup\LogicNP.EZShellExtensions.dll
c:\program files\MyPC Backup\MPCBClient.dll
c:\program files\MyPC Backup\MPCBContextMenu.dll
c:\program files\MyPC Backup\MPCBIconOverlays.dll
c:\program files\MyPC Backup\mypcbackup.ico
c:\program files\MyPC Backup\ObjectListView.dll
c:\program files\MyPC Backup\pt_PT.mo
c:\program files\MyPC Backup\RegisterExtensionDotNet20_x64.exe
c:\program files\MyPC Backup\RegisterExtensionDotNet20_x86.exe
c:\program files\MyPC Backup\RestartExplorer.exe
c:\program files\MyPC Backup\Service Start.exe
c:\program files\MyPC Backup\Shared Stack.dll
c:\program files\MyPC Backup\Signup Wizard.exe
c:\program files\MyPC Backup\syncicon.ico
c:\program files\MyPC Backup\syncing.ico
c:\program files\MyPC Backup\tick.ico
c:\program files\MyPC Backup\uninst.exe
c:\program files\MyPC Backup\UnRegisterExtensions.exe
c:\program files\MyPC Backup\Updater.exe
c:\program files\MyPC Backup\x64\System.Data.SQLite.dll
c:\program files\MyPC Backup\x86\System.Data.SQLite.dll
c:\users\Thomas\AppData\Roaming\Windows Net Data
c:\users\Thomas\AppData\Roaming\Windows Net Data\id.dat
c:\users\Thomas\AppData\Roaming\Windows Net Data\uninstaller.exe
c:\windows\system32\SETA70A.tmp
E:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BackupStack
-------\Service_BackupStack
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-09-07 bis 2014-10-07  ))))))))))))))))))))))))))))))
.
.
2014-10-07 16:52 . 2014-10-07 16:52        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-10-06 16:34 . 2014-10-06 16:37        --------        d-----w-        C:\FRST
2014-10-06 11:43 . 2014-10-07 16:51        62576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{01626A48-2976-4E82-89F8-65DE0E22A645}\offreg.dll
2014-10-06 11:38 . 2014-10-06 11:38        --------        d-----w-        c:\program files\Enigma Software Group
2014-10-06 11:37 . 2014-10-06 12:33        --------        d-----w-        c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-10-06 11:36 . 2014-10-06 11:36        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2014-10-05 21:50 . 2014-10-05 21:50        --------        d-----w-        c:\users\Thomas\AppData\Roaming\QuickScan
2014-10-05 10:08 . 2014-09-09 01:24        8806800        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{01626A48-2976-4E82-89F8-65DE0E22A645}\mpengine.dll
2014-10-04 21:12 . 2014-10-04 21:12        --------        d-----w-        c:\users\Thomas\AppData\Roaming\LavasoftStatistics
2014-10-02 17:17 . 2014-09-25 01:40        519680        ----a-w-        c:\windows\system32\qdvd.dll
2014-10-01 15:34 . 2014-10-01 15:34        --------        d-----w-        c:\users\Thomas\AppData\Roaming\OpenOffice
2014-10-01 13:42 . 2014-09-01 18:28        304776        ----a-w-        c:\windows\system32\MyOSProtect.dll
2014-10-01 13:41 . 2014-10-06 13:00        --------        d-----w-        c:\program files\Web Protect
2014-09-29 13:28 . 2014-09-29 13:48        --------        d-----w-        c:\program files\Mozilla Thunderbird
2014-09-29 09:24 . 2014-10-07 10:47        --------        d-----w-        c:\programdata\Malwarebytes Anti-Exploit
2014-09-28 08:37 . 2014-09-09 21:47        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-19 08:49 . 2014-09-17 02:13        1291280        ----a-w-        c:\windows\system32\nvspbridge.dll
2014-09-19 08:48 . 2014-09-04 19:14        32928        ----a-w-        c:\windows\system32\drivers\nvvad32v.sys
2014-09-17 23:23 . 2014-09-17 23:24        --------        d-----w-        c:\program files\OpenOffice 4
2014-09-12 08:25 . 2014-09-12 08:25        1892056        ----a-w-        c:\windows\system32\RTSndMgr.cpl
2014-09-12 08:25 . 2014-09-12 08:25        3086040        ----a-w-        c:\windows\system32\drivers\RTKVHDA.sys
2014-09-12 08:25 . 2014-09-12 08:25        2566872        ----a-w-        c:\windows\system32\RtkPgExt.dll
2014-09-12 08:25 . 2014-09-12 08:25        916696        ----a-w-        c:\windows\system32\RtkCoInstII.dll
2014-09-12 08:25 . 2014-09-12 08:25        782040        ----a-w-        c:\windows\system32\RtkApoApi.dll
2014-09-12 08:25 . 2014-09-12 08:25        1099203        ----a-w-        c:\windows\system32\drivers\RTAIODAT.DAT
2014-09-12 08:25 . 2014-09-12 08:25        2474200        ----a-w-        c:\windows\system32\RltkAPO.dll
2014-09-12 08:25 . 2014-09-12 08:25        332568        ----a-w-        c:\windows\system32\MBWrp32.dll
2014-09-12 08:24 . 2014-09-12 08:24        900696        ----a-w-        c:\windows\system32\MaxxAudioAPOShell.dll
2014-09-12 08:24 . 2014-09-12 08:24        1940056        ----a-w-        c:\windows\system32\MaxxAudioEQ.dll
2014-09-12 08:24 . 2014-09-12 08:24        2421792        ----a-w-        c:\windows\system32\FMAPO.dll
2014-09-12 08:24 . 2014-09-12 08:24        18944        ----a-w-        c:\windows\system32\drivers\nvsmu.sys
2014-09-12 08:24 . 2014-09-12 08:24        215656        ----a-w-        c:\windows\system32\NVCOSMU.DLL
2014-09-12 08:22 . 2014-09-12 08:22        10084        ----a-w-        c:\windows\system32\drivers\nvphy.bin
2014-09-12 08:22 . 2014-09-12 08:22        758784        ----a-w-        c:\windows\system32\cohelper.dll
2014-09-12 08:22 . 2014-09-12 08:22        296936        ----a-w-        c:\windows\system32\drivers\nvmf6232.sys
2014-09-12 08:22 . 2014-09-12 08:22        207464        ----a-w-        c:\windows\system32\nvconrm.dll
2014-09-12 08:22 . 2014-09-12 08:22        953856        ----a-w-        c:\windows\system32\fdco2.dll
2014-09-12 08:21 . 2014-07-02 05:14        3826628        ----a-w-        c:\windows\system32\nvcoproc.bin
2014-09-12 08:19 . 2014-09-12 08:19        11283344        ----a-w-        c:\windows\system32\nvopencl.dll
2014-09-12 08:18 . 2014-09-12 08:19        24198088        ----a-w-        c:\windows\system32\nvoglv32.dll
2014-09-12 08:18 . 2014-09-12 08:18        10681176        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2014-09-12 08:18 . 2014-09-12 08:18        907096        ----a-w-        c:\windows\system32\NvIFR.dll
2014-09-12 08:18 . 2014-09-12 08:18        907552        ----a-w-        c:\windows\system32\nvdispgenco3234052.dll
2014-09-12 08:18 . 2014-09-12 08:18        869152        ----a-w-        c:\windows\system32\NvFBC.dll
2014-09-12 08:18 . 2014-09-12 08:18        1054552        ----a-w-        c:\windows\system32\nvdispco3234052.dll
2014-09-12 08:18 . 2014-09-12 08:18        3988952        ----a-w-        c:\windows\system32\nvcuvid.dll
2014-09-12 08:18 . 2014-09-12 08:18        11222048        ----a-w-        c:\windows\system32\nvcuda.dll
2014-09-12 08:18 . 2014-09-12 08:18        15296456        ----a-w-        c:\windows\system32\nvcompiler.dll
2014-09-11 22:47 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-09-11 10:51 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-11 10:51 . 2014-07-07 01:40        1059840        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-11 10:51 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-09-11 10:51 . 2014-08-01 11:35        793600        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-09-11 10:51 . 2014-09-05 01:52        445952        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-11 10:51 . 2014-09-05 01:47        302592        ----a-w-        c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-07 16:57 . 2014-03-31 08:15        110296        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-01 08:57 . 2013-06-05 16:18        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-01 08:57 . 2013-06-05 16:18        701104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-09-17 02:13 . 2013-10-30 09:45        2193560        ----a-w-        c:\windows\system32\nvspcap.dll
2014-09-15 07:06 . 2009-10-16 17:15        231568        ------w-        c:\windows\system32\MpSigStub.exe
2014-09-15 00:08 . 2014-10-07 16:56        8806800        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F92B58BA-B92F-4CE0-A87B-70F3E31E844D}\mpengine.dll
