MalwareBytes erkennt 6 Dateien und ich weiß nicht ob sie falsch positiv sind.

someone090 · 10.05.2014, 17:27

Erstmal Hallo

Also ich habe auf meinem Dell Notebook einen Virenscanner drüberlaufen lassen (Avira) und nichts wurde gefunden, allerdings die Software Malwarebytes hat 6 Dateien gefunden, die als infiziert angegeben wurden.
Meine Frage ist, ob ich diese Dateien wirklich löschen soll oder ob es möglicherweise falsch positive Funde sind. Ich will nicht versehentlich wichtige Dateien löschen. (Die erste Datei in der Liste hab ich gelöscht, sie war ohnehin im Müllkorb).
Danke im Voraus.
Hier ist eine Kopie der Logfile (unten sind die 6 Dateien angeführt):

Zitat:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10.05.2014
Scan Time: 18:16:33
Logfile: Malware_Logfile.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.10.05
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312810
Time Elapsed: 2 hr, 10 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.Babylon.A, C:\$Recycle.Bin\S-1-5-21-2853803453-2947698124-1817221136-1000\$RXFBXS8.exe, , [5964a5aa7ffc56e0e58d30d4a9583ac6],
PUP.Optional.Babylon.A, C:\Users\Admin\AppData\Local\Temp\DeltaTB.exe, , [2796f45b8eedae88c2b07490b051ea16],
PUP.Optional.Babylon.A, C:\Users\Admin\AppData\Local\Temp\97A42854-BAB0-7891-9DE4-5B44E5BA77C9\Latest\BExternal.dll, , [8d30f55a6912a78f637fa9792ad65ba5],
PUP.Optional.Babylon.A, C:\Users\Admin\AppData\Local\Temp\1EA20BEC-BAB0-7891-8DFC-1DAA1E0A432A\Latest\BExternal.dll, , [6459b09fb0cb50e6df031b072dd309f7],
PUP.Optional.Conduit.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=MA743B26D-5338-4A02-ABA4-19B29C227548&SearchSource=55&CUI=&UM=5&UP=SPBEF832EE-64B2-438B-9621-14FEEA9357F3&SSPV=",), ,[f8c597b891ea1b1bbff0d995df25d52b]
PUP.Optional.Conduit.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "hxxp://search.conduit.com/?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPBEF832EE-64B2-438B-9621-14FEEA9357F3&SSPV=" ],), ,[01bc440b75060531e9f8cca263a112ee]

Physical Sectors: 0
(No malicious items detected)

Machiavelli · 10.05.2014, 17:41

Hallo und willkommen an Board, someone090

Mein Name ist Machiavelli und werde bei Deinem Malware Problemen behilflich sein. Falls Du Dich im abgesicherten Modus befindest, würde ich Dir raten, alle Anweisungen von mir auszudrucken, um besseren Überblick auf die Gesamtsituation zu bekommen. Ich bin hier im Malwareteam und daher ist es mir möglich, kompetente Hilfe zu geben.

Damit eine Bereinigung ermöglicht werden kann, musst Du ein paar Regeln/Tipps beachten:

Malware zu entfernen ist normalerweise recht schwierig
Heutige Malware kann sich sehr gut verstecken, so kann es sein, dass es bestimmte Tools nicht sehen. Eine Neuinstallation ist daher oft das klügere.
Bitte folge meinen Anweisung bis in das kleinste Detail
Falls Du was falsches machst, wie z.B. irgendwas fixt, was nicht durch mich genehmigt wurde, kann der PC dadurch beschädigt werden. Daher folge meinen Anweisungen ganz genau
Bleibe mit mir in Kontakt, bis Deine Probleme vollständig gelöst sind
Themen, in welchen innerhalb von 4 Tagen keine Antwort gepostet wird, werden geschlossen.
Bitte lasse keine anderen Tools laufen, während ich bereinige
Wenn Du Tools wie z.B. Malwarebytes etc. ohne meines Wissens laufen lässt, kann es unter Umständen Ergebnisse verfälschen.
Ließ meine Posts vollständig durch
Falls nicht, kann das zu schwerwiegenden Problemen (z.B. PC bootet nicht mehr) führen oder der Prozess der Malwareentfernung wird länger

Zitat:

Meine Frage ist, ob ich diese Dateien wirklich löschen soll oder ob es möglicherweise falsch positive Funde sind. Ich will nicht versehentlich wichtige Dateien löschen. (Die erste Datei in der Liste hab ich gelöscht, sie war ohnehin im Müllkorb).

Lasse bitte alle Dateien löschen.

