Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Onlinebanking wurde wegen Trojaner gesperrt (https://www.trojaner-board.de/163607-onlinebanking-wurde-wegen-trojaner-gesperrt.html)

Mondschein17 04.02.2015 20:42
Onlinebanking wurde wegen Trojaner gesperrt
 
Hallo Ihr Profis,

na ich lasse jede Nacht einen Virenscan laufen habe aber bislang nichts außergewöhnliches gefunden. Auch öffne ich keine Mails von Leuten die ich nicht kenne.

Trotzdem muss es wohl einen Trojaner bei mir geben.

Nun wie kann ich den denn finden????

Viele Grüße und danke im voraus
Andre

schrauber 04.02.2015 21:08
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Mondschein17 04.02.2015 21:34
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by Andre (administrator) on LAPTOP_VDS14675 on 04-02-2015 20:28:56
Running from C:\Users\Andre\Downloads
Loaded Profiles: Andre (Available profiles: Andre)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Schrack Seconet) C:\Program Files (x86)\Hekatron\B5 USB-Port\B5USBPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Schrack Seconet AG) C:\Program Files (x86)\Hekatron\ICSServer\IntegralConnSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(SCHRACK SECONET AG) C:\Program Files (x86)\Hekatron\SWUpdater\SWUpdater.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Farbar) C:\Users\Andre\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-22] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Component Manager] => C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe [233472 2003-10-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SWUpdater] => C:\Program Files (x86)\Hekatron\SWUpdater\SWUpdater.exe [999512 2013-08-02] (SCHRACK SECONET AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\MountPoints2: {739f956b-532f-11e1-91f5-2c27d7c9a0db} - F:\LGAutoRun.exe
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\MountPoints2: {ae1a9695-a3ec-11e4-897a-2c27d7c9a0db} - F:\LGAutoRun.exe
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\MountPoints2: {ba0bb9c8-1fdf-11e1-9fc9-2c27d7c9a0db} - F:\USBAutoRun.exe
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\MountPoints2: {c2a742f8-a211-11e0-a8a8-2c27d7c9a0db} - G:\Data\setup.exe
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011715-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> {02DBE522-9864-4FAC-BBA8-33C8C61624B2} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011715-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} -  No File
Handler-x32: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-10-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\eenws6l1.default-1365529367546
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D011715-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1285428880-2926751199-1477310076-1000: cryptotech.com/WebSec -> C:\Program Files (x86)\Common Files\MARX Shared\xpt\npWebSec.dll (MARX® CryptoTech LP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npWebSec.dll (MARX® CryptoTech LP)
FF SearchPlugin: C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\eenws6l1.default-1365529367546\searchplugins\Ask.xml
FF Extension: HP Detect - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\eenws6l1.default-1365529367546\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-10-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 B5USBPort; C:\Program Files (x86)\Hekatron\B5 USB-Port\B5USBPort.exe [1140224 2008-07-21] (Schrack Seconet) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HPSLPSVC; C:\Users\Andre\AppData\Local\Temp\7zS5CFA\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]
R2 IntegralConnServer; C:\Program Files (x86)\Hekatron\ICSServer\IntegralConnSrv.exe [1662552 2014-03-06] (Schrack Seconet AG)
S4 IRCPAcousticDriver; C:\Windows\SysWOW64\IRCPAcousticDriver.exe [514560 2014-12-08] () [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 CBUSB; C:\Windows\System32\drivers\CBUSB_64.sys [62208 2014-12-08] (MARX CryptoTech LP)
S3 gwiopm; C:\Windows\SysWOW64\gwiopm.sys [3904 2014-12-08] () [File not signed]
S3 SecoBlkUSB; C:\Windows\System32\DRIVERS\SecoBlkUSB.sys [38776 2014-03-06] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(???? | ????? ???? ?????.))
S3 usbefi; C:\Windows\System32\Drivers\usbefi_x64.sys [56000 2013-10-11] (Novar GmbH, Germany)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [118784 2011-06-29] (ZTE Incorporated) [File not signed]
S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [118784 2011-06-29] (ZTE Incorporated) [File not signed]
S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [118784 2011-06-29] (ZTE Incorporated) [File not signed]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 20:28 - 2015-02-04 20:28 - 02131968 _____ (Farbar) C:\Users\Andre\Downloads\FRST64(1).exe
2015-02-04 16:21 - 2015-02-04 16:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 16:21 - 2015-02-04 16:21 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 16:21 - 2015-02-04 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 16:21 - 2015-02-04 16:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 16:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 16:21 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 16:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 16:19 - 2015-02-04 16:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andre\Downloads\mbam-setup-2.0.4.1028(2).exe
2015-02-04 16:16 - 2015-02-04 16:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andre\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-02-04 11:22 - 2015-02-04 11:22 - 01410609 _____ () C:\Users\Andre\Desktop\Feuerschutz.cdr
2015-02-04 09:02 - 2015-02-04 09:02 - 00000000 ____D () C:\Users\Andre\AppData\Local\{A72C465A-AD06-4E87-9EA9-B37B073FF9CD}
2015-02-03 20:59 - 2015-02-03 20:59 - 00001475 _____ () C:\Users\Andre\AppData\Local\recently-used.xbel
2015-02-03 18:07 - 2015-02-03 20:59 - 00000000 ____D () C:\Users\Andre\AppData\Local\gtk-2.0
2015-02-03 18:07 - 2015-02-03 18:07 - 00000000 ____D () C:\Users\Andre\.thumbnails
2015-02-03 17:51 - 2015-02-03 17:51 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-02-03 17:50 - 2015-02-03 17:51 - 00000000 ____D () C:\Program Files\GIMP 2
2015-02-03 17:46 - 2015-02-03 17:48 - 91931728 _____ (The GIMP Team ) C:\Users\Andre\Downloads\gimp-2.8.14-setup-1.exe
2015-02-03 17:46 - 2015-02-03 17:46 - 00009127 _____ () C:\Users\Andre\Downloads\gimp-2.8.14-setup-1.exe.torrent
2015-02-03 17:30 - 2015-02-03 17:30 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\Autodesk
2015-02-03 17:29 - 2015-02-03 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-02-03 17:29 - 2015-02-03 17:29 - 00000000 ____D () C:\Program Files\Autodesk
2015-02-03 17:28 - 2015-02-03 17:28 - 57787424 _____ () C:\Users\Andre\Downloads\SketchBook_7.1.1.284_Win64.exe
2015-02-03 17:26 - 2015-02-03 17:27 - 56701680 _____ () C:\Users\Andre\Downloads\SketchBook_7.1.1.285_Win32.exe
2015-02-02 18:56 - 2015-02-02 19:02 - 00011511 _____ () C:\Users\Andre\Downloads\eBayISAPI.dll
2015-01-27 06:42 - 2015-01-28 07:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 21:52 - 2015-01-25 21:52 - 00000000 ____D () C:\Users\Andre\AppData\Local\{75D7A281-62CE-43A5-8DCE-AED6F0281B42}
2015-01-18 13:20 - 2015-01-24 18:32 - 00000000 ____D () C:\xampp
2015-01-18 13:18 - 2015-01-18 13:19 - 150905704 _____ (Bitnami) C:\Users\Andre\Downloads\xampp-win32-5.6.3-0-VC11-installer.exe
2015-01-18 13:15 - 2015-01-18 13:15 - 00000000 ____D () C:\Users\Andre\AppData\Local\{2B1E3176-3A22-4803-ACEE-B27806DB0F1C}
2015-01-17 11:40 - 2015-01-17 11:40 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-17 10:53 - 2015-01-17 10:53 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-17 10:53 - 2015-01-17 10:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-01-17 10:52 - 2015-01-17 10:52 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-17 10:51 - 2015-01-17 10:51 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-01-17 10:51 - 2015-01-17 10:51 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-17 10:51 - 2015-01-17 10:51 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-01-17 10:51 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-01-17 10:51 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-01-17 10:50 - 2015-01-17 10:50 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-17 10:49 - 2015-01-17 10:49 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\RHEng
2015-01-16 19:03 - 2015-01-16 19:03 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\MySQL
2015-01-16 18:54 - 2015-01-24 18:41 - 00000023 _____ () C:\Windows\ODBCINST.INI
2015-01-16 18:54 - 2015-01-16 18:54 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\Oracle
2015-01-16 18:45 - 2015-01-16 18:47 - 264175616 _____ () C:\Users\Andre\Downloads\mysql-installer-community-5.7.4.0-m14.msi
2015-01-14 07:12 - 2015-01-14 07:12 - 00000732 _____ () C:\Users\Andre\Desktop\USB-Stick - Verknüpfung.lnk
2015-01-14 00:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 00:33 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 00:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 00:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 00:33 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 00:33 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 00:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 00:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 00:33 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 00:33 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 00:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 00:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 00:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 16:10 - 2015-01-13 16:10 - 00000000 ____D () C:\Users\Andre\AppData\Local\{FF605FE3-9007-4288-9F5E-1CF2E54014A0}
2015-01-08 20:37 - 2015-01-08 20:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01009.Wdf
2015-01-06 21:34 - 2015-01-06 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-01-06 21:31 - 2015-01-06 21:33 - 16342352 _____ (Geek Software GmbH ) C:\Users\Andre\Downloads\pdf24-creator-6.9.2.exe
2015-01-06 20:41 - 2015-01-06 20:41 - 00000000 ____D () C:\Users\Andre\AppData\Local\{EAFDDA21-0EA0-4D5F-B8F1-FCFB0EC04B2D}
2015-01-06 10:40 - 2015-01-06 10:46 - 00027949 _____ () C:\Users\Andre\Downloads\Addition.txt
2015-01-06 10:39 - 2015-01-06 10:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andre\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-06 10:37 - 2015-02-04 20:28 - 00023032 _____ () C:\Users\Andre\Downloads\FRST.txt
2015-01-06 10:35 - 2015-02-04 20:29 - 00000000 ____D () C:\FRST
2015-01-06 10:34 - 2015-01-06 10:35 - 02123776 _____ (Farbar) C:\Users\Andre\Downloads\FRST64.exe
2015-01-05 05:32 - 2015-01-05 05:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2015-01-05 05:31 - 2015-01-17 12:02 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-05 05:24 - 2015-01-05 05:24 - 00000000 ____D () C:\Users\Andre\AppData\Local\PackageAware