2014-09-12 08:24 . 2013-06-24 09:14        600680        ----a-w-        c:\windows\system32\nvusmu.exe
2014-09-12 08:22 . 2013-06-24 09:14        600680        ----a-w-        c:\windows\system32\NVUNINST.EXE
2014-09-12 08:19 . 2009-07-13 22:09        16122344        ----a-w-        c:\windows\system32\nvwgf2um.dll
2014-09-12 08:18 . 2013-02-25 22:22        14498552        ----a-w-        c:\windows\system32\nvd3dum.dll
2014-09-12 08:18 . 2013-02-25 22:22        2814656        ----a-w-        c:\windows\system32\nvapi.dll
2014-09-04 19:14 . 2013-10-30 09:43        32416        ----a-w-        c:\windows\system32\nvaudcap32v.dll
2014-08-23 01:46 . 2014-08-29 08:26        305152        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 00:42 . 2014-08-29 08:26        2352640        ----a-w-        c:\windows\system32\win32k.sys
2014-08-05 14:08 . 2014-08-05 14:09        96680        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 01:42 . 2014-08-14 12:40        654336        ----a-w-        c:\windows\system32\rpcrt4.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-14 08:06        752960        ----a-w-        c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
2014-06-11 13:20        464720        ----a-w-        c:\program files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-07 16:06        578240        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 7"="c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-12-11 1564528]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-10-30 578560]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-09-26 4811032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-09-17 2193560]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-29 4085896]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-05-28 455512]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-09-12 12021464]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 311152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2014-08-29 440632]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2014-05-23 1601856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-07-09 502952]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-07-09 863400]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-06-07 280576]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2009-10-16 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-08-21 16:30        959176        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2014-05-28 04:46        455512        ----a-w-        c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2014-01-10 05:26        1861968        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-05-11 14:43        6061400        ----a-w-        c:\program files\Logitech\Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
2010-05-11 14:43        6061400        ----a-w-        c:\program files\Logitech\Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 12:08        205336        ----a-w-        c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-05-08 07:51        21444224        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-09-25 09:00        4728320        ----a-w-        c:\users\Thomas\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-09-25 08:59        1140736        ----a-w-        c:\users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-05-04 2152736]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 SystemStoreService;System Store;c:\program files\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-10-24 47360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-01-06 14848]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2009-09-11 507408]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-08-21 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 153672]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [2014-08-13 567144]
R3 TDslMgrService;DSL-Manager;c:\program files\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2014-01-06 49664]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-07-07 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-07-07 414520]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [2014-08-30 47896]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2014-01-14 881952]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-07-07 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-07-07 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-07-07 71944]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-11 122000]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-09-17 915784]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys [2014-04-10 75640]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files\HitmanPro.Alert\hmpalert.exe [2014-04-10 1876816]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2014-05-15 342336]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-08-29 441144]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-09-17 1795912]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-09-17 18044744]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2013-03-23 21480]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 14848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-07 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-09-17 19272]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-09-04 32928]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2013-11-19 32288]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2013-11-19 20944]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService        REG_MULTI_SZ          HPSLPSVC
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-05 08:57]
.
2014-10-07 c:\windows\Tasks\CheckDriveBackgroundGuard.job
- c:\program files\CheckDrive\CheckDriveBackgroundGuard.exe [2013-07-06 16:33]
.
2014-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-05 14:22]
.
2014-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-05 14:22]
.
2014-10-07 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-01-03 09:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:tabs
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
LSP: c:\windows\system32\MyOSProtect.dll
Trusted Zone: magnus.de
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\znbv219f.default-1412453000272\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk - c:\users\Thomas\AppData\Roaming\Windows Net Data\net.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk - c:\program files\Heimdal\Client\HeimdalAgent.exe
SafeBoot-pcwatch.sys
MSConfigStartUp-Google Update - c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
AddRemove-MyPC Backup - c:\program files\MyPC Backup\uninst.exe
AddRemove-Zip Opener Packages - c:\users\Thomas\AppData\Roaming\Zip Opener Packages\uninstaller.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2570579559-1507674160-3812463377-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:87,5b,f0,c6,62,61,93,a1,61,f5,84,6a,47,b0,c3,2b,b4,a6,9d,5e,dd,ba,5f,
  79,fc,94,36,1d,75,e0,1f,f1,37,ce,7f,d0,53,37,81,ba,6a,6b,14,4a,a4,e1,65,42,\
"??"=hex:3f,6e,bf,61,2a,6f,b7,cc,33,ba,e0,6f,2a,70,28,95
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(12084)
c:\windows\System32\SyncCenter.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files\IObit\Advanced SystemCare 7\Monitor.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\taskhost.exe
c:\windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.185.2043.0.exe
e:\67792f14ce8565d5afc8f4ff0f6877e2\MpMiniSigStub.exe
c:\windows\system32\MpSigStub.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-07  19:03:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-10-07 17:03
.
Vor Suchlauf: 35 Verzeichnis(se), 35.277.225.984 Bytes frei
Nach Suchlauf: 40 Verzeichnis(se), 37.259.460.608 Bytes frei
.
- - End Of File - - 8642E328EBCA3A0220AE82E6A8419CCA
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 08.10.2014 11:52
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