Dann mache bitte das:

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Starte bitte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard-Ausgabe
Scanne alle User anhaken
Stelle alle Unterpunkte ein, wie auf folgenden Bild zu sehen:
Kopiere nun den Inhalt aus der folgenden Codebox in die Textbox von OTL:

Code:

ATTFilter

 netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
mpsvc.dll  
winsock.*
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

Schließe alle Programme. (Wichtig)
Klicke auf den Scan Button.
Poste die Logfiles OTL.txt und Extras.txt in Deine nächste Antwort

someone090 · 10.05.2014, 18:34

Danke, habe alles so gemacht.
Hier ist die OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.05.2014 19:13:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,92 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 73,21% Memory free
15,83 Gb Paging File | 13,73 Gb Available in Paging File | 86,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 405,64 Gb Free Space | 87,11% Space Free | Partition Type: NTFS
Drive E: | 6,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.05.10 18:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe
PRC - [2014.04.06 23:00:40 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2014.04.06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014.04.01 21:20:52 | 003,655,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014.03.27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014.02.25 11:41:06 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014.02.25 11:41:04 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.02.25 11:41:04 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.29 18:04:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.11.29 04:31:42 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2010.11.03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2010.11.03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010.11.03 11:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2009.10.12 09:45:12 | 000,312,784 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WTGService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.03.06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.04.29 23:36:45 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.04.06 23:00:40 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014.04.01 21:20:52 | 003,655,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014.03.27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014.02.25 11:41:06 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.02.25 11:41:04 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.12.17 15:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.12.20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.17 14:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.12.17 14:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.12.17 14:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.11.29 18:04:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.29 04:31:42 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.11.03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010.11.03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010.11.03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2009.11.17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.10.12 09:45:12 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.04.01 21:03:14 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014.03.31 16:20:54 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014.03.31 16:06:26 | 000,130,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014.03.27 22:14:26 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014.03.27 22:14:24 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014.03.27 22:07:10 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014.03.27 22:05:02 | 000,324,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014.03.27 22:03:16 | 000,032,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014.03.19 19:54:36 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2014.02.25 11:41:04 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014.02.25 11:41:04 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014.02.25 11:41:04 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.08.12 16:34:07 | 000,216,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2013.08.12 16:34:07 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2013.08.12 16:34:07 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 09:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.11.30 14:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.29 18:04:00 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.11.29 05:23:18 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 08:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.07.02 03:46:56 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.08.12 16:34:07 | 000,216,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2013.08.12 16:34:07 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.09.10 14:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C65A3495-2F16-4644-98D6-C037E1DE08A9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/
IE - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 5E 2B 9F F0 6A CF 01  [binary data]
IE - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2853803453-2947698124-1817221136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-2853803453-2947698124-1817221136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
IE - HKU\S-1-5-21-2853803453-2947698124-1817221136-1001\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014.05.05 14:29:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014.05.05 14:29:01 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=MA743B26D-5338-4A02-ABA4-19B29C227548&SearchSource=55&CUI=&UM=5&UP=SPBEF832EE-64B2-438B-9621-14FEEA9357F3&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: RealPlayer Downloader = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.9_0\
CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000..\Run: [DellSystemDetect] C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms File not found
O4 - HKU\S-1-5-21-2853803453-2947698124-1817221136-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2853803453-2947698124-1817221136-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.16 14:22:04 | 000,021,960 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.16 18:14:06 | 000,000,057 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0e64c99a-0350-11e3-891a-8e05ae8d20a1}\Shell - "" = AutoRun
O33 - MountPoints2\{0e64c99a-0350-11e3-891a-8e05ae8d20a1}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\{cc8e5004-035c-11e3-8ff1-14feb59d7cf5}\Shell - "" = AutoRun
O33 - MountPoints2\{cc8e5004-035c-11e3-8ff1-14feb59d7cf5}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\{e14ac07c-b3e2-11e3-8edd-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{e14ac07c-b3e2-11e3-8edd-001e101f2b52}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.10 16:52:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.05.10 16:45:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG2014
[2014.05.10 16:45:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2014.05.10 16:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014.05.10 16:43:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014.05.10 16:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014.05.10 16:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014.05.10 16:40:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014.05.10 16:40:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\MFAData
[2014.05.10 16:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014.05.10 16:40:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Avg2014
[2014.05.10 16:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2014.05.10 16:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014.05.10 16:33:50 | 000,131,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.05.10 16:33:50 | 000,108,440 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.05.10 16:33:50 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.05.10 16:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014.05.10 16:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014.05.10 16:04:29 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.10 16:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.05.10 16:04:10 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.05.10 16:04:10 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.05.10 16:04:10 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.05.10 16:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.05.08 21:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
[2014.05.08 18:56:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014.05.08 18:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014.05.08 18:52:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Babylon
[2014.05.08 18:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2014.05.08 18:52:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Babylon
[2014.05.07 13:53:44 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014.05.07 13:53:44 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2014.05.07 13:53:44 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2014.05.07 13:53:44 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2014.05.07 13:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2014.05.07 13:42:21 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2014.05.07 13:42:21 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2014.05.07 13:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2014.05.07 10:59:54 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieUserList
[2014.05.07 10:59:54 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieSiteList
[2014.05.05 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\RealNetworks
[2014.05.05 14:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014.05.05 14:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014.05.05 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014.05.05 14:28:37 | 000,201,800 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2014.05.05 14:28:24 | 000,278,600 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014.05.01 17:47:29 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014.05.01 17:13:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.05.01 17:13:39 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.04.29 23:36:38 | 017,931,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.04.17 10:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.04.13 07:32:00 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.04.13 07:32:00 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.04.13 07:31:54 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.04.13 07:31:48 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.04.13 07:31:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.04.13 07:31:47 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.04.13 07:31:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.04.13 07:31:45 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.04.13 07:31:45 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.04.13 07:31:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.04.13 07:31:44 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.04.13 07:31:44 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.04.13 07:31:44 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.04.13 07:31:42 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.04.13 07:31:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.04.13 07:31:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.04.13 07:31:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.04.13 07:31:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.04.13 07:31:41 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.04.13 07:31:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.04.13 07:31:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.04.13 07:31:39 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.04.13 07:31:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.04.13 07:31:38 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.04.13 07:31:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.04.13 07:31:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.04.13 07:31:35 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.04.13 07:31:35 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.04.13 07:31:25 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.08.24 10:11:44 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\AppData\Roaming\dotNetFx40_Full_setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.10 19:15:53 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.10 19:15:53 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.10 19:08:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.05.10 19:07:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.10 19:07:52 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.10 18:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.10 18:36:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.10 16:45:12 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014.05.10 16:34:03 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2014.05.10 16:04:52 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.08 21:44:39 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.08 21:44:39 | 000,699,666 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.05.08 21:44:39 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.08 21:44:39 | 000,149,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.05.08 21:44:39 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.07 13:53:44 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014.05.07 13:53:44 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2014.05.07 13:53:44 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2014.05.07 13:53:44 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2014.05.05 14:28:37 | 000,201,800 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2014.05.05 14:28:31 | 000,001,252 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014.05.05 14:28:24 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014.05.01 17:35:53 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.04.29 23:36:45 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.04.29 23:36:45 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.04.29 23:36:39 | 017,931,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.04.14 04:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.04.14 04:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
 