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 19:58 - 2012-09-05 17:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 19:55 - 2011-11-10 06:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 18:57 - 2014-11-29 18:57 - 00000466 _____ () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2015-02-04 17:56 - 2011-04-08 00:37 - 01203384 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 17:45 - 2012-02-17 20:39 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{64E187DD-CF2B-4211-84AC-FF8D6B27309E}
2015-02-04 16:16 - 2013-03-25 15:21 - 00000000 ____D () C:\Rechnung Jockel
2015-02-04 13:42 - 2013-01-14 22:04 - 02238976 ___SH () C:\Users\Andre\Desktop\Thumbs.db
2015-02-04 13:27 - 2010-10-18 03:29 - 00718150 _____ () C:\Windows\system32\perfh007.dat
2015-02-04 13:27 - 2010-10-18 03:29 - 00155646 _____ () C:\Windows\system32\perfc007.dat
2015-02-04 13:27 - 2009-07-14 06:13 - 01658436 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 11:55 - 2011-11-10 06:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 11:50 - 2011-11-10 06:59 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 11:50 - 2011-11-10 06:59 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 21:28 - 2012-11-04 01:36 - 00000000 ____D () C:\Users\Andre\.gimp-2.8
2015-02-03 18:07 - 2011-06-16 10:49 - 00000000 ____D () C:\Users\Andre
2015-02-03 17:44 - 2011-07-11 21:54 - 00000000 ____D () C:\Users\Andre\Desktop\Gewerbe
2015-02-03 17:34 - 2013-08-13 19:40 - 00056529 _____ () C:\Windows\setupact.log
2015-02-03 17:28 - 2014-07-23 21:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-03 16:01 - 2011-07-04 17:26 - 00000000 ____D () C:\Users\Andre\AppData\Local\CrashDumps
2015-02-03 06:53 - 2013-02-07 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-03 06:53 - 2013-02-07 18:15 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-03 03:40 - 2009-07-14 05:45 - 00025968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 03:40 - 2009-07-14 05:45 - 00025968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 03:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration
2015-02-03 03:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 03:30 - 2013-08-13 21:49 - 00557554 _____ () C:\Windows\PFRO.log
2015-02-03 03:05 - 2011-07-06 06:00 - 01632716 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-02 12:57 - 2012-01-14 13:17 - 00000000 ____D () C:\Program Files (x86)\HP
2015-02-01 23:11 - 2013-06-24 17:40 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndre
2015-02-01 23:11 - 2013-06-24 17:40 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForAndre.job
2015-01-28 13:26 - 2011-06-19 23:05 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLAPTOP_VDS14675$
2015-01-28 13:26 - 2011-06-19 23:05 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForLAPTOP_VDS14675$.job
2015-01-24 21:58 - 2012-09-05 17:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 21:58 - 2012-03-28 19:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:58 - 2011-09-08 17:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 12:07 - 2012-01-30 21:44 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2015-01-17 12:06 - 2012-02-10 11:32 - 00000000 ____D () C:\Users\Andre\AppData\Local\LG Electronics
2015-01-17 12:06 - 2011-09-08 16:55 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2015-01-17 12:00 - 2014-11-27 23:09 - 00000000 ____D () C:\ProgramData\X-Setup Pro
2015-01-17 11:40 - 2013-06-18 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-17 11:39 - 2011-10-11 17:05 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\vlc
2015-01-17 10:52 - 2011-12-25 10:41 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\DVDVideoSoft
2015-01-17 10:52 - 2011-12-25 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-17 10:52 - 2011-12-25 10:40 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-14 07:15 - 2012-11-14 21:03 - 00000000 ____D () C:\USB-Stick
2015-01-14 03:10 - 2013-07-18 08:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2012-03-15 08:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-07 08:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-01-07 07:32 - 2015-01-04 22:15 - 00000000 ___HD () C:\Users\Andre\AppData\Local\Salad-want
2015-01-06 21:34 - 2011-07-08 13:03 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-01-06 13:30 - 2010-10-17 18:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-06 13:17 - 2013-11-17 18:17 - 00040140 _____ () C:\Windows\DPINST.LOG
2015-01-06 10:40 - 2013-02-11 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-06 10:38 - 2015-01-04 22:49 - 00000000 ____D () C:\ProgramData\cache

==================== Files in the root of some directories =======

2014-05-06 06:12 - 2014-05-06 06:12 - 6103040 _____ () C:\Program Files (x86)\GUT8363.tmp
2014-07-09 15:24 - 2014-07-09 15:28 - 0022274 _____ () C:\Users\Andre\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2015-02-03 20:59 - 2015-02-03 20:59 - 0001475 _____ () C:\Users\Andre\AppData\Local\recently-used.xbel
2013-07-10 06:41 - 2014-11-03 10:25 - 0007644 _____ () C:\Users\Andre\AppData\Local\Resmon.ResmonCfg
2013-02-11 12:07 - 2013-02-11 12:24 - 0000152 _____ () C:\ProgramData\-WnoFQbjneG
2013-02-11 12:07 - 2013-02-11 12:24 - 0000160 _____ () C:\ProgramData\-WnoFQbjneGr
2014-12-15 10:01 - 2014-12-15 10:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-02-11 12:07 - 2013-02-11 12:29 - 0000168 _____ () C:\ProgramData\WnoFQbjneG
2011-04-08 00:45 - 2011-04-08 00:45 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-10-17 18:32 - 2010-10-17 18:32 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-04-08 00:45 - 2011-04-08 00:45 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-10-17 18:25 - 2010-10-17 18:26 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-04-08 00:44 - 2011-04-08 00:44 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-04-08 00:45 - 2011-04-08 00:45 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-10-17 18:24 - 2010-10-17 18:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-17 18:26 - 2010-10-17 18:31 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-17 18:32 - 2011-04-08 00:46 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1285428880-2926751199-1477310076-1000\$862d7fa71be30802db7b3b1d2f1ece2f

Some content of TEMP:
====================
C:\Users\Andre\AppData\Local\Temp\APNSetup.exe
C:\Users\Andre\AppData\Local\Temp\ASDConfig_V1600_Setup.exe
C:\Users\Andre\AppData\Local\Temp\ASDPipeFlow_Setup.exe
C:\Users\Andre\AppData\Local\Temp\avgnt.exe
C:\Users\Andre\AppData\Local\Temp\Ct64Setup.exe
C:\Users\Andre\AppData\Local\Temp\FreeStudio.exe
C:\Users\Andre\AppData\Local\Temp\Helpfiles_33.exe
C:\Users\Andre\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Andre\AppData\Local\Temp\IAC_8051_Patch.exe
C:\Users\Andre\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Andre\AppData\Local\Temp\propsys.dll
C:\Users\Andre\AppData\Local\Temp\Resource.exe
C:\Users\Andre\AppData\Local\Temp\SpOrder.dll
C:\Users\Andre\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Andre\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Andre\AppData\Local\Temp\zpjtsf1f.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 04:02

==================== End Of Log ============================
--- --- ---

Mondschein17 04.02.2015 21:45
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Andre at 2015-02-04 21:41:04
Running from C:\Users\Andre\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASD Config (HKLM-x32\...\{C3F3CC59-F322-471B-B7D4-577158420242}) (Version: 1.6.0.0 - Securiton AG)
ASD PipeFlow (HKLM-x32\...\{3C713774-6FDF-4E44-9191-59D55C07708D}) (Version: 2.2.0.0 - Securiton AG)
Autodesk SketchBook (HKLM\...\{E8771745-B470-4EB7-AF2C-D57A8CF60388}) (Version: 7.11.0000 - Autodesk)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3320 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4604 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.3321 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIAG 3 V1.00.17 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter Mobile (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter Mobile (HKLM-x32\...\{AF145F8997B44EE9B106D018EF1DB58B}) (Version: 1.0.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATProg3 für Windows (HKLM-x32\...\{DF30D2E1-F265-4E21-8462-4CE2EB16FFE0}_is1) (Version: Release - IFAM GmbH Erfurt)
Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
hp deskjet 5100 (HKLM-x32\...\{15C165F1-1DAE-4476-AFB6-8723729B41E7}) (Version: 1.03.0000 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{1AF23A65-F2B5-469C-AA51-DA5FB74CA856}) (Version: 1.1.2.1 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Officejet 4630 series - Grundlegende Software für das Gerät (HKLM\...\{BB830050-E345-45FC-80D3-4EF9680CFC06}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet 4630 series Hilfe (HKLM-x32\...\{08B9332C-26DB-4EF3-85D6-6DC62B937681}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Quick Launch (HKLM-x32\...\{EF682D1C-591D-48B5-9803-628DA622C281}) (Version: 2.2.7 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Integral ApplicationCenter Version 7.2.4 (HKLM-x32\...\{167FE068-E24A-43DC-BB6E-0844A34F9C07}_is1) (Version: 7.2.4 - Hekatron Vertriebs GmbH)
Integral ApplicationCenter Version 7.3.7.1 (HKLM-x32\...\{4BB16BB6-CCD7-44FE-BD63-E364896DC2BD}_is1) (Version: 7.3.7.1 - Hekatron Vertriebs GmbH)
Integral ApplicationCenter Version 8.0.5 (HKLM-x32\...\{7800B8BD-107B-4BD4-81F3-3368936979B3}_is1) (Version: 8.0.5 - Hekatron Vertriebs GmbH)
Integral Helpfiles Version 3.3 (HKLM-x32\...\{9C9DF143-A347-42DD-BEEB-C8A56CA66299}_is1) (Version: 3.3 - Hekatron Vertriebs GmbH)
Integral Software Version 6.3.2 (HKLM-x32\...\{52D10C06-9FDF-4175-8B8B-C9053D7ABB4B}_is1) (Version: 6.3.2 - Hekatron Vertriebs GmbH)
Integral SWUpdater Version 2.3.7.0 (HKLM-x32\...\{26CC6279-C544-440E-85EE-C3A8B852C21D}_is1) (Version: 2.3.7.0 - Hekatron Vertriebs GmbH)
Integral TeamViewer Version 8.0.19045 (HKLM-x32\...\{959CE1C3-941D-44DA-B657-B8191F59F067}_is1) (Version: 8.0.19045 - Hekatron Vertriebs GmbH)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3220 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\MyFreeCodec) (Version:  - )
NirSoft IE PassView (HKLM-x32\...\NirSoft IE PassView) (Version:  - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PARSOFT (HKLM-x32\...\{F5CAF327-655B-4710-862E-8964C19A80E7}) (Version: 1.23.2 - Labor Strauss GmbH, Wien, AUSTRIA)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4419 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3320 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.11.0 - Ralink)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{64458EC3-DB2C-4B52-963A-7F730FC70775}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Studie zur Verbesserung von HP Officejet 4630 series (HKLM\...\{15D5723C-3C64-4339-AABF-A3250D75618E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
tools 8000 (HKLM-x32\...\tools 8000) (Version:  - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VC80MFCRedist - 8.0.50727.4053 (x32 Version: 1.0.0 - DivX, Inc) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebSecClient (HKLM-x32\...\{76275110-67AA-4EDA-BCF7-5D6CA740C5EF}) (Version: 5.13.0612 - MARX Software Security)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows-Treiberpaket - Novar GmbH Novar USB Devices (02/05/2012 2.41.1.1) (HKLM\...\19C0D94231CD035DAF498FE40035D518A4A22AE6) (Version: 02/05/2012 2.41.1.1 - Novar GmbH)
Windows-Treiberpaket - Novar GmbH Novar USB Devices (03/23/2010 2.41.1.0) (HKLM\...\8F549E9C3463B54804D4790BAA9A8509B9036DFE) (Version: 03/23/2010 2.41.1.0 - Novar GmbH)
Windows-Treiberpaket - Novar GmbH Novar USB Devices (08/09/2013 2.41.1.2) (HKLM\...\1A1D2F49F26462538CFE9152513DE5EAF22078F6) (Version: 08/09/2013 2.41.1.2 - Novar GmbH)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wise Registry Cleaner 8.26 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.26 - WiseCleaner.com, Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0028E559-5012-4CC3-8A15-97C53AE11006} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {101BF98F-915F-49E6-9057-8C205FD456D9} - System32\Tasks\{2DECF435-DE89-4094-9CA8-56C01566001C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.21.59.104/de/abandoninstall?page=tsProgressBar
Task: {1988A4D1-81DA-4748-9FBA-14645E76D120} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {1E20901F-2C38-44D7-886B-8287873C462A} - \Plus-HD-1.6-codedownloader No Task File <==== ATTENTION
Task: {1FA5F15D-525A-4A37-8297-B23B149B52A9} - System32\Tasks\HPCeeScheduleForLAPTOP_VDS14675$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {1FCB070E-23FE-499F-BE98-1AC69BB8A173} - \Browser Manager No Task File <==== ATTENTION
Task: {23357136-E546-410F-9A97-3CE1FA42B08A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {32DD8AA2-0991-45B8-BBE9-DCE30C8E0D0B} - System32\Tasks\{B5432960-A921-4CAD-AF10-D0BEADDE22DD} => pcalua.exe -a "C:\Users\Andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJSSB5VM\5151_deu_win2k_xp[1].exe" -d C:\Users\Andre\Desktop
Task: {50A09C88-29A5-4C70-98D6-1E4B8182A030} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {523BC7DD-05BB-41B1-994C-D56581A96C91} - \Plus-HD-1.6-enabler No Task File <==== ATTENTION
Task: {65FC6F19-76D4-404A-A7C5-F316E3944B0E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {84C63172-BEC5-412D-9571-9029B390F9AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {A6AE979F-DFE7-4801-B5A8-5A582A3F820A} - \Plus-HD-1.6-updater No Task File <==== ATTENTION
Task: {AC388ED1-7C70-4AEC-95C2-B1CD341DA73D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {B5F77E25-EF53-4596-B088-82603033C1A0} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {BBD4F614-06E6-445F-9933-956B8EE0BF80} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-11-17] (WiseCleaner.com)
Task: {BCCF442C-73DE-4FE4-A9F6-1F9309B93481} - System32\Tasks\{0DA8D77F-F075-41E0-B232-0037E3A16D4C} => pcalua.exe -a C:\Users\Andre\Downloads\sp49524.exe -d C:\Users\Andre\Downloads
Task: {C643C646-62A9-4690-91D2-2431F321DAA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {CAB074B4-1FC6-4CF6-89E5-EDBA1886A2A2} - System32\Tasks\HPCeeScheduleForAndre => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {CE135824-3600-4C9A-AE9F-F469D9F0BFAC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-09-28] (CyberLink)
Task: {D71DDBA2-8DFD-4707-AAE9-439592A2E72B} - System32\Tasks\{81C5D191-07E7-4232-9DFE-4DA8870E401B} => pcalua.exe -a "C:\Users\Andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\502FN5EA\FileZilla_3.2.7.1_win32-setup.exe" -d C:\Users\Andre\Desktop
Task: {DB4FE11E-519A-4C09-A314-7B388EE85AB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {DEB151CB-5035-4C5C-9EAA-78C1B777C330} - System32\Tasks\{0EF7F5BD-4559-43FB-9AAE-CF4B66FB86F6} => pcalua.exe -a "C:\Users\Andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55EXVL12\CDM v2.08.30 WHQL Certified for Windows 8.1.exe" -d C:\Users\Andre\Desktop
Task: {E483C054-E4B1-4599-888F-6AE741AC436C} - \Plus-HD-1.6-firefoxinstaller No Task File <==== ATTENTION
Task: {E72608FD-7194-4538-9F8B-AEA274705CAC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAndre.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLAPTOP_VDS14675$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-09 13:47 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-12-08 15:39 - 2014-12-08 15:39 - 00514560 _____ () C:\Windows\SysWOW64\IRCPAcousticDriver.exe
2011-06-29 20:50 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-07-21 13:33 - 2010-07-21 13:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-12-08 15:39 - 2013-01-07 13:55 - 00623104 _____ () C:\Program Files (x86)\Hekatron\SWUpdater\mrxpu.dll
2014-10-21 03:02 - 2014-10-21 03:02 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2013-10-21 21:01 - 2010-04-13 08:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-27 06:42 - 2015-01-27 06:43 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-07-21 13:33 - 2010-07-21 13:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 13:33 - 2010-07-21 13:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2011-06-29 20:50 - 2011-05-28 21:04 - 00140288 _____ () C:\Program Files (x86)\WinRAR\rarext.dll
2014-11-14 05:01 - 2014-11-14 05:01 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-12-27 11:12 - 2014-11-18 15:26 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42002336.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42002336.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