daimerlein 08.10.2014 14:31
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.10.2014
Suchlauf-Zeit: 13:16:41
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.10.08.03
Rootkit Datenbank: v2014.09.19.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Thomas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 346566
Verstrichene Zeit: 19 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner v3.311 - Bericht erstellt am 08/10/2014 um 14:16:02
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Thomas - DOMMEPUTER
# Gestartet von : C:\Users\Thomas\Desktop\runter\AdwCleaner_3.311.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : SystemStoreService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Program Files\Web Protect
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Software Updater
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Software_Updater
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\SoftwareUpdater
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\GutscheinCodes
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
Datei Gelöscht : C:\Windows\system32\MyOSProtect.dll
Datei Gelöscht : C:\Users\Thomas\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Components\AskSearch.js

***** [ Tasks ] *****

Task Gelöscht : Driver Booster Scan
Task Gelöscht : Driver Booster Update
Task Gelöscht : Express FilesUpdate
Task Gelöscht : Freemium1ClickMaint
Task Gelöscht : GoforFilesUpdate
Task Gelöscht : QtraxPlayer
Task Gelöscht : Software Updater Ui
Task Gelöscht : Software Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\qtrax
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\WebProtect
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\covus freemium gmbh
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\WebProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 de)

[ Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\znbv219f.default-1412453000272\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8181 octets] - [08/10/2014 13:47:28]
AdwCleaner[R1].txt - [8241 octets] - [08/10/2014 14:12:08]
AdwCleaner[S0].txt - [8067 octets] - [08/10/2014 14:16:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8127 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Thomas on 08.10.2014 at 15:19:08,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update diamondata
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskHomePage_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskHomePage_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatediamondata_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatediamondata_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utildiamondata_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utildiamondata_RASMANCS
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
Successfully deleted: [File] "C:\Users\Thomas\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-35A61CB4.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Thomas\AppData\Roaming\zip opener packages"
Successfully deleted: [Folder] "C:\Program Files\freerip"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\znbv219f.default-1412453000272\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.10.2014 at 15:26:19,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014
Ran by Thomas (administrator) on DOMMEPUTER on 08-10-2014 15:27:46
Running from C:\Users\Thomas\Downloads
Loaded Profile: Thomas (Available profiles: Thomas)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Abelssoft) C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-09-12] (Realtek Semiconductor)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-10-30] (Samsung Electronics)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-07] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE01926618D4ECA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\znbv219f.default-1412453000272
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\znbv219f.default-1412453000272\Extensions\youtubeunblocker@unblocker.yt [2014-10-05]
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\znbv219f.default-1412453000272\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-05]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\znbv219f.default-1412453000272\extensions\ascsurfingprotection@iobit.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> D66422C4F34F5351FD856EAF1D7954C34FF507ECBB198FD449024FCFF69A8CD3
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> A3102230FE54712A910FC8BC8D14008BD3E371FFCE4CB7A4F0304923015D9AA1
CHR DefaultSearchProvider: Default -> C909338F95A18B0B2FA930303896C2499E19D8A8A3FE7FB1AB4230E24B76C133
CHR DefaultSearchURL: Default -> E318E4E8859F40A06ACFBDE57AD6054FEFC2805DA7E5A0F60E93F9669FBD49D8
CHR CustomProfile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-06]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-06]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-05-14]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-06]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-06]
CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-26]
CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-02-07]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-07] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-17] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-17] (NVIDIA Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567144 2014-08-13] (Mister Group)
S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 HPSLPSVC; C:\Users\Thomas\AppData\Local\Temp\7zS62CF\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-07] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-07] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-06-06] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872192 2009-12-01] (C-Media Inc)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [75640 2014-04-10] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-06] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 nvax; C:\Windows\System32\drivers\nvax.sys [53376 2005-04-13] (NVIDIA Corporation)
S3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [414464 2005-04-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [507408 2009-09-11] (TechniSat Digital, S.A.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 ASPI32; No ImagePath
S3 catchme; \??\C:\Users\Thomas\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U2 hdservice.exe; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 15:26 - 2014-10-08 15:26 - 00003205 _____ () C:\Users\Thomas\Desktop\JRT.txt
2014-10-08 15:19 - 2014-10-08 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-10-08 14:20 - 2014-10-08 14:20 - 00008207 _____ () C:\Users\Thomas\Desktop\AdwCleaner[S0].txt
2014-10-08 13:47 - 2014-10-08 14:16 - 00000000 ____D () C:\AdwCleaner
2014-10-08 13:45 - 2014-10-08 13:45 - 00001158 _____ () C:\Users\Thomas\Desktop\mbam.txt
2014-10-07 19:03 - 2014-10-07 19:03 - 00027508 _____ () C:\ComboFix.txt
2014-10-07 18:35 - 2014-10-07 19:04 - 00000000 ____D () C:\ComboFix
2014-10-07 18:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-07 18:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-07 18:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-07 18:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-07 18:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-07 18:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-07 18:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-07 18:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-07 18:34 - 2014-10-07 19:04 - 00000000 ____D () C:\Qoobox
2014-10-07 18:33 - 2014-10-07 19:00 - 00000000 ____D () C:\Windows\erdnt
2014-10-07 18:26 - 2014-10-08 15:17 - 00000000 ____D () C:\Users\Thomas\Desktop\runter
2014-10-06 18:36 - 2014-10-06 18:37 - 00043322 _____ () C:\Users\Thomas\Downloads\Addition.txt
2014-10-06 18:35 - 2014-10-08 15:27 - 00021899 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-10-06 18:34 - 2014-10-08 15:27 - 00000000 ____D () C:\FRST
2014-10-06 18:33 - 2014-10-06 18:33 - 01101312 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe
2014-10-06 14:37 - 2014-10-06 14:37 - 00001039 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-06 13:38 - 2014-10-06 13:38 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-06 13:37 - 2014-10-06 14:33 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-10-06 13:36 - 2014-10-06 13:36 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-06 00:23 - 2014-10-08 14:18 - 00009938 _____ () C:\Windows\PFRO.log
2014-10-06 00:23 - 2014-10-08 14:18 - 00001344 _____ () C:\Windows\setupact.log
2014-10-06 00:23 - 2014-10-06 00:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-05 23:50 - 2014-10-05 23:50 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\QuickScan
2014-10-05 23:47 - 2014-10-05 23:47 - 05671272 _____ (Speedchecker Limited ) C:\Users\Thomas\Downloads\pcbeschleunigen_7b54c84ef2ff4dafb408d426e996acbe_.exe
2014-10-05 23:11 - 2014-10-05 23:11 - 00000944 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-05 23:09 - 2014-10-05 23:09 - 04965896 _____ (Piriform Ltd) C:\Users\Thomas\Downloads\ccsetup418.exe
2014-10-05 22:48 - 2014-10-05 22:48 - 00945272 _____ (Prevx) C:\Users\Thomas\Downloads\prevxcsifree.exe
2014-10-04 23:12 - 2014-10-04 23:12 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\LavasoftStatistics
2014-10-02 19:17 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 17:34 - 2014-10-01 17:34 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\OpenOffice
2014-10-01 12:03 - 2014-10-01 12:03 - 00359988 _____ () C:\Users\Thomas\Desktop\bookmarks.html
2014-10-01 10:56 - 2014-10-01 10:56 - 17903792 _____ (Adobe Systems Incorporated) C:\Users\Thomas\Downloads\install_flash_player.exe
2014-10-01 10:31 - 2014-10-01 10:31 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-01 10:31 - 2014-10-01 10:31 - 00001084 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-29 15:28 - 2014-09-29 15:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-29 11:24 - 2014-10-08 10:23 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-09-29 11:22 - 2014-09-29 11:22 - 01101648 _____ () C:\Users\Thomas\Downloads\Malwarebytes Anti Exploit - CHIP-Installer.exe
2014-09-29 11:17 - 2014-09-29 11:17 - 00000166 _____ () C:\Windows\system32\mbae-default.log
2014-09-28 10:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 23:56 - 2014-10-01 10:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-22 23:25 - 2014-09-22 23:25 - 35775054 _____ () C:\Users\Thomas\Downloads\TV-20140922-1948-5301.webm.h264.mp4