========== Files Created - No Company Name ==========
 
[2014.05.10 16:45:12 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014.05.10 16:34:03 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2014.05.05 14:28:31 | 000,001,252 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014.03.08 20:36:53 | 000,001,471 | ---- | C] () -- C:\Users\Admin\AppData\Local\RecConfig.xml
[2014.01.22 11:49:29 | 000,000,306 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2013.10.14 19:42:06 | 000,102,548 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.10.04 12:40:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.08.31 12:27:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013.08.24 10:14:13 | 001,594,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.08.20 11:55:52 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013.08.12 15:17:55 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013.08.12 15:17:54 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013.08.12 15:17:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

Und hier ist die Extras.txt

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.05.2014 19:13:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,92 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 73,21% Memory free
15,83 Gb Paging File | 13,73 Gb Available in Paging File | 86,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 405,64 Gb Free Space | 87,11% Space Free | Partition Type: NTFS
Drive E: | 6,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2853803453-2947698124-1817221136-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33CC7CB9-B733-4348-BF96-FF0EDC1E421B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{41145C4C-056C-4FE2-AC28-0979C2F61BBA}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{4198C6F2-B38C-43FB-9C73-E515E1E0F677}" = protocol=6 | dir=in | app=c:\users\admin\videos\utorrent\utorrent.exe | 
"{4276C6C2-B499-40AC-8F5F-E909F10E7F27}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7B3CA3C4-5F56-411C-BE18-FD63C27FB96A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7FDDE567-3EDE-4704-8260-58CFE69D064B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8F9D9057-26DD-4C8B-B19D-FB9B98519287}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{A62E1DFB-F258-4637-93BE-B6406B7AA20C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{AA3A395F-B881-4D6A-A7B8-44827335188F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AC9164EF-9802-4813-B74B-FE0875AABA33}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B2D3369C-DF4E-4F0B-BFB8-967590DDDFC8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{B653D09C-DEB2-4B34-84FC-3D2646E868D2}" = protocol=17 | dir=in | app=c:\users\admin\videos\utorrent\utorrent.exe | 
"{BA33F249-0D9E-47FD-9527-6A1CBB0836C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{C9DA032B-2E81-46D7-AFDF-75CCCA02C3DC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{CE2E7B55-471F-47DF-B53B-08DB7AB999B1}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe | 
"{D3989FDF-B20A-46E0-9FBF-02BF5088299B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{E399FEDB-AF23-48EF-A7B0-DFC1C91131D8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{EC5791AA-B41B-47A7-BB7D-A94E55D755FF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"TCP Query User{DFD7BBF3-F877-47BB-B927-50DF47826FF9}C:\program files (x86)\call graph\callgraph.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call graph\callgraph.exe | 
"UDP Query User{D5B9CE7B-61A1-46A5-85FB-FA153B417D7D}C:\program files (x86)\call graph\callgraph.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call graph\callgraph.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{537F3172-82F9-44D7-99E6-8B4428F1CDAF}" = AVG 2014
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 265.94
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 265.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 265.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{E061C7AF-1185-48E1-882A-68BA513CB244}" = AVG 2014
"AVG" = AVG 2014
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.9.9 (64-bit)
"ProInst" = Intel PROSet Wireless
"Unlocker" = Unlocker 1.9.1-x64
"VLC media player" = VLC media player 2.1.1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}" = RealDownloader
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Deutsch
"{B28DBCBA-60F8-40ED-B35B-F510C327946C}" = OpenOffice 4.0.0
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"3DataManager" = 3DataManager
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.1.1004
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2853803453-2947698124-1817221136-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e3135b376bd523e" = Dell System Detect Bootstrapper
"9204f5692a8faf3b" = Dell System Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2014 07:20:43 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.05.2014 08:07:18 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.05.2014 09:47:50 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.05.2014 10:09:43 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\$Recycle.Bin\S-1-5-21-2853803453-2947698124-1817221136-1000\$RO8M0U9.exe".
Die