ATTENTION: Missing Desktop Wallpaper Registry entry.
ATTENTION: Missing Desktop Wallpaper Registry entry.
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: build => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: IRCPAcousticDriver => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: PS3 Media Server => 2
MSCONFIG\Services: RtVOsdService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: salad-date => C:\Users\Andre\AppData\Local\Salad-want\saladsolve.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1285428880-2926751199-1477310076-500 - Administrator - Disabled)
Andre (S-1-5-21-1285428880-2926751199-1477310076-1000 - Administrator - Enabled) => C:\Users\Andre
Gast (S-1-5-21-1285428880-2926751199-1477310076-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1285428880-2926751199-1477310076-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 09:41:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
  VSS-Server wird instanziiert

Error: (02/04/2015 09:41:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  VSS-Server wird instanziiert

Error: (02/04/2015 09:12:56 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Fehler beim Bestimmen des Bibliothekenspeicherorts eines der in die Scherung eingeschlossenen Benutzer durch die Windows-Sicherung. (0x81000031)"

Error: (02/04/2015 09:12:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.

Error: (02/04/2015 09:12:56 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} und dem Namen "Coordinator" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]

Error: (02/04/2015 09:12:51 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Fehler beim Bestimmen des Bibliothekenspeicherorts eines der in die Scherung eingeschlossenen Benutzer durch die Windows-Sicherung. (0x81000031)"

Error: (02/04/2015 09:12:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.

Error: (02/04/2015 09:12:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} und dem Namen "Coordinator" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]

Error: (02/04/2015 09:08:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.

Error: (02/04/2015 09:08:25 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} und dem Namen "Coordinator" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


System errors:
=============
Error: (02/04/2015 09:41:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/04/2015 09:41:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/04/2015 09:41:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/04/2015 09:38:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/04/2015 09:38:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/04/2015 09:38:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/04/2015 09:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/04/2015 09:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/04/2015 09:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/04/2015 09:37:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058


Microsoft Office Sessions:
=========================
Error: (02/04/2015 09:41:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  VSS-Server wird instanziiert

Error: (02/04/2015 09:41:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  VSS-Server wird instanziiert

Error: (02/04/2015 09:12:56 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Fehler beim Bestimmen des Bibliothekenspeicherorts eines der in die Scherung eingeschlossenen Benutzer durch die Windows-Sicherung. (0x81000031)

Error: (02/04/2015 09:12:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/04/2015 09:12:56 PM) (Source: VSS) (EventID: 13) (User: )
Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/04/2015 09:12:51 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Fehler beim Bestimmen des Bibliothekenspeicherorts eines der in die Scherung eingeschlossenen Benutzer durch die Windows-Sicherung. (0x81000031)

Error: (02/04/2015 09:12:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/04/2015 09:12:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/04/2015 09:08:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/04/2015 09:08:25 PM) (Source: VSS) (EventID: 13) (User: )
Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


CodeIntegrity Errors:
===================================
  Date: 2014-11-27 23:25:03.306
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Andre\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-27 23:25:02.285
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Andre\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-27 23:25:01.157
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-27 23:25:00.128
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 41%
Total physical RAM: 6046.91 MB
Available physical RAM: 3514.24 MB
Total Pagefile: 12092.01 MB
Available Pagefile: 9180.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.67 GB) (Free:151.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.13 GB) (Free:2.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: B565CE26)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

schrauber 05.02.2015 08:27
hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Mondschein17 05.02.2015 08:58
Code:
08:48:05.0772 0x0d10  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:48:10.0615 0x0d10  ============================================================
08:48:10.0615 0x0d10  Current date / time: 2015/02/05 08:48:10.0615
08:48:10.0616 0x0d10  SystemInfo:
08:48:10.0616 0x0d10 
08:48:10.0616 0x0d10  OS Version: 6.1.7601 ServicePack: 1.0
08:48:10.0616 0x0d10  Product type: Workstation
08:48:10.0616 0x0d10  ComputerName: LAPTOP_VDS14675
08:48:10.0616 0x0d10  UserName: Andre
08:48:10.0616 0x0d10  Windows directory: C:\Windows
08:48:10.0616 0x0d10  System windows directory: C:\Windows
08:48:10.0616 0x0d10  Running under WOW64
08:48:10.0616 0x0d10  Processor architecture: Intel x64
08:48:10.0616 0x0d10  Number of processors: 2
08:48:10.0616 0x0d10  Page size: 0x1000
08:48:10.0616 0x0d10  Boot type: Normal boot
08:48:10.0617 0x0d10  ============================================================
08:48:10.0837 0x0d10  KLMD registered as C:\Windows\system32\drivers\55183377.sys
08:48:11.0416 0x0d10  System UUID: {FA0CBDEE-C816-BF3C-1A83-927A4BBA392F}
08:48:12.0986 0x0d10  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:48:13.0000 0x0d10  ============================================================
08:48:13.0000 0x0d10  \Device\Harddisk0\DR0:
08:48:13.0000 0x0d10  MBR partitions:
08:48:13.0000 0x0d10  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
08:48:13.0000 0x0d10  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x22F55000
08:48:13.0000 0x0d10  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22FB9000, BlocksNum 0x2441800
08:48:13.0000 0x0d10  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
08:48:13.0000 0x0d10  ============================================================
08:48:13.0066 0x0d10  C: <-> \Device\Harddisk0\DR0\Partition2
08:48:13.0124 0x0d10  D: <-> \Device\Harddisk0\DR0\Partition3
08:48:13.0124 0x0d10  ============================================================
08:48:13.0124 0x0d10  Initialize success
08:48:13.0124 0x0d10  ============================================================
08:48:16.0248 0x0ee0  ============================================================
08:48:16.0248 0x0ee0  Scan started
08:48:16.0248 0x0ee0  Mode: Manual;






Code:
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Andre :: LAPTOP_VDS14675 [administrator]

05.02.2015 08:53:45
-log-2015-02-05 (08-53-45).txt

Scan type: Quick scan
Scan options enabled:
Scan options disabled: Anti-Rootkit | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 0
Time elapsed:

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

schrauber 05.02.2015 10:33
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Mondschein17 05.02.2015 12:17
Code:
ComboFix 15-02-02.01 - Andre 05.02.2015  10:47:43.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6047.2732 [GMT 1:00]
ausgeführt von:: c:\users\Andre\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Andre\AppData\Local\Temp\7zS5CFA\HPSLPSVC64.DLL
c:\users\Andre\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Andre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
c:\windows\iun6002.exe
c:\windows\SysWow64\oledb32.dll
F:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-01-05 bis 2015-02-05  ))))))))))))))))))))))))))))))
.
.
2015-02-05 10:04 . 2015-02-05 10:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-02-05 09:34 . 2015-02-05 09:34        --------        d-----w-        c:\users\Andre\AppData\Roaming\inkscape
2015-02-05 09:15 . 2015-02-05 09:31        --------        d-----w-        c:\program files (x86)\Inkscape
2015-02-05 07:52 . 2015-02-05 07:53        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-04 15:21 . 2015-02-05 07:52        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-04 15:21 . 2015-02-05 07:51        97496        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-02-04 15:21 . 2015-02-04 15:21        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-04 15:21 . 2014-11-21 05:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-02-04 15:21 . 2014-11-21 05:14        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-02-03 17:07 . 2015-02-03 19:59        --------        d-----w-        c:\users\Andre\AppData\Local\gtk-2.0
2015-02-03 17:07 . 2015-02-03 17:07        --------        d-----w-        c:\users\Andre\.thumbnails
2015-02-03 16:50 . 2015-02-03 16:51        --------        d-----w-        c:\program files\GIMP 2
2015-02-03 16:30 . 2015-02-03 16:30        --------        d-----w-        c:\users\Andre\AppData\Roaming\Autodesk
2015-02-03 16:29 . 2015-02-03 16:29        --------        d-----w-        c:\program files\Autodesk
2015-01-18 12:20 . 2015-01-24 17:32        --------        d-----w-        C:\xampp
2015-01-17 09:53 . 2015-01-17 09:53        --------        d-----w-        c:\programdata\TuneUp Software
2015-01-17 09:53 . 2015-01-17 09:53        --------        d-sh--w-        c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-17 09:53 . 2015-01-17 09:53        --------        d--h--w-        c:\programdata\Common Files
2015-01-17 09:51 . 2014-12-16 11:10        358736        ----a-w-        c:\windows\system32\LavasoftTcpService64.dll
2015-01-17 09:51 . 2014-12-16 11:10        312424        ----a-w-        c:\windows\SysWow64\LavasoftTcpService.dll
2015-01-17 09:50 . 2015-01-17 09:50        --------        d-----w-        c:\program files (x86)\Free Codec Pack
2015-01-17 09:49 . 2015-01-17 09:49        --------        d-----w-        c:\users\Andre\AppData\Roaming\RHEng
2015-01-16 18:03 . 2015-01-16 18:03        --------        d-----w-        c:\users\Andre\AppData\Roaming\MySQL
2015-01-16 17:54 . 2015-01-16 17:54        --------        d-----w-        c:\users\Andre\AppData\Roaming\Oracle
2015-01-13 23:33 . 2014-12-19 03:06        210432        ----a-w-        c:\windows\system32\profsvc.dll
2015-01-13 23:33 . 2014-12-11 17:47        62976        ----a-w-        c:\windows\system32\TSWbPrxy.exe
2015-01-13 23:33 . 2014-12-06 04:17        303616        ----a-w-        c:\windows\system32\nlasvc.dll
2015-01-13 23:33 . 2014-12-19 01:46        141312        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2015-01-13 23:33 . 2014-12-06 03:50        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll
2015-01-13 23:33 . 2014-12-06 03:50        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll
2015-01-13 23:33 . 2014-12-12 05:35        5553592        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-01-13 23:33 . 2014-12-12 05:11        3971512        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2015-01-13 23:33 . 2014-12-12 05:11        3916728        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2015-01-13 23:33 . 2014-12-12 05:31        503808        ----a-w-        c:\windows\system32\srcore.dll
2015-01-13 23:33 . 2014-12-12 05:31        50176        ----a-w-        c:\windows\system32\srclient.dll
2015-01-13 23:33 . 2014-12-12 05:31        296960        ----a-w-        c:\windows\system32\rstrui.exe
2015-01-06 12:30 . 2015-01-06 12:30        --------        d-----w-        c:\program files (x86)\ASD PipeFlow
2015-01-06 12:16 . 2015-01-06 12:17        --------        d-----w-        c:\program files (x86)\ASD Config
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-03 03:36 . 2013-10-21 21:18        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-02-03 03:36 . 2013-10-21 21:17        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-02-02 03:05 . 2013-11-20 01:54        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-02-02 03:04 . 2013-11-20 01:53        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-02-02 03:04 . 2013-11-20 01:53        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-01-26 03:06 . 2013-10-21 21:17        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-01-24 20:58 . 2012-03-28 18:01        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-24 20:58 . 2011-09-08 16:45        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 02:00 . 2012-03-15 07:36        113365784        ----a-w-        c:\windows\system32\MRT.exe
2014-12-13 05:09 . 2014-12-17 20:17        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-17 20:17        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-12 05:07 . 2015-01-13 23:33        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2014-12-08 14:39 . 2014-12-08 14:39        514560        ----a-w-        c:\windows\SysWow64\IRCPAcousticDriver.exe
2014-12-08 14:39 . 2014-12-08 14:39        3904        ----a-w-        c:\windows\SysWow64\GWIOPM.SYS
2014-12-08 14:38 . 2014-12-08 14:37        376832        ----a-w-        c:\windows\SysWow64\MPIWIN32.DLL
2014-12-08 14:38 . 2014-12-08 14:37        62208        ----a-w-        c:\windows\system32\drivers\CBUSB_64.sys
2014-12-04 02:50 . 2014-12-10 21:04        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 21:04        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 21:04        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 21:04        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 21:04        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 21:04        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 21:04        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 21:04        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-29 12:47 . 2014-11-28 06:17        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-11-28 06:23 . 2014-12-08 14:31        895912        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2014-11-28 06:23 . 2014-12-08 14:31        816552        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2014-11-28 06:23 . 2014-11-28 06:23        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-28 06:16 . 2014-11-28 06:17        319912        ----a-w-        c:\windows\system32\javaws.exe
2014-11-28 06:16 . 2014-09-11 11:39        189352        ----a-w-        c:\windows\system32\javaw.exe
2014-11-28 06:16 . 2014-09-11 11:39        189352        ----a-w-        c:\windows\system32\java.exe
2014-11-27 01:43 . 2014-12-10 21:07        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 21:07        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 21:07        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 21:07        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 21:07        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 21:07        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 21:07        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 21:07        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 21:07        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 21:07        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 21:07        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 21:07        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 21:07        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 21:07        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 21:07        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 21:07        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 21:07        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 21:07        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 21:07        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 21:07        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 21:07        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 21:07        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 21:07        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 21:07        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 21:07        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 21:07        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 21:07        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 21:07        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 21:07        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 21:07        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 21:07        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 21:07        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 21:07        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 21:07        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 21:07        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 21:07        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 21:07        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 21:07        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 21:07        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 21:07        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-11 03:09 . 2014-12-10 21:04        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 13:27        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 13:27        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 21:04        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 13:27        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 13:27        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 21:04        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 21:02        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 21:02        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-05-06 05:12 . 2014-05-06 05:12        6103040        ----a-w-        c:\program files (x86)\GUT8363.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-09 18:12        223432        ----a-w-        c:\users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-09 18:12        223432        ----a-w-        c:\users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-09 18:12        223432        ----a-w-        c:\users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 4630 series (NET)"="c:\program files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" [2014-03-06 3487240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files (x86)\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-11 702768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-07-25 311616]
"SWUpdater"="c:\program files (x86)\Hekatron\SWUpdater\SWUpdater.exe" [2013-08-02 999512]
"HP Software Update"="c:\program files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-28 584760]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-28 193568]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetgps64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 CBUSB;MARX CryptoTech LP;c:\windows\system32\drivers\CBUSB_64.sys;c:\windows\SYSNATIVE\drivers\CBUSB_64.sys [x]
R3 gwiopm;gwiopm;c:\windows\system32\gwiopm.sys;c:\windows\SYSNATIVE\gwiopm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SecoBlkUSB;BMZ Integral;c:\windows\system32\DRIVERS\SecoBlkUSB.sys;c:\windows\SYSNATIVE\DRIVERS\SecoBlkUSB.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbefi;usbefi;c:\windows\system32\Drivers\usbefi_x64.sys;c:\windows\SYSNATIVE\Drivers\usbefi_x64.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
R4 IRCPAcousticDriver;IRCPAcousticDriver;c:\windows\SysWOW64\IRCPAcousticDriver.exe;c:\windows\SysWOW64\IRCPAcousticDriver.exe [x]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 B5USBPort;B5 USB-Port;c:\program files (x86)\Hekatron\B5 USB-Port\B5USBPort.exe;c:\program files (x86)\Hekatron\B5 USB-Port\B5USBPort.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntegralConnServer;Integral Connection Service;c:\program files (x86)\Hekatron\ICSServer\IntegralConnSrv.exe;c:\program files (x86)\Hekatron\ICSServer\IntegralConnSrv.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 11:43        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 20:58]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10 12:40]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10 12:40]
.
2015-02-01 c:\windows\Tasks\HPCeeScheduleForAndre.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2015-01-28 c:\windows\Tasks\HPCeeScheduleForLAPTOP_VDS14675$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2015-02-04 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-11-27 13:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-09 18:12        262344        ----a-w-        c:\users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-09 18:12        262344        ----a-w-        c:\users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-09 18:12        262344        ----a-w-        c:\users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 08:07        2334928        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 08:07        2334928        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 08:07        2334928        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53        2210304        ----a-w-        c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53        2210304        ----a-w-        c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53        2210304        ----a-w-        c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53        2210304        ----a-w-        c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53        2210304        ----a-w-        c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bing.com/?pc=COSP&ptag=D011715-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Andre\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: telekom-dienste.de
Trusted Zone: videoload.de\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\eenws6l1.default-1365529367546\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-GarminExpressTrayApp - c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe
SafeBoot-42002336.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-tools 8000 - c:\windows\iun6002.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-05  11:19:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-05 10:19
.
Vor Suchlauf: 23 Verzeichnis(se), 162.205.351.936 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 162.777.387.008 Bytes frei
.
- - End Of File - - 6BE9F5678C6CD7503A1038DAA4CC0272
Hallo Schrauber,


folgende Aussage von der IT der Sparkasse:
Trojaner nymain

Mhhmmm

Gruß Andre

schrauber 05.02.2015 14:54
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Mondschein17 05.02.2015 16:35
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.02.2015
Suchlauf-Zeit: 14:57:04
Logdatei: mbm.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.05.05
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Andre

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 356870
Verstrichene Zeit: 38 Min, 7 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 1
Trojan.Agent, C:\Users\Andre\AppData\Local\Temp\Quarantine.exe, In Quarantäne, [667321f9fe8c54e23e1969b237cb6997],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.109 - Bericht erstellt am 05/02/2015 um 16:12:20
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-04.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Andre - LAPTOP_VDS14675
# Gestartet von : C:\Users\Andre\Downloads\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Andre\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Andre\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Andre\Documents\Updater