2014-09-19 10:49 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-09-19 10:48 - 2014-09-04 21:14 - 00032928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-09-18 01:24 - 2014-09-18 01:24 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-18 01:23 - 2014-09-18 01:24 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-09-18 01:15 - 2014-09-18 01:15 - 00000000 ____D () C:\Users\Thomas\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-09-18 01:07 - 2014-09-18 01:14 - 164858324 _____ () C:\Users\Thomas\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2014-09-15 22:12 - 2014-10-07 19:07 - 00000000 ____D () C:\Users\Thomas\Desktop\Black Hawks
2014-09-12 10:25 - 2014-09-12 10:25 - 03086040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-09-12 10:25 - 2014-09-12 10:25 - 02566872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 02474200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-09-12 10:25 - 2014-09-12 10:25 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-09-12 10:25 - 2014-09-12 10:25 - 00916696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 00215656 _____ (NVIDIA Corporation) C:\Windows\system32\NVCOSMU.DLL
2014-09-12 10:24 - 2014-09-12 10:24 - 00018944 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvsmu.sys
2014-09-12 10:22 - 2014-09-12 10:22 - 00953856 _____ (NVIDIA Corporation) C:\Windows\system32\fdco2.dll
2014-09-12 10:22 - 2014-09-12 10:22 - 00758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2014-09-12 10:22 - 2014-09-12 10:22 - 00296936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmf6232.sys
2014-09-12 10:22 - 2014-09-12 10:22 - 00207464 _____ (NVIDIA Corporation) C:\Windows\system32\nvconrm.dll
2014-09-12 10:22 - 2014-09-12 10:22 - 00010084 _____ () C:\Windows\system32\Drivers\nvphy.bin
2014-09-12 10:21 - 2014-07-02 07:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-09-12 10:19 - 2014-09-12 10:19 - 11283344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-12 10:18 - 2014-09-12 10:19 - 24198088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 15296456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 11222048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 10681176 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-12 10:18 - 2014-09-12 10:18 - 03988952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 01054552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234052.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 00907552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234052.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 00907096 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 00869152 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-09-12 00:48 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:48 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:48 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:48 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:48 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:48 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:48 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:48 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:48 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:48 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:48 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:48 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:48 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:48 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:48 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:48 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:48 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:48 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:48 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:48 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:48 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:48 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:48 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:48 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:48 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:48 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:48 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:48 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:48 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:48 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 12:51 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 12:51 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 12:51 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 12:51 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 12:51 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 12:51 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 15:27 - 2013-06-05 18:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 15:23 - 2013-06-05 16:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-08 14:27 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 14:27 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 14:24 - 2009-10-16 18:41 - 01393337 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 14:22 - 2014-03-31 10:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 14:18 - 2014-03-31 10:09 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-10-08 14:18 - 2013-07-06 16:03 - 00000278 _____ () C:\Windows\Tasks\CheckDriveBackgroundGuard.job
2014-10-08 14:18 - 2013-06-06 16:12 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-08 14:18 - 2013-06-05 16:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 14:18 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 10:35 - 2009-10-16 19:30 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Winamp
2014-10-07 19:04 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-10-07 19:04 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-07 18:56 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-07 18:55 - 2013-12-27 00:52 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-07 18:53 - 2009-07-14 04:03 - 51642368 _____ () C:\Windows\system32\config\software.bak
2014-10-07 18:53 - 2009-07-14 04:03 - 20971520 _____ () C:\Windows\system32\config\system.bak
2014-10-07 18:53 - 2009-07-14 04:03 - 04456448 _____ () C:\Windows\system32\config\default.bak
2014-10-07 18:53 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-10-07 18:53 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-10-06 14:37 - 2014-03-31 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 14:37 - 2014-03-31 10:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-06 13:27 - 2014-01-01 12:50 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-10-06 13:27 - 2013-06-07 11:20 - 00000000 ____D () C:\Windows\system32\SPReview
2014-10-06 13:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system
2014-10-06 13:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-10-06 00:31 - 2013-06-06 16:03 - 00000000 ___RD () C:\Program Files\Skype
2014-10-06 00:29 - 2014-04-04 23:25 - 00000000 ____D () C:\Program Files\qaul.net
2014-10-06 00:23 - 2014-08-31 21:54 - 00000000 ____D () C:\Program Files\OXXOGames
2014-10-06 00:11 - 2009-10-16 20:22 - 00000000 ____D () C:\Program Files\Google
2014-10-06 00:10 - 2013-06-09 01:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
2014-10-06 00:09 - 2009-10-16 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-06 00:08 - 2013-12-05 15:44 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-10-06 00:07 - 2014-08-24 17:54 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-10-05 23:20 - 2009-10-21 23:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-05 23:11 - 2013-12-09 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-05 23:11 - 2013-12-09 13:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 22:07 - 2009-11-09 03:24 - 00000000 ____D () C:\Windows\Minidump
2014-10-04 11:10 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-03 15:05 - 2009-10-28 12:34 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DivX
2014-10-02 19:07 - 2013-06-14 18:06 - 00021267 _____ () C:\Users\Thomas\Documents\Fahrtenbuch.ods
2014-10-02 15:10 - 2009-10-16 19:06 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 11:10 - 2013-06-05 18:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-01 10:57 - 2013-06-05 18:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-01 10:57 - 2013-06-05 18:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-29 23:11 - 2014-08-05 19:48 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2014-09-29 11:50 - 2014-01-03 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-09-29 11:50 - 2013-11-20 14:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-09-29 00:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-28 12:00 - 2009-10-26 17:23 - 00000000 ____D () C:\Users\Thomas\Desktop\Musi
2014-09-24 19:58 - 2013-06-09 01:48 - 00000000 ____D () C:\Users\Thomas\Desktop\Musi neu
2014-09-22 23:34 - 2009-10-22 19:56 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-09-19 10:50 - 2013-12-18 12:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NVIDIA Corporation
2014-09-19 10:50 - 2013-06-05 17:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-18 10:35 - 2009-10-16 21:06 - 00104560 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 10:32 - 2009-07-14 06:33 - 00388392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 01:25 - 2009-10-16 22:12 - 00000000 ____D () C:\Users\Thomas\Desktop\Programme
2014-09-18 01:25 - 2009-10-16 20:57 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-09-18 01:23 - 2009-10-16 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.0
2014-09-17 11:15 - 2013-06-24 10:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 04:13 - 2013-10-30 11:45 - 02193560 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-09-15 09:06 - 2009-10-16 19:15 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 17:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 10:29 - 2013-06-05 17:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-12 10:24 - 2013-06-24 11:14 - 00600680 _____ (NVIDIA Corporation) C:\Windows\system32\nvusmu.exe
2014-09-12 10:22 - 2013-06-24 11:14 - 00600680 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2014-09-12 10:21 - 2004-01-23 15:07 - 00000000 ____D () C:\temp
2014-09-12 10:20 - 2013-06-05 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-12 10:19 - 2009-07-14 00:09 - 16122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-09-12 10:18 - 2014-01-07 22:47 - 00021215 _____ () C:\Windows\system32\nvinfo.pb
2014-09-12 10:18 - 2013-02-26 00:22 - 14498552 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-09-12 10:18 - 2013-02-26 00:22 - 02814656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-09-12 10:09 - 2014-01-01 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-09-12 00:47 - 2013-08-15 23:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:42 - 2014-05-01 23:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 00:42 - 2009-10-16 22:57 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 23:33 - 2013-06-07 00:56 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\SolSuite

Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-05 15:24

==================== End Of Log ============================
--- --- ---

schrauber 09.10.2014 10:47

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

daimerlein 10.10.2014 13:33
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f8de88c3d316f644a96dd155d2e528d5
# engine=20517
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-09 04:19:02
# local_time=2014-10-09 06:19:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 2446136 177292032 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 71180 164502733 0 0
# scanned=275010
# found=56
# cleaned=0
# scan_time=17157
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Thomas\AppData\Local\Temp\OCS\ocs_v71b.exe"
sh=02ACCF194CA48E405E1362F1AEB838053611C607 ft=1 fh=c3fe43bb758333ce vn="Variante von Win32/KeyLogger.FamilyKeyLogger.C Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP144\A0110571.exe"
sh=EB6DE69DCC94FC8B838FB1EF6C351CC6321F314D ft=1 fh=9a3aade43a3a1ec0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP178\A0120136.exe"
sh=C69FCDF4921EFE45206302D52AA6C4D395EB5524 ft=1 fh=7ce3ccf8cb5706d9 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP178\A0120137.exe"
sh=8E76E987AD7F35B760BA522EC79E3345254EC479 ft=1 fh=ffc18cb16ca98208 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP71\A0063264.rbf"
sh=52A779A61A1640B551AAA1DF9B204A6E1A49481B ft=1 fh=439b48e6f5f04afc vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP71\A0063265.rbf"
sh=E1DB48E34CADF0BC96EEB10F06EA7D833D6ED568 ft=1 fh=835d5a7e895cd24b vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP71\A0063266.rbf"
sh=ADA4A5ECA7369EF7CFD021557F488CD335EA8A69 ft=1 fh=a201f14b1abf8424 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP71\A0063267.rbf"
sh=5008E4CDDD93655BEE0A8F28F4DF7AC412FCB86B ft=1 fh=b4d7b9fa83fc75a4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP71\A0063268.rbf"
sh=CA7CF6544DBC15A516F4D750EDAE93D85C694306 ft=1 fh=567137661449bd72 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP71\A0063269.rbf"
sh=F809FB7EBED9AA2A9AC5803D92B401533F4505B5 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP71\A0063270.msi"
sh=B567C6AA81A55127E3C616B64D6F6C0E3C53B361 ft=1 fh=0068914beeb53254 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP72\A0063272.rbf"
sh=31B520DA766970D40D6E7024938874D10E0973E7 ft=1 fh=331176eaf85fef07 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP72\A0063273.rbf"
sh=DC84F25BAFEB1AF08F15D9E2767183CC38BC848C ft=1 fh=eea703cff80ef4f6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP72\A0063274.rbf"
sh=51D393E0C7DE002A4CC4EA9E2607C6FED20366F2 ft=1 fh=3529b45d9f72f59e vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP72\A0063275.rbf"
sh=16268197065D3B4C87A0044FEDD6E63DD7919093 ft=1 fh=f869f3febffb453f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP72\A0063276.rbf"
sh=4792232EF70FA271A7C8B53342D7DD43C4D61F0E ft=1 fh=07ef76f12db7a90f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP72\A0063277.rbf"
sh=E2181772D737B244B58480A45C3DA2D1539DD922 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP72\A0063279.msi"
sh=3F45E7700D94DBA4983912A1B4D781EE1D13E00B ft=1 fh=0e02220d073ade6a vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063516.rbf"
sh=7A247EFE5FC909394250349672FE3BD34073E4A4 ft=1 fh=19f4c13151194fbf vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063517.rbf"
sh=9AEC9793A1806F4518910DD375769BCD43C6D1AE ft=1 fh=4725b9809b48e89f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063518.rbf"
sh=2E40C34238EEC1E6FBBEAFB282763BCFF98EBD21 ft=1 fh=f5316c09de5cd9de vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063519.rbf"
sh=A0D57B43C21A256520D5CE1E9ADC86B6E840913A ft=1 fh=b6582d9d8f777641 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063520.rbf"
sh=7648487A2DBA94ABC0DBA9DAA57418250B52D81E ft=1 fh=61d0612d9185d265 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063521.rbf"
sh=630382DCE4DFFB647E08CF2153F5A122A628478F ft=1 fh=547768c662c75cff vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063522.rbf"
sh=37C9A562762E6C7CDAE33191CF3CE67E0D33ADA8 ft=1 fh=59c125c09dfe316d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063523.rbf"
sh=FCE6DAC62EC777C0F5AB84FF527517706F3B2A29 ft=1 fh=e73f5ddc27d748af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063524.rbf"
sh=FD36CDE224651810D44FC1F303808E3538E049F0 ft=1 fh=ab8c371972bfa4a8 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063525.rbf"
sh=C97EA72902C03BF34F664C76C8A1C01D5EEFA192 ft=1 fh=c56cad731f1105bd vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063526.rbf"
sh=958B1B7EC9D0F027181234A771E4FB913E858825 ft=1 fh=bbf7141065bcc0d7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063527.rbf"
sh=64223BDCEAE748D56A5C902F2B5CBE97394A8D7A ft=1 fh=265611869bfbeff8 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063528.rbf"
sh=1AFA5D62D9216ECCDE4A0C6EDAFA55E5F7EC15AB ft=1 fh=5d5549c09e67e0e7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063529.rbf"
