Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Rechner lahm / Virenbefall?

Rechner lahm / Virenbefall?


Log-Analyse und Auswertung: Rechner lahm / Virenbefall?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.05.2014, 08:20   #1
ak400000
 
Rechner lahm / Virenbefall? - Standard

Rechner lahm / Virenbefall?


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.05.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
HAL9000 :: R2D2 [Administrator]

16.05.2014 08:08:57
mbam-log-2014-05-16 (08-08-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 306876
Laufzeit: 7 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {21982F7B-614D-11E2-9C5F-3859F9FB6962} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {21982F7B-614D-11E2-9C5F-3859F9FB6962} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\$RECYCLE.BIN\S-1-5-21-2503926239-1926982911-573156712-1001\$RCQFT81.exe (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-2503926239-1926982911-573156712-1001\$RLHAOC6.exe (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-2503926239-1926982911-573156712-1001\$RN9B408.exe (PUP.Optional.OptimumInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-2503926239-1926982911-573156712-1001\$RT2TKWO.exe (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-2503926239-1926982911-573156712-1001\$RTS31XE.exe (PUP.Optional.OptimumInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-2503926239-1926982911-573156712-1001\$RXZFFHY.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Erneuter Quick-Scan ergab das folgende:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes | Free Anti-Malware & Internet Security Software

Database version: v2014.05.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
Büro :: R2D2 [limited]

16.05.2014 08:56:51
mbam-log-2014-05-16 (08-56-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227997
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 16.05.2014, 08:32   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Rechner lahm / Virenbefall? - Standard

Rechner lahm / Virenbefall?


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 16.05.2014, 10:18   #3
ak400000
 
Rechner lahm / Virenbefall? - Standard

Rechner lahm / Virenbefall?


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Büro (ATTENTION: The logged in user is not administrator) on R2D2 on 16-05-2014 10:30:22
Running from C:\Users\Büro\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Spotify Ltd) C:\Users\Büro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2503926239-1926982911-573156712-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2503926239-1926982911-573156712-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2503926239-1926982911-573156712-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2503926239-1926982911-573156712-1001\...\Run: [Spotify Web Helper] => C:\Users\Büro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-09] (Spotify Ltd)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\f113ze9j.default
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\f113ze9j.default\searchplugins\faroo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flashblock - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\f113ze9j.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-16]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\f113ze9j.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-11-07]