***** [ Tasks ] *****

Task Gelöscht : Browser Manager
Task Gelöscht : Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Schlüssel Gelöscht : HKCU\Software\Free Video Converter
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\torch
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[0].txt - [40384 octets] - [13/08/2013 22:24:35]
AdwCleaner[1].txt - [951 octets] - [13/08/2013 22:31:49]
AdwCleaner[R0].txt - [7312 octets] - [05/02/2015 16:03:46]
AdwCleaner[S0].txt - [6889 octets] - [05/02/2015 16:12:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6949 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Andre on 05.02.2015 at 16:17:39,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Andre\AppData\Roaming\mozilla\firefox\profiles\eenws6l1.default-1365529367546\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2015 at 16:25:01,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Andre (administrator) on LAPTOP_VDS14675 on 05-02-2015 16:29:18
Running from C:\Users\Andre\Downloads
Loaded Profiles: Andre (Available profiles: Andre)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Schrack Seconet) C:\Program Files (x86)\Hekatron\B5 USB-Port\B5USBPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Schrack Seconet AG) C:\Program Files (x86)\Hekatron\ICSServer\IntegralConnSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(SCHRACK SECONET AG) C:\Program Files (x86)\Hekatron\SWUpdater\SWUpdater.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Andre\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-22] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Component Manager] => C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe [233472 2003-10-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SWUpdater] => C:\Program Files (x86)\Hekatron\SWUpdater\SWUpdater.exe [999512 2013-08-02] (SCHRACK SECONET AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D011715-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> {02DBE522-9864-4FAC-BBA8-33C8C61624B2} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} -  No File
Handler-x32: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-10-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\eenws6l1.default-1365529367546
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D011715-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1285428880-2926751199-1477310076-1000: cryptotech.com/WebSec -> C:\Program Files (x86)\Common Files\MARX Shared\xpt\npWebSec.dll (MARX® CryptoTech LP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npWebSec.dll (MARX® CryptoTech LP)
FF Extension: HP Detect - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\eenws6l1.default-1365529367546\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-10-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 B5USBPort; C:\Program Files (x86)\Hekatron\B5 USB-Port\B5USBPort.exe [1140224 2008-07-21] (Schrack Seconet) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 IntegralConnServer; C:\Program Files (x86)\Hekatron\ICSServer\IntegralConnSrv.exe [1662552 2014-03-06] (Schrack Seconet AG)
S4 IRCPAcousticDriver; C:\Windows\SysWOW64\IRCPAcousticDriver.exe [514560 2014-12-08] () [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 CBUSB; C:\Windows\System32\drivers\CBUSB_64.sys [62208 2014-12-08] (MARX CryptoTech LP)
S3 gwiopm; C:\Windows\SysWOW64\gwiopm.sys [3904 2014-12-08] () [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [97496 2015-02-05] (Malwarebytes Corporation)
S3 SecoBlkUSB; C:\Windows\System32\DRIVERS\SecoBlkUSB.sys [38776 2014-03-06] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 usbefi; C:\Windows\System32\Drivers\usbefi_x64.sys [56000 2013-10-11] (Novar GmbH, Germany)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [118784 2011-06-29] (ZTE Incorporated) [File not signed]
S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [118784 2011-06-29] (ZTE Incorporated) [File not signed]
S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [118784 2011-06-29] (ZTE Incorporated) [File not signed]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 16:28 - 2015-02-05 16:29 - 02131968 _____ (Farbar) C:\Users\Andre\Downloads\FRST64(1).exe
2015-02-05 16:25 - 2015-02-05 16:25 - 00000770 _____ () C:\Users\Andre\Desktop\JRT.txt
2015-02-05 16:10 - 2015-02-05 16:10 - 00001281 _____ () C:\Users\Andre\Desktop\mbm.txt
2015-02-05 14:59 - 2015-02-05 14:59 - 01388274 _____ (Thisisu) C:\Users\Andre\Downloads\JRT.exe
2015-02-05 14:57 - 2015-02-05 14:57 - 02194432 _____ () C:\Users\Andre\Downloads\AdwCleaner_4.109.exe
2015-02-05 11:19 - 2015-02-05 11:19 - 00037604 _____ () C:\ComboFix.txt
2015-02-05 10:45 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 10:45 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 10:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 10:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 10:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 10:45 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 10:45 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 10:45 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 10:43 - 2015-02-05 11:19 - 00000000 ____D () C:\Qoobox
2015-02-05 10:43 - 2015-02-05 10:43 - 00001996 _____ () C:\Users\Andre\AppData\Local\recently-used.xbel
2015-02-05 10:42 - 2015-02-05 11:16 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 10:41 - 2015-02-05 10:42 - 05611380 ____R (Swearware) C:\Users\Andre\Downloads\ComboFix.exe
2015-02-05 10:34 - 2015-02-05 10:34 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\inkscape
2015-02-05 10:24 - 2015-02-05 10:24 - 00001055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2015-02-05 10:22 - 2015-02-05 10:22 - 00001011 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2015-02-05 10:15 - 2015-02-05 10:31 - 00000000 ____D () C:\Program Files (x86)\Inkscape
2015-02-05 10:11 - 2015-02-05 10:12 - 43314243 _____ (inkscape.org) C:\Users\Andre\Downloads\Inkscape-0.91-1.exe
2015-02-05 08:52 - 2015-02-05 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-05 08:51 - 2015-02-05 08:54 - 00000000 ____D () C:\Users\Andre\Desktop\mbar
2015-02-05 08:50 - 2015-02-05 08:51 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Andre\Downloads\mbar-1.08.3.1004.exe
2015-02-05 08:47 - 2015-02-05 08:47 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Andre\Downloads\tdsskiller(1).exe
2015-02-05 08:47 - 2015-02-05 08:47 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Andre\Desktop\tdsskiller(1).exe
2015-02-04 21:37 - 2015-02-04 21:37 - 00000000 ____D () C:\Users\Andre\Downloads\FRST-OlderVersion
2015-02-04 16:21 - 2015-02-05 16:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 16:21 - 2015-02-05 08:51 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 16:21 - 2015-02-04 16:21 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 16:21 - 2015-02-04 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 16:21 - 2015-02-04 16:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 16:21 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 16:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 16:19 - 2015-02-04 16:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andre\Downloads\mbam-setup-2.0.4.1028(2).exe
2015-02-04 16:16 - 2015-02-04 16:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andre\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-02-04 11:22 - 2015-02-04 11:22 - 01410609 _____ () C:\Users\Andre\Desktop\Feuerschutz.cdr
2015-02-03 18:07 - 2015-02-03 20:59 - 00000000 ____D () C:\Users\Andre\AppData\Local\gtk-2.0
2015-02-03 18:07 - 2015-02-03 18:07 - 00000000 ____D () C:\Users\Andre\.thumbnails
2015-02-03 17:51 - 2015-02-03 17:51 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-02-03 17:50 - 2015-02-03 17:51 - 00000000 ____D () C:\Program Files\GIMP 2
2015-02-03 17:46 - 2015-02-03 17:48 - 91931728 _____ (The GIMP Team ) C:\Users\Andre\Downloads\gimp-2.8.14-setup-1.exe
2015-02-03 17:46 - 2015-02-03 17:46 - 00009127 _____ () C:\Users\Andre\Downloads\gimp-2.8.14-setup-1.exe.torrent
2015-02-03 17:30 - 2015-02-03 17:30 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\Autodesk
2015-02-03 17:29 - 2015-02-03 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-02-03 17:29 - 2015-02-03 17:29 - 00000000 ____D () C:\Program Files\Autodesk
2015-02-03 17:28 - 2015-02-03 17:28 - 57787424 _____ () C:\Users\Andre\Downloads\SketchBook_7.1.1.284_Win64.exe
2015-02-03 17:26 - 2015-02-03 17:27 - 56701680 _____ () C:\Users\Andre\Downloads\SketchBook_7.1.1.285_Win32.exe
2015-02-02 18:56 - 2015-02-02 19:02 - 00011511 _____ () C:\Users\Andre\Downloads\eBayISAPI.dll
2015-01-27 06:42 - 2015-01-28 07:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 13:20 - 2015-01-24 18:32 - 00000000 ____D () C:\xampp
2015-01-18 13:18 - 2015-01-18 13:19 - 150905704 _____ (Bitnami) C:\Users\Andre\Downloads\xampp-win32-5.6.3-0-VC11-installer.exe
2015-01-17 11:40 - 2015-01-17 11:40 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-17 10:53 - 2015-01-17 10:53 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-17 10:53 - 2015-01-17 10:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-01-17 10:52 - 2015-01-17 10:52 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-17 10:51 - 2015-01-17 10:51 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-01-17 10:51 - 2015-01-17 10:51 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-17 10:51 - 2015-01-17 10:51 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-01-17 10:51 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-01-17 10:51 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-01-17 10:50 - 2015-01-17 10:50 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-16 19:03 - 2015-01-16 19:03 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\MySQL
2015-01-16 18:54 - 2015-01-24 18:41 - 00000023 _____ () C:\Windows\ODBCINST.INI
2015-01-16 18:54 - 2015-01-16 18:54 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\Oracle
2015-01-16 18:45 - 2015-01-16 18:47 - 264175616 _____ () C:\Users\Andre\Downloads\mysql-installer-community-5.7.4.0-m14.msi
2015-01-14 07:12 - 2015-01-14 07:12 - 00000732 _____ () C:\Users\Andre\Desktop\USB-Stick - Verknüpfung.lnk
2015-01-14 00:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 00:33 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 00:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 00:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 00:33 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 00:33 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 00:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 00:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 00:33 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 00:33 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 00:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 00:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 00:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-08 20:37 - 2015-01-08 20:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01009.Wdf
2015-01-06 21:34 - 2015-01-06 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-01-06 21:31 - 2015-01-06 21:33 - 16342352 _____ (Geek Software GmbH ) C:\Users\Andre\Downloads\pdf24-creator-6.9.2.exe
2015-01-06 10:40 - 2015-02-04 21:43 - 00044507 _____ () C:\Users\Andre\Downloads\Addition.txt
2015-01-06 10:39 - 2015-01-06 10:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andre\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-06 10:37 - 2015-02-05 16:31 - 00021670 _____ () C:\Users\Andre\Downloads\FRST.txt
2015-01-06 10:35 - 2015-02-05 16:29 - 00000000 ____D () C:\FRST
2015-01-06 10:34 - 2015-02-04 21:37 - 02131968 _____ (Farbar) C:\Users\Andre\Downloads\FRST64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 16:32 - 2009-07-14 03:34 - 93470720 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-05 16:31 - 2011-06-16 10:49 - 07077888 ___SH () C:\Users\Andre\NTUSER.bak
2015-02-05 16:31 - 2009-07-14 03:34 - 21757952 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-05 16:27 - 2011-06-16 10:49 - 00000000 ____D () C:\Users\Andre
2015-02-05 16:24 - 2009-07-14 03:34 - 00843776 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-05 16:23 - 2009-07-14 05:45 - 00025968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 16:23 - 2009-07-14 05:45 - 00025968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 16:23 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-05 16:21 - 2011-04-08 00:37 - 01347349 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 16:13 - 2013-08-13 21:49 - 00560306 _____ () C:\Windows\PFRO.log
2015-02-05 16:13 - 2013-08-13 19:40 - 00056697 _____ () C:\Windows\setupact.log
2015-02-05 16:13 - 2011-11-10 06:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 16:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 16:13 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\SAM.bak
2015-02-05 16:12 - 2013-08-13 22:24 - 00000000 ____D () C:\AdwCleaner
2015-02-05 15:58 - 2012-09-05 17:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 15:55 - 2011-11-10 06:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 11:19 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Default
2015-02-05 11:14 - 2010-10-18 03:29 - 00718150 _____ () C:\Windows\system32\perfh007.dat
2015-02-05 11:14 - 2010-10-18 03:29 - 00155646 _____ () C:\Windows\system32\perfc007.dat
2015-02-05 11:14 - 2009-07-14 06:13 - 01658436 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 11:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 08:54 - 2011-07-04 17:26 - 00000000 ____D () C:\Users\Andre\AppData\Local\CrashDumps
2015-02-04 18:57 - 2014-11-29 18:57 - 00000466 _____ () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2015-02-04 17:45 - 2012-02-17 20:39 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{64E187DD-CF2B-4211-84AC-FF8D6B27309E}
2015-02-04 16:16 - 2013-03-25 15:21 - 00000000 ____D () C:\Rechnung Jockel
2015-02-04 13:42 - 2013-01-14 22:04 - 02238976 ___SH () C:\Users\Andre\Desktop\Thumbs.db
2015-02-04 11:50 - 2011-11-10 06:59 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 11:50 - 2011-11-10 06:59 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 21:28 - 2012-11-04 01:36 - 00000000 ____D () C:\Users\Andre\.gimp-2.8
2015-02-03 17:44 - 2011-07-11 21:54 - 00000000 ____D () C:\Users\Andre\Desktop\Gewerbe
2015-02-03 17:28 - 2014-07-23 21:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-03 06:53 - 2013-02-07 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-03 06:53 - 2013-02-07 18:15 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-03 03:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration
2015-02-03 03:05 - 2011-07-06 06:00 - 01632716 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-02 12:57 - 2012-01-14 13:17 - 00000000 ____D () C:\Program Files (x86)\HP
2015-02-01 23:11 - 2013-06-24 17:40 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndre
2015-02-01 23:11 - 2013-06-24 17:40 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForAndre.job
2015-01-28 13:26 - 2011-06-19 23:05 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLAPTOP_VDS14675$
2015-01-28 13:26 - 2011-06-19 23:05 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForLAPTOP_VDS14675$.job
2015-01-24 21:58 - 2012-09-05 17:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 21:58 - 2012-03-28 19:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:58 - 2011-09-08 17:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 12:07 - 2012-01-30 21:44 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2015-01-17 12:06 - 2012-02-10 11:32 - 00000000 ____D () C:\Users\Andre\AppData\Local\LG Electronics
2015-01-17 12:06 - 2011-09-08 16:55 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2015-01-17 12:02 - 2015-01-05 05:31 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-17 12:00 - 2014-11-27 23:09 - 00000000 ____D () C:\ProgramData\X-Setup Pro
2015-01-17 11:40 - 2013-06-18 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-17 11:39 - 2011-10-11 17:05 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\vlc
2015-01-17 10:52 - 2011-12-25 10:41 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\DVDVideoSoft
2015-01-17 10:52 - 2011-12-25 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-17 10:52 - 2011-12-25 10:40 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-14 07:15 - 2012-11-14 21:03 - 00000000 ____D () C:\USB-Stick
2015-01-14 03:10 - 2013-07-18 08:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2012-03-15 08:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-07 08:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-01-07 07:32 - 2015-01-04 22:15 - 00000000 ___HD () C:\Users\Andre\AppData\Local\Salad-want
2015-01-06 21:34 - 2011-07-08 13:03 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-01-06 13:30 - 2010-10-17 18:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-06 13:17 - 2013-11-17 18:17 - 00040140 _____ () C:\Windows\DPINST.LOG
2015-01-06 10:40 - 2013-02-11 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-06 10:38 - 2015-01-04 22:49 - 00000000 ____D () C:\ProgramData\cache