sh=FF5B4B3BA3AD51BB7B1173DF1CCE69217B7DE7D0 ft=1 fh=789bd4eba45d30bb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063530.rbf"
sh=9EFA42FD443DA88D1C19BAEC42E5C58893101D93 ft=1 fh=67927331828e91ae vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063533.rbf"
sh=EFF6BB049C6B0914A4FAB9C46FEBE49C2F16201C ft=1 fh=1c594ca7bbe5cf8a vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP73\A0063534.rbf"
sh=2830B98CFD8019FCD723FD8E1F8A483FD23AFB8C ft=1 fh=809615ac9e43ca8d vn="MSIL/Dedem.U Trojaner" ac=I fn="C:\System Volume Information\_restore{CD99F124-E21F-493F-80F5-A361C66805AD}\RP85\A0079018.dll"
sh=F93DC4B9AA4E2F15DA0BF573C2288B84E7E32F92 ft=1 fh=df358b5f39d76216 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\Desktop\Waltons\streamtransport_setup.exe"
sh=499C616ADEFF9C6FCF2C18DD4915D700FA8FF429 ft=1 fh=8bc5f0870ee9f152 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\Downloads\Autoruns - CHIP-Installer.exe"
sh=7E5299F9C025C686E9B10FD6A5EC5C644933A58F ft=1 fh=7dcb11e96837ba58 vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\Downloads\greatmahjong_CB-DL-Manager.exe"
sh=BBD7A2AC1E027E7ED0CFA567CF06E86D22B2A665 ft=1 fh=55978f7f5077c75a vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\Downloads\IObit-Malware-Figher-Setup.exe"
sh=9A2FBD9CFAAACF44114D4A13D54E67ECB9103402 ft=1 fh=1c5f6d1e0fa20a93 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\Downloads\pcbeschleunigen_7b54c84ef2ff4dafb408d426e996acbe_.exe"
sh=0BBE6B557F0D710AF7D1E12615BAB5696BFE1F2F ft=1 fh=7f5ebdd46cadd7d4 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\Downloads\smart-defrag-setup.exe"
sh=31B22BFD77C8C102E8F373D09FCE03028CE9783C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="E:\DOMMEPUTER\Backup Set 2014-03-13 221544\Backup Files 2014-03-13 221544\Backup files 16.zip"
sh=0C02924A60AEF2B3E42E30CD47937F021B384820 ft=0 fh=0000000000000000 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="E:\DOMMEPUTER\Backup Set 2014-03-13 221544\Backup Files 2014-03-13 221544\Backup files 17.zip"
sh=8E3FC612123993D1FF89C7A5A5886E1AFE01BE68 ft=0 fh=0000000000000000 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="E:\DOMMEPUTER\Backup Set 2014-03-13 221544\Backup Files 2014-03-13 221544\Backup files 18.zip"
sh=F8F70DF3ACC7D68DC644D22C9BF890C87992BFA7 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="E:\DOMMEPUTER\Backup Set 2014-03-13 221544\Backup Files 2014-03-13 221544\Backup files 19.zip"
sh=C53C949B7EB050CA6FA011EB7FA85EA0013DCE0B ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="E:\DOMMEPUTER\Backup Set 2014-03-13 221544\Backup Files 2014-03-13 221544\Backup files 2.zip"
sh=0A9BC625B234965FB351F374FF460F61A6196DC0 ft=0 fh=0000000000000000 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="E:\DOMMEPUTER\Backup Set 2014-03-13 221544\Backup Files 2014-03-13 221544\Backup files 22.zip"
sh=5EAAD4B53B482AC58C051DAD74A30EBC637FD115 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.K evtl. unerwünschte Anwendung" ac=I fn="E:\DOMMEPUTER\Backup Set 2014-03-13 221544\Backup Files 2014-03-13 221544\Backup files 26.zip"
sh=D3D73E5F449F8C2517F05A0819094C1E51023188 ft=0 fh=0000000000000000 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="E:\DOMMEPUTER\Backup Set 2014-03-13 221544\Backup Files 2014-03-13 221544\Backup files 27.zip"
sh=347FD08ED5B6F7EA623A272840D50E0CD009AB83 ft=0 fh=0000000000000000 vn="Variante von MSIL/DownloadGuide.F evtl. unerwünschte Anwendung" ac=I fn="E:\DOMMEPUTER\Backup Set 2014-03-13 221544\Backup Files 2014-03-13 221544\Backup files 5.zip"
sh=7225F46ACAAE0BBB62BAA392CE51C4A2AA560704 ft=0 fh=0000000000000000 vn="Variante von Win32/BSDownloader evtl. unerwünschte Anwendung" ac=I fn="E:\DOMMÄ-PC\Backup Set 2012-08-15 185151\Backup Files 2012-08-15 185151\Backup files 2.zip"
sh=FAA6884C1C621AAB4656F053DD3111B8D2FDDADF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\DOMMÄ-PC\Backup Set 2012-08-15 185151\Backup Files 2012-08-15 185151\Backup files 3.zip"
sh=660850048BCAEC5F4E968A82B3705EA7DBEBE6CF ft=1 fh=d04bcc2c2cbaf643 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Alben\Musik\Accept\FreeYouTubeToMp3Converter.exe"
sh=66257AD245FB524876AB51DC76AEF0D85D9EF0A8 ft=1 fh=5b74c301b719646a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Alben\Musik\Charts\FreeAudioCDToMP3Converter.exe"
sh=15E77D433386DCDA3BBD1D5371E2281494C91269 ft=1 fh=1ea73b67a5e32849 vn="Variante von Win32/Adware.Kazaa.A Anwendung" ac=I fn="I:\Download\kmd.exe"
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! antivirus 
avast! Antivirus 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 CCleaner   
 Java 7 Update 67 
 Adobe Flash Player        15.0.0.152 
 Adobe Reader XI 
 Mozilla Firefox (32.0.3)
 Mozilla Thunderbird (31.1.2)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 IObit IObit Malware Fighter IMFsrv.exe 
 Malwarebytes Anti-Exploit mbae-svc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Malwarebytes Anti-Exploit mbae.exe 
 IObit IObit Malware Fighter IMF.exe 
 IObit IObit Malware Fighter adsremoval IE\Adblock.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

       
Code:

       
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014
Ran by Thomas (administrator) on DOMMEPUTER on 09-10-2014 21:30:39
Running from C:\Users\Thomas\Downloads
Loaded Profile: Thomas (Available profiles: Thomas)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Abelssoft) C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adblock) C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\Users\Thomas\Desktop\runter\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-09-12] (Realtek Semiconductor)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-10-30] (Samsung Electronics)
HKU\S-1-5-21-2570579559-1507674160-3812463377-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-07] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE01926618D4ECA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\bps3us3h.default-1412842712132
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-05]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff

Chrome:
=======
CHR HomePage: Default -> D66422C4F34F5351FD856EAF1D7954C34FF507ECBB198FD449024FCFF69A8CD3
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> A3102230FE54712A910FC8BC8D14008BD3E371FFCE4CB7A4F0304923015D9AA1
CHR DefaultSearchProvider: Default -> C909338F95A18B0B2FA930303896C2499E19D8A8A3FE7FB1AB4230E24B76C133
CHR DefaultSearchURL: Default -> E318E4E8859F40A06ACFBDE57AD6054FEFC2805DA7E5A0F60E93F9669FBD49D8
CHR CustomProfile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-06]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-06]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-05-14]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-06]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-06]
CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-26]
CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-02-07]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-07] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-17] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-17] (NVIDIA Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567144 2014-08-13] (Mister Group)
S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 HPSLPSVC; C:\Users\Thomas\AppData\Local\Temp\7zS62CF\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-07] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-06-06] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872192 2009-12-01] (C-Media Inc)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [75640 2014-04-10] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-06] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 nvax; C:\Windows\System32\drivers\nvax.sys [53376 2005-04-13] (NVIDIA Corporation)
S3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [414464 2005-04-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [507408 2009-09-11] (TechniSat Digital, S.A.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 ASPI32; No ImagePath
S3 catchme; \??\C:\Users\Thomas\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U2 hdservice.exe; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 15:19 - 2014-10-08 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-10-08 13:47 - 2014-10-08 14:16 - 00000000 ____D () C:\AdwCleaner
2014-10-07 19:03 - 2014-10-07 19:03 - 00027508 _____ () C:\ComboFix.txt
2014-10-07 18:35 - 2014-10-07 19:04 - 00000000 ____D () C:\ComboFix
2014-10-07 18:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-07 18:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-07 18:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-07 18:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-07 18:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-07 18:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-07 18:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-07 18:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-07 18:34 - 2014-10-07 19:04 - 00000000 ____D () C:\Qoobox
2014-10-07 18:33 - 2014-10-07 19:00 - 00000000 ____D () C:\Windows\erdnt
2014-10-07 18:26 - 2014-10-09 21:25 - 00000000 ____D () C:\Users\Thomas\Desktop\runter
2014-10-06 18:36 - 2014-10-06 18:37 - 00043322 _____ () C:\Users\Thomas\Downloads\Addition.txt
2014-10-06 18:35 - 2014-10-09 21:30 - 00022373 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-10-06 18:34 - 2014-10-09 21:30 - 00000000 ____D () C:\FRST
2014-10-06 18:33 - 2014-10-06 18:33 - 01101312 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe
2014-10-06 14:37 - 2014-10-06 14:37 - 00001039 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-06 13:38 - 2014-10-06 13:38 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-06 13:37 - 2014-10-06 14:33 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-10-06 13:36 - 2014-10-06 13:36 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-06 00:23 - 2014-10-09 10:15 - 00001512 _____ () C:\Windows\setupact.log
2014-10-06 00:23 - 2014-10-08 14:18 - 00009938 _____ () C:\Windows\PFRO.log
2014-10-06 00:23 - 2014-10-06 00:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-05 23:50 - 2014-10-05 23:50 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\QuickScan
2014-10-05 23:47 - 2014-10-05 23:47 - 05671272 _____ (Speedchecker Limited ) C:\Users\Thomas\Downloads\pcbeschleunigen_7b54c84ef2ff4dafb408d426e996acbe_.exe
2014-10-05 23:11 - 2014-10-05 23:11 - 00000944 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-05 23:09 - 2014-10-05 23:09 - 04965896 _____ (Piriform Ltd) C:\Users\Thomas\Downloads\ccsetup418.exe
2014-10-05 22:48 - 2014-10-05 22:48 - 00945272 _____ (Prevx) C:\Users\Thomas\Downloads\prevxcsifree.exe
2014-10-04 23:12 - 2014-10-04 23:12 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\LavasoftStatistics
2014-10-02 19:17 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 17:34 - 2014-10-01 17:34 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\OpenOffice
2014-10-01 12:03 - 2014-10-01 12:03 - 00359988 _____ () C:\Users\Thomas\Desktop\bookmarks.html
2014-10-01 10:56 - 2014-10-01 10:56 - 17903792 _____ (Adobe Systems Incorporated) C:\Users\Thomas\Downloads\install_flash_player.exe
2014-10-01 10:31 - 2014-10-01 10:31 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-01 10:31 - 2014-10-01 10:31 - 00001084 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-29 15:28 - 2014-09-29 15:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-29 11:24 - 2014-10-09 19:25 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-09-29 11:22 - 2014-09-29 11:22 - 01101648 _____ () C:\Users\Thomas\Downloads\Malwarebytes Anti Exploit - CHIP-Installer.exe
2014-09-29 11:17 - 2014-09-29 11:17 - 00000166 _____ () C:\Windows\system32\mbae-default.log
2014-09-28 10:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 23:56 - 2014-10-01 10:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-22 23:25 - 2014-09-22 23:25 - 35775054 _____ () C:\Users\Thomas\Downloads\TV-20140922-1948-5301.webm.h264.mp4
2014-09-19 10:49 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-09-19 10:48 - 2014-09-04 21:14 - 00032928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-09-18 01:24 - 2014-09-18 01:24 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-18 01:23 - 2014-09-18 01:24 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-09-18 01:15 - 2014-09-18 01:15 - 00000000 ____D () C:\Users\Thomas\Desktop\OpenOffice 4.1.1 (de) Installation Files
2014-09-18 01:07 - 2014-09-18 01:14 - 164858324 _____ () C:\Users\Thomas\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2014-09-15 22:12 - 2014-10-08 22:33 - 00000000 ____D () C:\Users\Thomas\Desktop\Black Hawks
2014-09-12 10:25 - 2014-09-12 10:25 - 03086040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-09-12 10:25 - 2014-09-12 10:25 - 02566872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 02474200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-09-12 10:25 - 2014-09-12 10:25 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-09-12 10:25 - 2014-09-12 10:25 - 00916696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-09-12 10:25 - 2014-09-12 10:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-09-12 10:24 - 2014-09-12 10:24 - 00215656 _____ (NVIDIA Corporation) C:\Windows\system32\NVCOSMU.DLL
2014-09-12 10:24 - 2014-09-12 10:24 - 00018944 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvsmu.sys
2014-09-12 10:22 - 2014-09-12 10:22 - 00953856 _____ (NVIDIA Corporation) C:\Windows\system32\fdco2.dll
2014-09-12 10:22 - 2014-09-12 10:22 - 00758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2014-09-12 10:22 - 2014-09-12 10:22 - 00296936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmf6232.sys
2014-09-12 10:22 - 2014-09-12 10:22 - 00207464 _____ (NVIDIA Corporation) C:\Windows\system32\nvconrm.dll
2014-09-12 10:22 - 2014-09-12 10:22 - 00010084 _____ () C:\Windows\system32\Drivers\nvphy.bin