Chrome: 
=======
CHR Extension: (Google Wallet) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-11-23]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 HD_xLU3_RaidUtility; C:\Program Files (x86)\BUFFALO\HD-xLU3\RaidUtility.exe [1045880 2011-02-10] (BUFFALO INC.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 raidfilt; C:\Windows\System32\drivers\raidfilt.sys [20608 2010-10-16] (BUFFALO INC.)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [113960 2013-01-29] (Yamaha Corporation)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 10:30 - 2014-05-16 10:30 - 00015420 _____ () C:\Users\Büro\Downloads\FRST.txt
2014-05-16 10:30 - 2014-05-16 10:30 - 00000000 ____D () C:\FRST
2014-05-16 10:29 - 2014-05-16 10:29 - 02067456 _____ (Farbar) C:\Users\Büro\Downloads\FRST64.exe
2014-05-16 08:54 - 2014-05-16 09:23 - 00000112 _____ () C:\windows\setupact.log
2014-05-16 08:54 - 2014-05-16 08:54 - 00000000 _____ () C:\windows\setuperr.log
2014-05-16 08:53 - 2014-05-16 08:53 - 00002294 _____ () C:\windows\PFRO.log
2014-05-16 08:47 - 2014-05-16 08:47 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Macromedia
2014-05-16 08:17 - 2014-05-16 08:18 - 00000000 ____D () C:\Users\HAL9000\AppData\Roaming\Mozilla
2014-05-16 08:17 - 2014-05-16 08:18 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Mozilla
2014-05-16 08:06 - 2014-05-16 08:06 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-16 08:06 - 2014-05-16 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-16 08:06 - 2014-05-16 08:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-16 08:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-16 07:56 - 2014-05-16 07:56 - 00002092 _____ () C:\Users\Büro\cc_20140516_075645.reg
2014-05-16 07:55 - 2014-05-16 07:55 - 04968079 _____ (Tim Kosse) C:\Users\HAL9000\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-05-16 07:54 - 2014-05-16 07:54 - 00264757 _____ () C:\Users\HAL9000\Downloads\FHSetup.exe
2014-05-16 07:51 - 2014-05-16 07:52 - 74696576 _____ (Adobe Systems Incorporated) C:\Users\HAL9000\Downloads\AdbeRdr11007_en_US.exe
2014-05-16 07:50 - 2014-05-16 07:50 - 18731608 _____ (Adobe Systems Inc.) C:\Users\HAL9000\Downloads\air14_win.exe
2014-05-16 07:46 - 2014-05-16 07:46 - 00005802 _____ () C:\Users\Büro\cc_20140516_074652.reg
2014-05-16 07:32 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 07:32 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 07:32 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 07:32 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 07:32 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 07:32 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-16 07:17 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-16 07:17 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-16 07:17 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-16 07:17 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-16 07:16 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-16 07:16 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-16 07:16 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-16 07:16 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-16 07:16 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-16 07:16 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-16 07:16 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-16 07:16 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-16 07:16 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-16 07:16 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-16 07:16 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-16 07:16 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-16 07:16 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-16 07:16 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-16 07:16 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-16 07:16 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-16 00:19 - 2014-05-16 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-15 16:40 - 2014-05-16 07:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-13 16:13 - 2014-05-13 16:13 - 00000132 _____ () C:\Users\Büro\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-05-11 09:01 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-05-11 09:01 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-05-10 21:05 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-05-10 21:05 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-10 21:05 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-10 21:05 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-05-10 21:05 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-05-10 21:05 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-05-10 21:05 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-05-10 21:05 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-05-10 21:05 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-05-10 21:05 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-05-10 21:05 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-05-10 21:05 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-05-10 21:05 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-05-10 21:05 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-05-10 21:05 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-05-10 21:05 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-05-10 21:04 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-05-10 21:04 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-05-10 12:25 - 2014-05-10 12:25 - 00000000 ____D () C:\Users\Public\Documents\Yamaha
2014-05-10 12:24 - 2014-05-10 12:24 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2014-05-10 12:14 - 2014-05-10 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 22:07 - 2014-05-08 22:07 - 00000106 _____ () C:\Users\Büro\Desktop\surf.txt
2014-05-07 10:43 - 2014-05-07 10:43 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-07 10:34 - 2014-05-07 10:34 - 00000312 _____ () C:\Users\Büro\cc_20140507_103405.reg
2014-05-07 10:32 - 2014-05-07 10:32 - 04745984 _____ (Piriform Ltd) C:\Users\HAL9000\Downloads\ccsetup413.exe
2014-05-06 18:10 - 2014-05-16 07:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-05 17:04 - 2014-05-05 17:04 - 00000373 _____ () C:\Users\Büro\Desktop\headhunter_roland.txt
2014-05-05 16:54 - 2014-05-05 16:54 - 00000000 ____D () C:\Users\Büro\Desktop\V3_2.tif
2014-05-05 16:51 - 2014-05-05 16:51 - 04334219 ____N () C:\Users\Büro\Desktop\V3_2.tif.zip
2014-04-29 13:30 - 2014-05-13 18:21 - 00010370 _____ () C:\Users\Büro\Desktop\vö plan 2014.xlsx
2014-04-28 21:43 - 2014-04-29 13:31 - 00000856 _____ () C:\Users\Büro\Desktop\public domain.txt
2014-04-27 21:12 - 2014-04-27 21:13 - 00000000 ____D () C:\Users\Büro\AppData\Local\{25C47845-8828-4020-A305-0B2A94DEC737}
2014-04-27 10:53 - 2014-04-27 10:53 - 00000826 _____ () C:\Users\Büro\Documents\cc_20140427_105321.reg
2014-04-27 09:12 - 2014-04-27 09:12 - 00000000 ____D () C:\Users\Büro\AppData\Local\{F0519A40-A3BB-43A6-BD95-10FFEF4557DB}
2014-04-22 18:18 - 2014-04-22 18:18 - 00000000 ____D () C:\Users\Büro\Desktop\Hunter - Sign Of The Hunter
2014-04-22 14:51 - 2014-04-22 14:51 - 00001204 _____ () C:\Users\Büro\Documents\cc_20140422_145101.reg
2014-04-16 10:45 - 2014-04-16 10:45 - 00000000 ____D () C:\Users\Büro\Desktop\REYSSWOLF-Studiotrailer-Premaster