==================== Files in the root of some directories =======

2014-05-06 06:12 - 2014-05-06 06:12 - 6103040 _____ () C:\Program Files (x86)\GUT8363.tmp
2014-07-09 15:24 - 2014-07-09 15:28 - 0022274 _____ () C:\Users\Andre\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2015-02-05 10:43 - 2015-02-05 10:43 - 0001996 _____ () C:\Users\Andre\AppData\Local\recently-used.xbel
2013-07-10 06:41 - 2014-11-03 10:25 - 0007644 _____ () C:\Users\Andre\AppData\Local\Resmon.ResmonCfg
2013-02-11 12:07 - 2013-02-11 12:24 - 0000152 _____ () C:\ProgramData\-WnoFQbjneG
2013-02-11 12:07 - 2013-02-11 12:24 - 0000160 _____ () C:\ProgramData\-WnoFQbjneGr
2014-12-15 10:01 - 2014-12-15 10:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-02-11 12:07 - 2013-02-11 12:29 - 0000168 _____ () C:\ProgramData\WnoFQbjneG
2011-04-08 00:45 - 2011-04-08 00:45 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-10-17 18:32 - 2010-10-17 18:32 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-04-08 00:45 - 2011-04-08 00:45 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-10-17 18:25 - 2010-10-17 18:26 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-04-08 00:44 - 2011-04-08 00:44 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-04-08 00:45 - 2011-04-08 00:45 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-10-17 18:24 - 2010-10-17 18:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-17 18:26 - 2010-10-17 18:31 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-17 18:32 - 2011-04-08 00:46 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some content of TEMP:
====================
C:\Users\Andre\AppData\Local\Temp\avgnt.exe
C:\Users\Andre\AppData\Local\Temp\Quarantine.exe
C:\Users\Andre\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 04:02

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Andre at 2015-02-05 16:32:25
Running from C:\Users\Andre\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASD Config (HKLM-x32\...\{C3F3CC59-F322-471B-B7D4-577158420242}) (Version: 1.6.0.0 - Securiton AG)
ASD PipeFlow (HKLM-x32\...\{3C713774-6FDF-4E44-9191-59D55C07708D}) (Version: 2.2.0.0 - Securiton AG)
Autodesk SketchBook (HKLM\...\{E8771745-B470-4EB7-AF2C-D57A8CF60388}) (Version: 7.11.0000 - Autodesk)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3320 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4604 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.3321 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIAG 3 V1.00.17 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter Mobile (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter Mobile (HKLM-x32\...\{AF145F8997B44EE9B106D018EF1DB58B}) (Version: 1.0.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATProg3 für Windows (HKLM-x32\...\{DF30D2E1-F265-4E21-8462-4CE2EB16FFE0}_is1) (Version: Release - IFAM GmbH Erfurt)
Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
hp deskjet 5100 (HKLM-x32\...\{15C165F1-1DAE-4476-AFB6-8723729B41E7}) (Version: 1.03.0000 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{1AF23A65-F2B5-469C-AA51-DA5FB74CA856}) (Version: 1.1.2.1 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Officejet 4630 series - Grundlegende Software für das Gerät (HKLM\...\{BB830050-E345-45FC-80D3-4EF9680CFC06}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet 4630 series Hilfe (HKLM-x32\...\{08B9332C-26DB-4EF3-85D6-6DC62B937681}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Quick Launch (HKLM-x32\...\{EF682D1C-591D-48B5-9803-628DA622C281}) (Version: 2.2.7 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inkscape 0.91 (HKLM-x32\...\Inkscape) (Version: 0.91 - )
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Integral ApplicationCenter Version 7.2.4 (HKLM-x32\...\{167FE068-E24A-43DC-BB6E-0844A34F9C07}_is1) (Version: 7.2.4 - Hekatron Vertriebs GmbH)
Integral ApplicationCenter Version 7.3.7.1 (HKLM-x32\...\{4BB16BB6-CCD7-44FE-BD63-E364896DC2BD}_is1) (Version: 7.3.7.1 - Hekatron Vertriebs GmbH)
Integral ApplicationCenter Version 8.0.5 (HKLM-x32\...\{7800B8BD-107B-4BD4-81F3-3368936979B3}_is1) (Version: 8.0.5 - Hekatron Vertriebs GmbH)
Integral Helpfiles Version 3.3 (HKLM-x32\...\{9C9DF143-A347-42DD-BEEB-C8A56CA66299}_is1) (Version: 3.3 - Hekatron Vertriebs GmbH)
Integral Software Version 6.3.2 (HKLM-x32\...\{52D10C06-9FDF-4175-8B8B-C9053D7ABB4B}_is1) (Version: 6.3.2 - Hekatron Vertriebs GmbH)
Integral SWUpdater Version 2.3.7.0 (HKLM-x32\...\{26CC6279-C544-440E-85EE-C3A8B852C21D}_is1) (Version: 2.3.7.0 - Hekatron Vertriebs GmbH)
Integral TeamViewer Version 8.0.19045 (HKLM-x32\...\{959CE1C3-941D-44DA-B657-B8191F59F067}_is1) (Version: 8.0.19045 - Hekatron Vertriebs GmbH)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3220 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\MyFreeCodec) (Version:  - )
NirSoft IE PassView (HKLM-x32\...\NirSoft IE PassView) (Version:  - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PARSOFT (HKLM-x32\...\{F5CAF327-655B-4710-862E-8964C19A80E7}) (Version: 1.23.2 - Labor Strauss GmbH, Wien, AUSTRIA)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4419 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3320 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.11.0 - Ralink)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{64458EC3-DB2C-4B52-963A-7F730FC70775}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Studie zur Verbesserung von HP Officejet 4630 series (HKLM\...\{15D5723C-3C64-4339-AABF-A3250D75618E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
tools 8000 (HKLM-x32\...\tools 8000) (Version:  - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VC80MFCRedist - 8.0.50727.4053 (x32 Version: 1.0.0 - DivX, Inc) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebSecClient (HKLM-x32\...\{76275110-67AA-4EDA-BCF7-5D6CA740C5EF}) (Version: 5.13.0612 - MARX Software Security)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows-Treiberpaket - Novar GmbH Novar USB Devices (02/05/2012 2.41.1.1) (HKLM\...\19C0D94231CD035DAF498FE40035D518A4A22AE6) (Version: 02/05/2012 2.41.1.1 - Novar GmbH)
Windows-Treiberpaket - Novar GmbH Novar USB Devices (03/23/2010 2.41.1.0) (HKLM\...\8F549E9C3463B54804D4790BAA9A8509B9036DFE) (Version: 03/23/2010 2.41.1.0 - Novar GmbH)
Windows-Treiberpaket - Novar GmbH Novar USB Devices (08/09/2013 2.41.1.2) (HKLM\...\1A1D2F49F26462538CFE9152513DE5EAF22078F6) (Version: 08/09/2013 2.41.1.2 - Novar GmbH)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wise Registry Cleaner 8.26 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.26 - WiseCleaner.com, Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Andre\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