 abhängige Assemblierung "CinemasterAudio.4.3,language="&#x2a;",type="win32",version="4.3.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.05.2014 10:09:49 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\$Recycle.Bin\S-1-5-21-2853803453-2947698124-1817221136-1000\$R9CC5X6.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.05.2014 10:09:49 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\$Recycle.Bin\S-1-5-21-2853803453-2947698124-1817221136-1000\$RZTKLRX.exe".
Die
 abhängige Assemblierung "CinemasterAudio.4.3,language="&#x2a;",type="win32",version="4.3.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.05.2014 10:09:49 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\$Recycle.Bin\S-1-5-21-2853803453-2947698124-1817221136-1000\$RLRRVUX.exe".
Die
 abhängige Assemblierung "CinemasterAudio.4.3,language="&#x2a;",type="win32",version="4.3.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.05.2014 10:09:49 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\$Recycle.Bin\S-1-5-21-2853803453-2947698124-1817221136-1000\$RLQA8WR.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.05.2014 13:03:23 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.05.2014 13:08:36 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 10.05.2014 00:09:15 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealPlayer Cloud Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.05.2014 04:21:10 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealPlayer Cloud Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.05.2014 05:34:25 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealPlayer Cloud Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.05.2014 06:08:41 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealPlayer Cloud Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.05.2014 07:02:44 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealPlayer Cloud Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.05.2014 07:20:40 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealPlayer Cloud Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.05.2014 08:07:15 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealPlayer Cloud Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.05.2014 09:47:47 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealPlayer Cloud Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.05.2014 13:02:56 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealPlayer Cloud Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.05.2014 13:08:07 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealPlayer Cloud Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
 
< End of report >

--- --- ---

Machiavelli · 10.05.2014, 19:03

Hey,
nur etwas Adware.

Schritt 1: Mutliple AV's

Ich habe mir notiert, dass Du mehrere AntiVirus Programme zur gleichen Zeit laufen lässt. Das ist eher kontraproduktiv, als produktiv, denn ....

es verlangsamt Deinen PC
das eine AV hindert das andere AV

Ich würde vorschlagen, Du deinstallierst eines von den beiden Av's, die Du momentan auf Deinen Rechner hast.

Schritt 2: SideBar Advice

Ich sehe, dass auf Deinem PC SideBar aktiv ist. Zurzeit besteht in diesem Programm eine Sicherheitslücke, deshalb würde ich Dir raten, es vorrübergehend zu deaktivieren. Mehr Informationen zu diesem Thema kannst Du hier: http://technet.microsoft.com/en-us/s...visory/2719662 finden.

Wie man SideBar deaktiviert:

Downloade Dir das Fixit von hier: Microsoft Security Advisory: Vulnerabilities in Gadgets could allow remote code execution zu Deinem Desktop
Mache einen Doppelklick auf MicrosoftFixit50906.msi und folge den Bildschirmanweisungen. Wenn das fertig ist, starte Deinen PC neu.

Schritt 3: Chrome Homepage

Bitte besuche diese Seite hier: https://support.google.com/chrome/answer/95314?hl=en und ändere Deine Startseite zu irgendeine , die Du haben willst. Ich empfehle dafür Google.de

Schritt 4: OTL Fix

Starte bitte die OTL.exe.
Vista und Win7 User: mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:Commands
[CREATERESTOREPOINT]

:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll File not found
O2:64bit: - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2853803453-2947698124-1817221136-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O32 - AutoRun File - [2008.06.16 14:22:04 | 000,021,960 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.16 18:14:06 | 000,000,057 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0e64c99a-0350-11e3-891a-8e05ae8d20a1}\Shell - "" = AutoRun
O33 - MountPoints2\{0e64c99a-0350-11e3-891a-8e05ae8d20a1}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\{cc8e5004-035c-11e3-8ff1-14feb59d7cf5}\Shell - "" = AutoRun
O33 - MountPoints2\{cc8e5004-035c-11e3-8ff1-14feb59d7cf5}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\{e14ac07c-b3e2-11e3-8edd-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{e14ac07c-b3e2-11e3-8edd-001e101f2b52}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
[2014.05.08 18:52:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Babylon
[2014.05.08 18:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2014.05.08 18:52:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Babylon