2014-09-12 10:21 - 2014-07-02 07:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-09-12 10:19 - 2014-09-12 10:19 - 11283344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-12 10:18 - 2014-09-12 10:19 - 24198088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 15296456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 11222048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 10681176 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-12 10:18 - 2014-09-12 10:18 - 03988952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 01054552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234052.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 00907552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234052.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 00907096 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-09-12 10:18 - 2014-09-12 10:18 - 00869152 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-09-12 00:48 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:48 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:48 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:48 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:48 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:48 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:48 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:48 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:48 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:48 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:48 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:48 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:48 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:48 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:48 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:48 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:48 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:48 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:48 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:48 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:48 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:48 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:48 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:48 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:48 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:48 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:48 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:48 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:48 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:48 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 12:51 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 12:51 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 12:51 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 12:51 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 12:51 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 12:51 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 21:27 - 2013-06-05 18:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 21:26 - 2014-03-31 10:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 21:23 - 2013-06-05 16:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-09 18:58 - 2009-10-16 18:41 - 01413477 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 18:25 - 2009-11-14 14:33 - 00018944 ___SH () C:\Users\Thomas\Thumbs.db
2014-10-09 13:32 - 2009-10-16 19:06 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 10:25 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 10:25 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 10:15 - 2014-03-31 10:09 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-10-09 10:15 - 2013-12-27 00:52 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-09 10:14 - 2013-07-06 16:03 - 00000278 _____ () C:\Windows\Tasks\CheckDriveBackgroundGuard.job
2014-10-09 10:14 - 2013-06-06 16:12 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-09 10:14 - 2013-06-05 16:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 10:14 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 23:43 - 2013-06-06 16:03 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2014-10-08 10:35 - 2009-10-16 19:30 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Winamp
2014-10-07 19:04 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-10-07 19:04 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-07 18:56 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-07 18:53 - 2009-07-14 04:03 - 51642368 _____ () C:\Windows\system32\config\software.bak
2014-10-07 18:53 - 2009-07-14 04:03 - 20971520 _____ () C:\Windows\system32\config\system.bak
2014-10-07 18:53 - 2009-07-14 04:03 - 04456448 _____ () C:\Windows\system32\config\default.bak
2014-10-07 18:53 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-10-07 18:53 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-10-06 14:37 - 2014-03-31 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 14:37 - 2014-03-31 10:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-06 13:27 - 2014-01-01 12:50 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-10-06 13:27 - 2013-06-07 11:20 - 00000000 ____D () C:\Windows\system32\SPReview
2014-10-06 13:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system
2014-10-06 13:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-10-06 00:31 - 2013-06-06 16:03 - 00000000 ___RD () C:\Program Files\Skype
2014-10-06 00:29 - 2014-04-04 23:25 - 00000000 ____D () C:\Program Files\qaul.net
2014-10-06 00:23 - 2014-08-31 21:54 - 00000000 ____D () C:\Program Files\OXXOGames
2014-10-06 00:11 - 2009-10-16 20:22 - 00000000 ____D () C:\Program Files\Google
2014-10-06 00:10 - 2013-06-09 01:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
2014-10-06 00:09 - 2009-10-16 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-06 00:08 - 2013-12-05 15:44 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-10-06 00:07 - 2014-08-24 17:54 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-10-05 23:20 - 2009-10-21 23:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-05 23:11 - 2013-12-09 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-05 23:11 - 2013-12-09 13:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 22:07 - 2009-11-09 03:24 - 00000000 ____D () C:\Windows\Minidump
2014-10-04 11:10 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-03 15:05 - 2009-10-28 12:34 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DivX
2014-10-02 19:07 - 2013-06-14 18:06 - 00021267 _____ () C:\Users\Thomas\Documents\Fahrtenbuch.ods
2014-10-02 11:10 - 2013-06-05 18:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-01 10:57 - 2013-06-05 18:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-01 10:57 - 2013-06-05 18:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-29 23:11 - 2014-08-05 19:48 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2014-09-29 11:50 - 2014-01-03 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-09-29 11:50 - 2013-11-20 14:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-09-29 00:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-28 12:00 - 2009-10-26 17:23 - 00000000 ____D () C:\Users\Thomas\Desktop\Musi
2014-09-24 19:58 - 2013-06-09 01:48 - 00000000 ____D () C:\Users\Thomas\Desktop\Musi neu
2014-09-22 23:34 - 2009-10-22 19:56 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-09-19 10:50 - 2013-12-18 12:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NVIDIA Corporation
2014-09-19 10:50 - 2013-06-05 17:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-18 10:35 - 2009-10-16 21:06 - 00104560 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 10:32 - 2009-07-14 06:33 - 00388392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 01:25 - 2009-10-16 22:12 - 00000000 ____D () C:\Users\Thomas\Desktop\Programme
2014-09-18 01:25 - 2009-10-16 20:57 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-09-18 01:23 - 2009-10-16 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.0
2014-09-17 11:15 - 2013-06-24 10:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 04:13 - 2013-10-30 11:45 - 02193560 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-09-15 09:06 - 2009-10-16 19:15 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 17:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 10:29 - 2013-06-05 17:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-12 10:24 - 2013-06-24 11:14 - 00600680 _____ (NVIDIA Corporation) C:\Windows\system32\nvusmu.exe
2014-09-12 10:22 - 2013-06-24 11:14 - 00600680 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2014-09-12 10:21 - 2004-01-23 15:07 - 00000000 ____D () C:\temp
2014-09-12 10:20 - 2013-06-05 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-12 10:19 - 2009-07-14 00:09 - 16122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-09-12 10:18 - 2014-01-07 22:47 - 00021215 _____ () C:\Windows\system32\nvinfo.pb
2014-09-12 10:18 - 2013-02-26 00:22 - 14498552 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-09-12 10:18 - 2013-02-26 00:22 - 02814656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-09-12 10:09 - 2014-01-01 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-09-12 00:47 - 2013-08-15 23:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:42 - 2014-05-01 23:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 00:42 - 2009-10-16 22:57 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
C:\Users\Thomas\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-05 15:24

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---
Also die meldung das ein skript nicht ausgeführt werden kann kommt nicht mehr, bis jetz aber videos bei facebook kann ich immer noch keine anschaun.

So jetzt läuft alles wieder normal, hab Advanced Sysrem Care 7 deinstalliert und schon wars gut. danke für deine hilfe

schrauber 11.10.2014 11:23
Backups auf E löschen.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55