05-02-2015 12:43:20 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-05 11:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0028E559-5012-4CC3-8A15-97C53AE11006} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {101BF98F-915F-49E6-9057-8C205FD456D9} - System32\Tasks\{2DECF435-DE89-4094-9CA8-56C01566001C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.21.59.104/de/abandoninstall?page=tsProgressBar
Task: {1988A4D1-81DA-4748-9FBA-14645E76D120} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {1E20901F-2C38-44D7-886B-8287873C462A} - \Plus-HD-1.6-codedownloader No Task File <==== ATTENTION
Task: {1FA5F15D-525A-4A37-8297-B23B149B52A9} - System32\Tasks\HPCeeScheduleForLAPTOP_VDS14675$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {23357136-E546-410F-9A97-3CE1FA42B08A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {32DD8AA2-0991-45B8-BBE9-DCE30C8E0D0B} - System32\Tasks\{B5432960-A921-4CAD-AF10-D0BEADDE22DD} => pcalua.exe -a "C:\Users\Andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJSSB5VM\5151_deu_win2k_xp[1].exe" -d C:\Users\Andre\Desktop
Task: {50A09C88-29A5-4C70-98D6-1E4B8182A030} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {523BC7DD-05BB-41B1-994C-D56581A96C91} - \Plus-HD-1.6-enabler No Task File <==== ATTENTION
Task: {65FC6F19-76D4-404A-A7C5-F316E3944B0E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {84C63172-BEC5-412D-9571-9029B390F9AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {A6AE979F-DFE7-4801-B5A8-5A582A3F820A} - \Plus-HD-1.6-updater No Task File <==== ATTENTION
Task: {AC388ED1-7C70-4AEC-95C2-B1CD341DA73D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {BBD4F614-06E6-445F-9933-956B8EE0BF80} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-11-17] (WiseCleaner.com)
Task: {BCCF442C-73DE-4FE4-A9F6-1F9309B93481} - System32\Tasks\{0DA8D77F-F075-41E0-B232-0037E3A16D4C} => pcalua.exe -a C:\Users\Andre\Downloads\sp49524.exe -d C:\Users\Andre\Downloads
Task: {C643C646-62A9-4690-91D2-2431F321DAA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {CAB074B4-1FC6-4CF6-89E5-EDBA1886A2A2} - System32\Tasks\HPCeeScheduleForAndre => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {CE135824-3600-4C9A-AE9F-F469D9F0BFAC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-09-28] (CyberLink)
Task: {D71DDBA2-8DFD-4707-AAE9-439592A2E72B} - System32\Tasks\{81C5D191-07E7-4232-9DFE-4DA8870E401B} => pcalua.exe -a "C:\Users\Andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\502FN5EA\FileZilla_3.2.7.1_win32-setup.exe" -d C:\Users\Andre\Desktop
Task: {DB4FE11E-519A-4C09-A314-7B388EE85AB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {DEB151CB-5035-4C5C-9EAA-78C1B777C330} - System32\Tasks\{0EF7F5BD-4559-43FB-9AAE-CF4B66FB86F6} => pcalua.exe -a "C:\Users\Andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55EXVL12\CDM v2.08.30 WHQL Certified for Windows 8.1.exe" -d C:\Users\Andre\Desktop
Task: {E483C054-E4B1-4599-888F-6AE741AC436C} - \Plus-HD-1.6-firefoxinstaller No Task File <==== ATTENTION
Task: {E72608FD-7194-4538-9F8B-AEA274705CAC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAndre.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLAPTOP_VDS14675$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-09 13:47 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-07-21 13:33 - 2010-07-21 13:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 13:33 - 2010-07-21 13:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-21 13:33 - 2010-07-21 13:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2011-06-29 20:50 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-12-08 15:39 - 2013-01-07 13:55 - 00623104 _____ () C:\Program Files (x86)\Hekatron\SWUpdater\mrxpu.dll
2014-10-21 03:02 - 2014-10-21 03:02 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2013-10-21 21:01 - 2010-04-13 08:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-27 06:42 - 2015-01-27 06:43 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: build => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: IRCPAcousticDriver => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: PS3 Media Server => 2
MSCONFIG\Services: RtVOsdService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: salad-date => C:\Users\Andre\AppData\Local\Salad-want\saladsolve.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1285428880-2926751199-1477310076-500 - Administrator - Disabled)
Andre (S-1-5-21-1285428880-2926751199-1477310076-1000 - Administrator - Enabled) => C:\Users\Andre
Gast (S-1-5-21-1285428880-2926751199-1477310076-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1285428880-2926751199-1477310076-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/05/2015 04:29:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/05/2015 04:29:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/05/2015 04:29:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/05/2015 04:27:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/05/2015 04:27:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/05/2015 04:27:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/05/2015 04:26:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/05/2015 04:26:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/05/2015 04:26:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/05/2015 04:26:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-05 11:02:41.353
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-05 11:02:40.511
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-27 23:25:03.306
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Andre\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-27 23:25:02.285
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Andre\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-27 23:25:01.157
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-27 23:25:00.128
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 30%
Total physical RAM: 6046.91 MB
Available physical RAM: 4201.95 MB
Total Pagefile: 12092.01 MB
Available Pagefile: 9940.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.67 GB) (Free:163.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.13 GB) (Free:2.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:244.41 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: B565CE26)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: DD24523F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End Of Log ============================

schrauber 06.02.2015 07:16

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Mondschein17 06.02.2015 08:10
Moin Schrauber,


was war denn der Übeltäter der mir das jetzt angetan hat.

Kann man das überhaupt erkennen.
Jeden Fund habe ich im Netz nochmals gesucht aber die wurden von der Bedrohung her her eher als niedrig eingestuft.
Gruß
Andre

schrauber 06.02.2015 10:42
Bis jetzt hauptsächlich Adware, aber auch diese kann Zugänge und PW abkupfern.
Mach bitte noch obiges, und wieviele Rechner sind in deinem Netzwerk bzw von wievielen machst Du Onlinebanking?

Mondschein17 06.02.2015 17:34
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0ea0f0db91b10248a64fe300ce314be2
# engine=22341
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-06 04:19:52
# local_time=2015-02-06 05:19:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 21280 167742366 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 49373446 174869442 0 0
# scanned=333461
# found=0
# cleaned=0
# scan_time=8475