==================== One Month Modified Files and Folders =======

2014-05-16 10:30 - 2014-05-16 10:30 - 00015420 _____ () C:\Users\Büro\Downloads\FRST.txt
2014-05-16 10:30 - 2014-05-16 10:30 - 00000000 ____D () C:\FRST
2014-05-16 10:29 - 2014-05-16 10:29 - 02067456 _____ (Farbar) C:\Users\Büro\Downloads\FRST64.exe
2014-05-16 10:28 - 2013-12-02 11:25 - 01585025 _____ () C:\windows\WindowsUpdate.log
2014-05-16 10:06 - 2012-11-06 23:32 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-16 10:06 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-05-16 09:33 - 2013-01-04 11:50 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-16 09:31 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 09:31 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 09:29 - 2011-08-19 00:07 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-05-16 09:29 - 2011-08-19 00:07 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-05-16 09:29 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-16 09:24 - 2011-08-24 16:12 - 00527199 _____ () C:\windows\system32\fastboot.set
2014-05-16 09:23 - 2014-05-16 08:54 - 00000112 _____ () C:\windows\setupact.log
2014-05-16 09:23 - 2013-01-04 11:50 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-16 09:23 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-16 08:54 - 2014-05-16 08:54 - 00000000 _____ () C:\windows\setuperr.log
2014-05-16 08:53 - 2014-05-16 08:53 - 00002294 _____ () C:\windows\PFRO.log
2014-05-16 08:47 - 2014-05-16 08:47 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Macromedia
2014-05-16 08:18 - 2014-05-16 08:17 - 00000000 ____D () C:\Users\HAL9000\AppData\Roaming\Mozilla
2014-05-16 08:18 - 2014-05-16 08:17 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Mozilla
2014-05-16 08:06 - 2014-05-16 08:06 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-16 08:06 - 2014-05-16 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-16 08:06 - 2014-05-16 08:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-16 07:56 - 2014-05-16 07:56 - 00002092 _____ () C:\Users\Büro\cc_20140516_075645.reg
2014-05-16 07:56 - 2012-11-06 22:45 - 00000000 ____D () C:\Users\Büro
2014-05-16 07:55 - 2014-05-16 07:55 - 04968079 _____ (Tim Kosse) C:\Users\HAL9000\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-05-16 07:55 - 2013-11-19 11:56 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-05-16 07:55 - 2013-05-15 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-05-16 07:55 - 2012-11-07 00:54 - 00001999 _____ () C:\Users\HAL9000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-05-16 07:55 - 2012-11-07 00:54 - 00001969 _____ () C:\Users\HAL9000\Desktop\Update Checker.lnk
2014-05-16 07:54 - 2014-05-16 07:54 - 00264757 _____ () C:\Users\HAL9000\Downloads\FHSetup.exe
2014-05-16 07:53 - 2013-10-04 10:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 07:52 - 2014-05-16 07:51 - 74696576 _____ (Adobe Systems Incorporated) C:\Users\HAL9000\Downloads\AdbeRdr11007_en_US.exe
2014-05-16 07:50 - 2014-05-16 07:50 - 18731608 _____ (Adobe Systems Inc.) C:\Users\HAL9000\Downloads\air14_win.exe
2014-05-16 07:47 - 2012-11-10 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-05-16 07:47 - 2012-11-10 20:39 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-16 07:46 - 2014-05-16 07:46 - 00005802 _____ () C:\Users\Büro\cc_20140516_074652.reg