:Commands
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 5: Adwarecleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 6: Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 7: OTL Scan

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
Unter Extra Registrierung, wähle bitte Benutze SafeList
Klicke nun auf Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Schritt 8: Question

Wie läuft Dein PC?

someone090 · 10.05.2014, 19:36

Danke. (Ich werde dieses Posting editieren, wenn ich die anderen Log Dateien habe)
Schritt 4 OTL Fix - Log Datei:

Zitat:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2853803453-2947698124-1817221136-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e64c99a-0350-11e3-891a-8e05ae8d20a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e64c99a-0350-11e3-891a-8e05ae8d20a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e64c99a-0350-11e3-891a-8e05ae8d20a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e64c99a-0350-11e3-891a-8e05ae8d20a1}\ not found.
File move failed. E:\.\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae643d17-03d4-11e3-91f8-001e101fb4df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae643d17-03d4-11e3-91f8-001e101fb4df}\ not found.
File move failed. E:\.\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc8e5004-035c-11e3-8ff1-14feb59d7cf5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc8e5004-035c-11e3-8ff1-14feb59d7cf5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc8e5004-035c-11e3-8ff1-14feb59d7cf5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc8e5004-035c-11e3-8ff1-14feb59d7cf5}\ not found.
File move failed. E:\.\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e14ac07c-b3e2-11e3-8edd-001e101f2b52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e14ac07c-b3e2-11e3-8edd-001e101f2b52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e14ac07c-b3e2-11e3-8edd-001e101f2b52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e14ac07c-b3e2-11e3-8edd-001e101f2b52}\ not found.
File move failed. E:\.\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File move failed. E:\.\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
C:\Users\Admin\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Admin\AppData\Local\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Admin\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 881746173 bytes
->Temporary Internet Files folder emptied: 164809520 bytes
->Google Chrome cache emptied: 236492078 bytes
->Flash cache emptied: 1969 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: fbwuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66468 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183692265 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52820 bytes
RecycleBin emptied: 629584 bytes

Total Files Cleaned = 1.400,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05102014_202246

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. E:\.\Autorun.exe scheduled to be moved on reboot.
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Machiavelli · 10.05.2014, 19:42

Bitte editiere Posts nicht.

someone090 · 10.05.2014, 20:44

Zitat:

Zitat von Machiavelli

Bitte editiere Posts nicht.

Okay, in Ordnung.
Hier ist die Log Datei von Schritt 5 AdwCleaner:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.207 - Bericht erstellt am 10/05/2014 um 20:39:15
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Admin - ADMIN-PC
# Gestartet von : C:\Users\Admin\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : C:\Windows\SysWOW64\hotspot shield
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Conduit
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.softonic.com/MOY00006/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=0afb0afb000000000000000000000000&toi=16092
Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=MA743B26D-5338-4A02-ABA4-19B29C227548&SearchSource=58&CUI=&UM=5&UP=SPBEF832EE-64B2-438B-9621-14FEEA9357F3&q={searchTerms}&SSPV=
Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPBEF832EE-64B2-438B-9621-14FEEA9357F3&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R2].txt - [4915 octets] - [10/05/2014 20:37:50]
AdwCleaner[S1].txt - [4578 octets] - [10/05/2014 20:39:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4638 octets] ##########[/QUOTE]

--- --- ---

Schritt 6 : Junkware Removal Tool - Log Datei:

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 10.05.2014 at 20:56:15,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2853803453-2947698124-1817221136-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.05.2014 at 21:11:56,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Schritt 7 OTL: OTL.txt :
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.05.2014 21:16:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,92 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,10% Memory free
15,83 Gb Paging File | 13,93 Gb Available in Paging File | 87,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 415,31 Gb Free Space | 89,19% Space Free | Partition Type: NTFS
Drive E: | 6,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\3DataManager\WTGService.exe ()
PRC - C:\Program Files (x86)\3DataManager\3DataManager.exe (WebToGo Mobile Internet GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\3DataManager\H3GA_WTGSMSPCClientGer.dll ()
MOD - C:\Program Files (x86)\3DataManager\H3GA_OneClickAssistantGer.dll ()
MOD - C:\Program Files (x86)\3DataManager\WTGDriverInstallX.Dll ()
MOD - C:\Program Files (x86)\3DataManager\WTGSMSPCClient.Dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgCore.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgDriverInstall.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgBluetooth.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgDialup.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgDetection.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgDatabase.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgPorts.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgUtil.dll ()
MOD - C:\Program Files (x86)\3DataManager\WTGDebugs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\SysWOW64\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Official Site - The Power To Do More | Dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 5E 2B 9F F0 6A CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014.05.05 14:29:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014.05.05 14:29:01 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Google
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: RealPlayer Downloader = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.9_0\
CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot File not found
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A043E241-EB54-42B1-8D3B-5C124B5177B8}: NameServer = 213.94.78.17 213.94.78.16
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.16 14:22:04 | 000,021,960 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.16 18:14:06 | 000,000,057 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.10 20:38:43 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014.05.10 20:37:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.05.10 20:22:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2014.05.10 16:52:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.05.10 16:45:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG2014
[2014.05.10 16:45:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2014.05.10 16:43:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014.05.10 16:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014.05.10 16:40:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014.05.10 16:40:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\MFAData
[2014.05.10 16:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014.05.10 16:40:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Avg2014
[2014.05.10 16:04:29 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.10 16:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.05.10 16:04:10 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.05.10 16:04:10 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.05.10 16:04:10 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.05.10 16:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.05.08 21:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
[2014.05.08 18:56:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014.05.08 18:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014.05.07 13:53:44 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014.05.07 13:53:44 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2014.05.07 13:53:44 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2014.05.07 13:53:44 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2014.05.07 13:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2014.05.07 13:42:21 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2014.05.07 13:42:21 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2014.05.07 13:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2014.05.07 10:59:54 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieUserList
[2014.05.07 10:59:54 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieSiteList
[2014.05.05 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\RealNetworks
[2014.05.05 14:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014.05.05 14:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014.05.05 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014.05.05 14:28:37 | 000,201,800 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2014.05.05 14:28:24 | 000,278,600 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014.05.01 17:47:29 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014.05.01 17:13:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.05.01 17:13:39 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.04.29 23:36:38 | 017,931,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.04.17 10:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.04.13 07:32:00 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.04.13 07:32:00 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.04.13 07:31:54 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.04.13 07:31:48 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.04.13 07:31:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.04.13 07:31:47 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.04.13 07:31:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.04.13 07:31:45 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.04.13 07:31:45 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.04.13 07:31:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.04.13 07:31:44 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.04.13 07:31:44 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.04.13 07:31:44 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.04.13 07:31:42 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.04.13 07:31:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.04.13 07:31:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.04.13 07:31:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.04.13 07:31:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.04.13 07:31:41 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.04.13 07:31:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.04.13 07:31:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.04.13 07:31:39 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.04.13 07:31:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.04.13 07:31:38 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.04.13 07:31:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.04.13 07:31:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.04.13 07:31:35 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.04.13 07:31:35 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.04.13 07:31:25 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.08.24 10:11:44 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\AppData\Roaming\dotNetFx40_Full_setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.10 21:01:06 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.10 21:01:06 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.10 20:53:43 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.05.10 20:53:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.10 20:53:15 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.10 20:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.10 20:36:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.10 16:04:52 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.08 21:44:39 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.08 21:44:39 | 000,699,666 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.05.08 21:44:39 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.08 21:44:39 | 000,149,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.05.08 21:44:39 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.07 13:53:44 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014.05.07 13:53:44 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2014.05.07 13:53:44 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2014.05.07 13:53:44 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2014.05.05 14:28:37 | 000,201,800 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2014.05.05 14:28:31 | 000,001,252 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014.05.05 14:28:24 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014.05.01 17:35:53 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.04.29 23:36:45 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.04.29 23:36:45 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.04.29 23:36:39 | 017,931,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.04.14 04:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.04.14 04:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
 
========== Files Created - No Company Name ==========
 
[2014.05.05 14:28:31 | 000,001,252 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014.03.08 20:36:53 | 000,001,471 | ---- | C] () -- C:\Users\Admin\AppData\Local\RecConfig.xml
[2014.01.22 11:49:29 | 000,000,306 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2013.10.14 19:42:06 | 000,102,548 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.10.04 12:40:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.08.31 12:27:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013.08.24 10:14:13 | 001,594,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.08.20 11:55:52 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013.08.12 15:17:55 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013.08.12 15:17:54 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013.08.12 15:17:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

Extras.txt :

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.05.2014 21:16:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,92 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,10% Memory free
15,83 Gb Paging File | 13,93 Gb Available in Paging File | 87,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 415,31 Gb Free Space | 89,19% Space Free | Partition Type: NTFS
Drive E: | 6,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33CC7CB9-B733-4348-BF96-FF0EDC1E421B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{41145C4C-056C-4FE2-AC28-0979C2F61BBA}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{4198C6F2-B38C-43FB-9C73-E515E1E0F677}" = protocol=6 | dir=in | app=c:\users\admin\videos\utorrent\utorrent.exe | 
"{4276C6C2-B499-40AC-8F5F-E909F10E7F27}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7B3CA3C4-5F56-411C-BE18-FD63C27FB96A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7FDDE567-3EDE-4704-8260-58CFE69D064B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8F9D9057-26DD-4C8B-B19D-FB9B98519287}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{AA3A395F-B881-4D6A-A7B8-44827335188F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AC9164EF-9802-4813-B74B-FE0875AABA33}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B653D09C-DEB2-4B34-84FC-3D2646E868D2}" = protocol=17 | dir=in | app=c:\users\admin\videos\utorrent\utorrent.exe | 
"{CE2E7B55-471F-47DF-B53B-08DB7AB999B1}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe | 
"{E399FEDB-AF23-48EF-A7B0-DFC1C91131D8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"TCP Query User{DFD7BBF3-F877-47BB-B927-50DF47826FF9}C:\program files (x86)\call graph\callgraph.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call graph\callgraph.exe | 
"UDP Query User{D5B9CE7B-61A1-46A5-85FB-FA153B417D7D}C:\program files (x86)\call graph\callgraph.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call graph\callgraph.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 265.94
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 265.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 265.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.9.9 (64-bit)
"ProInst" = Intel PROSet Wireless
"Unlocker" = Unlocker 1.9.1-x64
"VLC media player" = VLC media player 2.1.1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}" = RealDownloader
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Deutsch
"{B28DBCBA-60F8-40ED-B35B-F510C327946C}" = OpenOffice 4.0.0
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"3DataManager" = 3DataManager
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.1.1004
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e3135b376bd523e" = Dell System Detect Bootstrapper
"9204f5692a8faf3b" = Dell System Detect
 