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Andre (administrator) on LAPTOP_VDS14675 on 06-02-2015 17:30:57
Running from C:\Users\Andre\Downloads
Loaded Profiles: Andre (Available profiles: Andre)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Schrack Seconet) C:\Program Files (x86)\Hekatron\B5 USB-Port\B5USBPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Schrack Seconet AG) C:\Program Files (x86)\Hekatron\ICSServer\IntegralConnSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(SCHRACK SECONET AG) C:\Program Files (x86)\Hekatron\SWUpdater\SWUpdater.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Farbar) C:\Users\Andre\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-22] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Component Manager] => C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe [233472 2003-10-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SWUpdater] => C:\Program Files (x86)\Hekatron\SWUpdater\SWUpdater.exe [999512 2013-08-02] (SCHRACK SECONET AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKU\S-1-5-21-1285428880-2926751199-1477310076-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> {02DBE522-9864-4FAC-BBA8-33C8C61624B2} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
SearchScopes: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1285428880-2926751199-1477310076-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} -  No File
Handler-x32: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-10-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\eenws6l1.default-1365529367546
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D011715-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1285428880-2926751199-1477310076-1000: cryptotech.com/WebSec -> C:\Program Files (x86)\Common Files\MARX Shared\xpt\npWebSec.dll (MARX® CryptoTech LP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npWebSec.dll (MARX® CryptoTech LP)
FF Extension: HP Detect - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\eenws6l1.default-1365529367546\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-10-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 B5USBPort; C:\Program Files (x86)\Hekatron\B5 USB-Port\B5USBPort.exe [1140224 2008-07-21] (Schrack Seconet) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 IntegralConnServer; C:\Program Files (x86)\Hekatron\ICSServer\IntegralConnSrv.exe [1662552 2014-03-06] (Schrack Seconet AG)
S4 IRCPAcousticDriver; C:\Windows\SysWOW64\IRCPAcousticDriver.exe [514560 2014-12-08] () [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 CBUSB; C:\Windows\System32\drivers\CBUSB_64.sys [62208 2014-12-08] (MARX CryptoTech LP)
S3 gwiopm; C:\Windows\SysWOW64\gwiopm.sys [3904 2014-12-08] () [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [97496 2015-02-05] (Malwarebytes Corporation)
S3 SecoBlkUSB; C:\Windows\System32\DRIVERS\SecoBlkUSB.sys [38776 2014-03-06] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(???? | ????? ???? ?????.))
S3 usbefi; C:\Windows\System32\Drivers\usbefi_x64.sys [56000 2013-10-11] (Novar GmbH, Germany)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [118784 2011-06-29] (ZTE Incorporated) [File not signed]
S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [118784 2011-06-29] (ZTE Incorporated) [File not signed]
S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [118784 2011-06-29] (ZTE Incorporated) [File not signed]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 14:53 - 2015-02-06 14:54 - 00852573 _____ () C:\Users\Andre\Downloads\SecurityCheck(1).exe
2015-02-06 14:53 - 2015-02-06 14:53 - 00852573 _____ () C:\Users\Andre\Downloads\SecurityCheck.exe
2015-02-06 07:45 - 2015-02-06 07:45 - 02347384 _____ (ESET) C:\Users\Andre\Downloads\esetsmartinstaller_deu.exe
2015-02-06 07:45 - 2015-02-06 07:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-05 16:28 - 2015-02-05 16:29 - 02131968 _____ (Farbar) C:\Users\Andre\Downloads\FRST64(1).exe
2015-02-05 16:25 - 2015-02-05 16:25 - 00000770 _____ () C:\Users\Andre\Desktop\JRT.txt
2015-02-05 16:10 - 2015-02-05 16:10 - 00001281 _____ () C:\Users\Andre\Desktop\mbm.txt
2015-02-05 14:59 - 2015-02-05 14:59 - 01388274 _____ (Thisisu) C:\Users\Andre\Downloads\JRT.exe
2015-02-05 14:57 - 2015-02-05 14:57 - 02194432 _____ () C:\Users\Andre\Downloads\AdwCleaner_4.109.exe
2015-02-05 11:19 - 2015-02-05 11:19 - 00037604 _____ () C:\ComboFix.txt
2015-02-05 10:45 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 10:45 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 10:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 10:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 10:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 10:45 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 10:45 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 10:45 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 10:43 - 2015-02-05 11:19 - 00000000 ____D () C:\Qoobox
2015-02-05 10:43 - 2015-02-05 10:43 - 00001996 _____ () C:\Users\Andre\AppData\Local\recently-used.xbel
2015-02-05 10:42 - 2015-02-05 11:16 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 10:41 - 2015-02-05 10:42 - 05611380 ____R (Swearware) C:\Users\Andre\Downloads\ComboFix.exe
2015-02-05 10:34 - 2015-02-05 10:34 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\inkscape
2015-02-05 10:24 - 2015-02-05 10:24 - 00001055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2015-02-05 10:22 - 2015-02-05 10:22 - 00001011 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2015-02-05 10:15 - 2015-02-05 10:31 - 00000000 ____D () C:\Program Files (x86)\Inkscape
2015-02-05 10:11 - 2015-02-05 10:12 - 43314243 _____ (inkscape.org) C:\Users\Andre\Downloads\Inkscape-0.91-1.exe
2015-02-05 08:52 - 2015-02-05 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-05 08:51 - 2015-02-05 08:54 - 00000000 ____D () C:\Users\Andre\Desktop\mbar
2015-02-05 08:50 - 2015-02-05 08:51 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Andre\Downloads\mbar-1.08.3.1004.exe
2015-02-05 08:47 - 2015-02-05 08:47 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Andre\Downloads\tdsskiller(1).exe
2015-02-05 08:47 - 2015-02-05 08:47 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Andre\Desktop\tdsskiller(1).exe
2015-02-04 21:37 - 2015-02-04 21:37 - 00000000 ____D () C:\Users\Andre\Downloads\FRST-OlderVersion
2015-02-04 16:21 - 2015-02-05 16:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 16:21 - 2015-02-05 08:51 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 16:21 - 2015-02-04 16:21 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 16:21 - 2015-02-04 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 16:21 - 2015-02-04 16:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 16:21 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 16:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 16:19 - 2015-02-04 16:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andre\Downloads\mbam-setup-2.0.4.1028(2).exe
2015-02-04 16:16 - 2015-02-04 16:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andre\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-02-04 11:22 - 2015-02-04 11:22 - 01410609 _____ () C:\Users\Andre\Desktop\Feuerschutz.cdr
2015-02-03 18:07 - 2015-02-03 20:59 - 00000000 ____D () C:\Users\Andre\AppData\Local\gtk-2.0
2015-02-03 18:07 - 2015-02-03 18:07 - 00000000 ____D () C:\Users\Andre\.thumbnails
2015-02-03 17:51 - 2015-02-03 17:51 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-02-03 17:50 - 2015-02-03 17:51 - 00000000 ____D () C:\Program Files\GIMP 2
2015-02-03 17:46 - 2015-02-03 17:48 - 91931728 _____ (The GIMP Team ) C:\Users\Andre\Downloads\gimp-2.8.14-setup-1.exe
2015-02-03 17:46 - 2015-02-03 17:46 - 00009127 _____ () C:\Users\Andre\Downloads\gimp-2.8.14-setup-1.exe.torrent
2015-02-03 17:30 - 2015-02-03 17:30 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\Autodesk
2015-02-03 17:29 - 2015-02-03 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-02-03 17:29 - 2015-02-03 17:29 - 00000000 ____D () C:\Program Files\Autodesk
2015-02-03 17:28 - 2015-02-03 17:28 - 57787424 _____ () C:\Users\Andre\Downloads\SketchBook_7.1.1.284_Win64.exe
2015-02-03 17:26 - 2015-02-03 17:27 - 56701680 _____ () C:\Users\Andre\Downloads\SketchBook_7.1.1.285_Win32.exe
2015-02-02 18:56 - 2015-02-02 19:02 - 00011511 _____ () C:\Users\Andre\Downloads\eBayISAPI.dll
2015-01-27 06:42 - 2015-01-28 07:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 13:20 - 2015-01-24 18:32 - 00000000 ____D () C:\xampp
2015-01-18 13:18 - 2015-01-18 13:19 - 150905704 _____ (Bitnami) C:\Users\Andre\Downloads\xampp-win32-5.6.3-0-VC11-installer.exe
2015-01-17 11:40 - 2015-01-17 11:40 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-17 10:53 - 2015-01-17 10:53 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-17 10:53 - 2015-01-17 10:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-01-17 10:52 - 2015-01-17 10:52 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-17 10:51 - 2015-01-17 10:51 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-01-17 10:51 - 2015-01-17 10:51 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-17 10:51 - 2015-01-17 10:51 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-01-17 10:51 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-01-17 10:51 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-01-17 10:50 - 2015-01-17 10:50 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-16 19:03 - 2015-01-16 19:03 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\MySQL
2015-01-16 18:54 - 2015-01-24 18:41 - 00000023 _____ () C:\Windows\ODBCINST.INI
2015-01-16 18:54 - 2015-01-16 18:54 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\Oracle
2015-01-16 18:45 - 2015-01-16 18:47 - 264175616 _____ () C:\Users\Andre\Downloads\mysql-installer-community-5.7.4.0-m14.msi
2015-01-14 07:12 - 2015-01-14 07:12 - 00000732 _____ () C:\Users\Andre\Desktop\USB-Stick - Verknüpfung.lnk
2015-01-14 00:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 00:33 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 00:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 00:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 00:33 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 00:33 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 00:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 00:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 00:33 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 00:33 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 00:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 00:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 00:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-08 20:37 - 2015-01-08 20:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01009.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 17:32 - 2011-06-16 10:49 - 07077888 ___SH () C:\Users\Andre\NTUSER.bak
2015-02-06 17:32 - 2009-07-14 03:34 - 93470720 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-06 17:32 - 2009-07-14 03:34 - 21757952 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-06 17:31 - 2015-01-06 10:35 - 00000000 ____D () C:\FRST
2015-02-06 17:30 - 2015-01-06 10:37 - 00022099 _____ () C:\Users\Andre\Downloads\FRST.txt
2015-02-06 16:58 - 2012-09-05 17:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 16:55 - 2011-11-10 06:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 15:41 - 2011-04-08 00:37 - 01422344 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 11:55 - 2011-11-10 06:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 05:56 - 2009-07-14 03:34 - 00843776 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-05 23:42 - 2009-07-14 05:45 - 00025968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 23:42 - 2009-07-14 05:45 - 00025968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 23:11 - 2013-06-24 17:40 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndre
2015-02-05 23:11 - 2013-06-24 17:40 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForAndre.job
2015-02-05 18:58 - 2012-09-05 17:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 18:58 - 2012-03-28 19:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 18:58 - 2011-09-08 17:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 18:55 - 2014-11-29 18:57 - 00000466 _____ () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2015-02-05 18:25 - 2012-02-17 20:39 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{64E187DD-CF2B-4211-84AC-FF8D6B27309E}
2015-02-05 16:33 - 2015-01-06 10:40 - 00038649 _____ () C:\Users\Andre\Downloads\Addition.txt
2015-02-05 16:27 - 2011-06-16 10:49 - 00000000 ____D () C:\Users\Andre
2015-02-05 16:23 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-05 16:13 - 2013-08-13 21:49 - 00560306 _____ () C:\Windows\PFRO.log
2015-02-05 16:13 - 2013-08-13 19:40 - 00056697 _____ () C:\Windows\setupact.log
2015-02-05 16:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 16:13 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\SAM.bak
2015-02-05 16:12 - 2013-08-13 22:24 - 00000000 ____D () C:\AdwCleaner
2015-02-05 11:19 - 2009-07-14 04:20 - 00000000 ___RD () C:\Users\Default
2015-02-05 11:14 - 2010-10-18 03:29 - 00718150 _____ () C:\Windows\system32\perfh007.dat
2015-02-05 11:14 - 2010-10-18 03:29 - 00155646 _____ () C:\Windows\system32\perfc007.dat
2015-02-05 11:14 - 2009-07-14 06:13 - 01658436 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 11:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 08:54 - 2011-07-04 17:26 - 00000000 ____D () C:\Users\Andre\AppData\Local\CrashDumps
2015-02-04 21:37 - 2015-01-06 10:34 - 02131968 _____ (Farbar) C:\Users\Andre\Downloads\FRST64.exe
2015-02-04 16:16 - 2013-03-25 15:21 - 00000000 ____D () C:\Rechnung Jockel
2015-02-04 13:42 - 2013-01-14 22:04 - 02238976 ___SH () C:\Users\Andre\Desktop\Thumbs.db
2015-02-04 11:50 - 2011-11-10 06:59 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 11:50 - 2011-11-10 06:59 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 21:28 - 2012-11-04 01:36 - 00000000 ____D () C:\Users\Andre\.gimp-2.8
2015-02-03 17:44 - 2011-07-11 21:54 - 00000000 ____D () C:\Users\Andre\Desktop\Gewerbe
2015-02-03 17:28 - 2014-07-23 21:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-03 06:53 - 2013-02-07 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-03 06:53 - 2013-02-07 18:15 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-03 03:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration
2015-02-03 03:05 - 2011-07-06 06:00 - 01632716 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-02 12:57 - 2012-01-14 13:17 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-28 13:26 - 2011-06-19 23:05 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLAPTOP_VDS14675$
2015-01-28 13:26 - 2011-06-19 23:05 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForLAPTOP_VDS14675$.job
2015-01-17 12:07 - 2012-01-30 21:44 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2015-01-17 12:06 - 2012-02-10 11:32 - 00000000 ____D () C:\Users\Andre\AppData\Local\LG Electronics
2015-01-17 12:06 - 2011-09-08 16:55 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2015-01-17 12:02 - 2015-01-05 05:31 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-17 12:00 - 2014-11-27 23:09 - 00000000 ____D () C:\ProgramData\X-Setup Pro
2015-01-17 11:40 - 2013-06-18 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-17 11:39 - 2011-10-11 17:05 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\vlc
2015-01-17 10:52 - 2011-12-25 10:41 - 00000000 ____D () C:\Users\Andre\AppData\Roaming\DVDVideoSoft
2015-01-17 10:52 - 2011-12-25 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-17 10:52 - 2011-12-25 10:40 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-14 07:15 - 2012-11-14 21:03 - 00000000 ____D () C:\USB-Stick
2015-01-14 03:10 - 2013-07-18 08:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2012-03-15 08:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-07 08:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-01-07 07:32 - 2015-01-04 22:15 - 00000000 ___HD () C:\Users\Andre\AppData\Local\Salad-want

==================== Files in the root of some directories =======

2014-05-06 06:12 - 2014-05-06 06:12 - 6103040 _____ () C:\Program Files (x86)\GUT8363.tmp
2014-07-09 15:24 - 2014-07-09 15:28 - 0022274 _____ () C:\Users\Andre\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2015-02-05 10:43 - 2015-02-05 10:43 - 0001996 _____ () C:\Users\Andre\AppData\Local\recently-used.xbel
2013-07-10 06:41 - 2014-11-03 10:25 - 0007644 _____ () C:\Users\Andre\AppData\Local\Resmon.ResmonCfg
2013-02-11 12:07 - 2013-02-11 12:24 - 0000152 _____ () C:\ProgramData\-WnoFQbjneG
2013-02-11 12:07 - 2013-02-11 12:24 - 0000160 _____ () C:\ProgramData\-WnoFQbjneGr
2014-12-15 10:01 - 2014-12-15 10:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-02-11 12:07 - 2013-02-11 12:29 - 0000168 _____ () C:\ProgramData\WnoFQbjneG
2011-04-08 00:45 - 2011-04-08 00:45 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-10-17 18:32 - 2010-10-17 18:32 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-04-08 00:45 - 2011-04-08 00:45 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-10-17 18:25 - 2010-10-17 18:26 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-04-08 00:44 - 2011-04-08 00:44 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-04-08 00:45 - 2011-04-08 00:45 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-10-17 18:24 - 2010-10-17 18:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-17 18:26 - 2010-10-17 18:31 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-17 18:32 - 2011-04-08 00:46 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some content of TEMP:
====================
C:\Users\Andre\AppData\Local\Temp\avgnt.exe
C:\Users\Andre\AppData\Local\Temp\Quarantine.exe
C:\Users\Andre\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 04:02

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 07.02.2015 11:59
Sieht gut aus. Meine Frage von oben?


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:57 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131