< End of report >

--- --- ---

Also zu Schritt 8: Bilde ich mir das ein, oder läuft der Computer deutlich schneller?
Mir kommt vor, der Windows Explorer reagiert viel schneller auf meine Klicks.

Vielen Dank für die Hilfe, wirklich extrem toll, wie Ihr da zu Werke geht.

Ihr seid echt der Hammer!

Machiavelli · 10.05.2014, 21:09

Hey,

Zitat:

Vielen Dank für die Hilfe, wirklich extrem toll, wie Ihr da zu Werke geht.

Kein Problem, gern geschehen.

Schritt 1: OTL Fix

Starte bitte die OTL.exe.
Vista und Win7 User: mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms File not found
O1364bit: - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - AutoRun File - [2008.06.16 14:22:04 | 000,021,960 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.16 18:14:06 | 000,000,057 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)

:Commands
[RESETHOSTS]
[EMPTYTEMP]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Deinen Thread

Starte danach nochmals OTL und klicke auf Quickscan. Poste das Log in den nächsten Thread.

Schritt 2: MBAM

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4: SecurityCheck

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

someone090 · 10.05.2014, 21:13

Eine Frage: muss ich das machen, weil noch Adware am Computer ist? Ich bin natürlich dankbar für die Hilfe.
Eines hab ich gemerkt: ich glaube, der Windows explorer ist etwas schneller, aber das Starten des Notebooks insgesamt ist deutlich länger. Bilde ich mir das nur ein? Was könnte der Grund dafür sein?

Machiavelli · 10.05.2014, 21:16

Ja, bitte mach das alles.

Es kann Einbildung sein, es kann was hardwaretechnisches sein, es kann softwaretechnisch sein, alles ist möglich.

someone090 · 10.05.2014, 22:36

Zitat:

Zitat von Machiavelli

Ja, bitte mach das alles.

Es kann Einbildung sein, es kann was hardwaretechnisches sein, es kann softwaretechnisch sein, alles ist möglich.

Okay. Also ich mach jetzt Schritt 1 mit Oldtimer und seit einer Stunde tut sich nix. Es steht immer nur da "Processing 034 - HKLM BootExecute: (autocheck autochk *)...

Welche Einstellungen sollte ich mit OTL nehmen?
Ich glaube das Ding hat sich aufgehängt und ich muss es nochmal starten.

Machiavelli · 10.05.2014, 22:39

OK, da war ein kleiner Fehler im Script, sorry. Es ist doch wohl zu spät für mich :S

Starte bitte die OTL.exe.
Vista und Win7 User: mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms File not found
O1364bit: - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - AutoRun File - [2008.06.16 14:22:04 | 000,021,960 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.16 18:14:06 | 000,000,057 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()

:Commands
[RESETHOSTS]
[EMPTYTEMP]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Deinen Thread

someone090 · 10.05.2014, 23:03

Okay, also Schritt 1 Log File:

Zitat:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DellSystemDetect not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File E:\Autorun.exe not found.
File E:\Autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae643d17-03d4-11e3-91f8-001e101fb4df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae643d17-03d4-11e3-91f8-001e101fb4df}\ not found.
File E:\.\Autorun.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 2264297 bytes
->Temporary Internet Files folder emptied: 536969 bytes
->Google Chrome cache emptied: 44553977 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: fbwuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 548426 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05102014_234353

Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP0000002D1CAA655E0D0839A1 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Und hier ist die OTL Quickscan Log File:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.05.2014 23:52:21 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,92 Gb Total Physical Memory | 6,02 Gb Available Physical Memory | 76,00% Memory free
15,83 Gb Paging File | 13,84 Gb Available in Paging File | 87,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 414,81 Gb Free Space | 89,08% Space Free | Partition Type: NTFS
Drive E: | 6,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\3DataManager\WTGService.exe ()
PRC - C:\Program Files (x86)\3DataManager\3DataManager.exe (WebToGo Mobile Internet GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\3DataManager\H3GA_WTGSMSPCClientGer.dll ()
MOD - C:\Program Files (x86)\3DataManager\H3GA_OneClickAssistantGer.dll ()
MOD - C:\Program Files (x86)\3DataManager\WTGDriverInstallX.Dll ()
MOD - C:\Program Files (x86)\3DataManager\WTGSMSPCClient.Dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgCore.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgDriverInstall.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgBluetooth.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgDialup.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgDetection.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgDatabase.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgPorts.dll ()
MOD - C:\Program Files (x86)\3DataManager\WtgUtil.dll ()
MOD - C:\Program Files (x86)\3DataManager\WTGDebugs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\SysWOW64\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Official Site - The Power To Do More | Dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 5E 2B 9F F0 6A CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014.05.05 14:29:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014.05.05 14:29:01 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Google
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: RealPlayer Downloader = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.9_0\
CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014.05.10 23:44:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A043E241-EB54-42B1-8D3B-5C124B5177B8}: NameServer = 213.94.78.17 213.94.78.16
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.16 14:22:04 | 000,021,960 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.16 18:14:06 | 000,000,057 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{ae643d17-03d4-11e3-91f8-001e101fb4df}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 14:22:04 | 000,021,960 | R--- | M] ()
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.10 22:16:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2014.05.10 20:38:43 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014.05.10 16:52:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.05.10 16:45:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG2014
[2014.05.10 16:45:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2014.05.10 16:43:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014.05.10 16:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014.05.10 16:40:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014.05.10 16:40:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\MFAData
[2014.05.10 16:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014.05.10 16:40:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Avg2014
[2014.05.10 16:04:29 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.08 21:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
[2014.05.08 18:56:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014.05.08 18:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014.05.07 13:53:44 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014.05.07 13:53:44 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2014.05.07 13:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2014.05.07 13:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2014.05.07 10:59:54 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieUserList
[2014.05.07 10:59:54 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieSiteList
[2014.05.05 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\RealNetworks
[2014.05.05 14:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014.05.05 14:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014.05.05 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014.05.05 14:28:24 | 000,278,600 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014.05.01 17:47:29 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014.04.17 10:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.08.24 10:11:44 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\AppData\Roaming\dotNetFx40_Full_setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.10 23:55:44 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.10 23:55:44 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.10 23:48:32 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.05.10 23:48:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.10 23:48:17 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.10 23:44:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014.05.10 23:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.10 23:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.10 16:04:52 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.08 21:44:39 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.08 21:44:39 | 000,699,666 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.05.08 21:44:39 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.08 21:44:39 | 000,149,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.05.08 21:44:39 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.07 13:53:44 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014.05.07 13:53:44 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2014.05.05 14:28:31 | 000,001,252 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014.05.05 14:28:24 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014.05.01 17:35:53 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2014.05.05 14:28:31 | 000,001,252 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014.03.08 20:36:53 | 000,001,471 | ---- | C] () -- C:\Users\Admin\AppData\Local\RecConfig.xml
[2014.01.22 11:49:29 | 000,000,306 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2013.10.14 19:42:06 | 000,102,548 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.10.04 12:40:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.08.31 12:27:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013.08.24 10:14:13 | 001,594,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.08.20 11:55:52 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013.08.12 15:17:55 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013.08.12 15:17:54 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013.08.12 15:17:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014.05.09 13:47:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\3DataManager
[2014.05.10 16:45:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2014
[2013.09.05 17:18:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2014.02.16 19:17:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2014.05.08 18:33:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2014.01.22 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hexonic Software
[2014.05.08 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\JAM Software
[2013.08.13 19:44:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice
[2013.08.12 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Program Files (x86)
[2013.08.12 17:17:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Publish Providers
[2013.08.15 14:14:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2013.08.22 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony Creative Software
[2014.05.10 16:45:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2014.05.08 18:24:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2013.08.22 10:15:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Win7codecs
[2013.08.12 16:52:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Machiavelli · 10.05.2014, 23:03

OK, ich warte dann auf die anderen Logs.

someone090 · 11.05.2014, 00:32

2. Schritt MalwareBytes:

Zitat:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 11.05.2014
Scan Time: 00:15:32
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.10.11
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308118
Time Elapsed: 9 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

3. Schritt ESET Log File:

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4c164ac669d64446b9659bc16bdfca60
# engine=18213
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-10 11:15:16
# local_time=2014-05-11 01:15:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 127428 151393566 0 0
# scanned=107144
# found=0
# cleaned=0
# scan_time=3165

Schritt 4 SecurityCheck Log File:

Zitat:

Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 13.0.0.206
Adobe Reader XI
Google Chrome 34.0.1847.116
Google Chrome 34.0.1847.131
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Danke sehr.....

Das Notebook startet jetzt auch wieder deutlich schneller als zwischendurch.

Vielen Dank !!

MalwareBytes erkennt 6 Dateien und ich weiß nicht ob sie falsch positiv sind.

Log-Analyse und Auswertung: MalwareBytes erkennt 6 Dateien und ich weiß nicht ob sie falsch positiv sind.