2014-05-16 07:42 - 2012-11-07 00:56 - 00138816 _____ () C:\Users\HAL9000\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-16 07:41 - 2013-06-21 12:58 - 00000000 ___RD () C:\Users\HAL9000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:41 - 2013-06-21 12:58 - 00000000 ___RD () C:\Users\HAL9000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:38 - 2012-11-06 22:46 - 00000000 ___RD () C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:38 - 2012-11-06 22:46 - 00000000 ___RD () C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:35 - 2014-05-06 18:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-16 07:34 - 2012-11-06 23:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 07:31 - 2013-10-28 08:47 - 00000000 ____D () C:\windows\system32\MRT
2014-05-16 07:27 - 2012-11-07 10:28 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-16 07:19 - 2013-04-25 15:07 - 00000000 ____D () C:\Users\itch\Desktop\Grafik Privat
2014-05-16 07:18 - 2012-11-28 21:38 - 00000000 ____D () C:\Music Production
2014-05-16 07:03 - 2012-11-07 11:53 - 00000000 ____D () C:\Users\itch
2014-05-16 07:03 - 2012-11-06 23:09 - 00000000 ____D () C:\Users\HAL9000
2014-05-16 07:02 - 2014-05-16 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-16 07:02 - 2014-05-15 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-16 07:02 - 2013-10-23 14:25 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\Spotify
2014-05-16 07:02 - 2012-11-07 11:53 - 00000000 ___RD () C:\Users\itch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:02 - 2012-11-07 11:53 - 00000000 ___RD () C:\Users\itch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:02 - 2012-11-07 11:53 - 00000000 ____D () C:\Users\itch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-05-16 07:02 - 2012-11-06 22:48 - 00000000 ____D () C:\Users\Büro\AppData\Local\BioExcess
2014-05-16 07:02 - 2011-08-24 16:00 - 00000000 ____D () C:\ProgramData\Port Locker
2014-05-16 07:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-05-16 07:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-05-15 17:53 - 2012-11-06 23:35 - 00000000 ____D () C:\Users\Büro\Documents\Outlook-Dateien
2014-05-15 16:40 - 2013-06-29 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 16:32 - 2013-01-18 10:35 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\FileZilla
2014-05-15 10:10 - 2013-10-23 14:26 - 00000000 ____D () C:\Users\Büro\AppData\Local\Spotify
2014-05-14 23:59 - 2013-10-23 19:02 - 00000000 ____D () C:\Users\itch\AppData\Roaming\Spotify
2014-05-14 12:06 - 2012-11-06 23:32 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 12:06 - 2012-11-06 23:32 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 18:21 - 2014-04-29 13:30 - 00010370 _____ () C:\Users\Büro\Desktop\vö plan 2014.xlsx
2014-05-13 16:13 - 2014-05-13 16:13 - 00000132 _____ () C:\Users\Büro\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-05-12 18:08 - 2009-07-14 06:45 - 05094280 _____ () C:\windows\system32\FNTCACHE.DAT
2014-05-12 14:35 - 2012-11-06 22:48 - 00138816 _____ () C:\Users\Büro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 09:26 - 2013-02-19 13:24 - 00000000 ____D () C:\Users\Büro\Documents\Cubase Projects
2014-05-10 12:37 - 2012-11-06 23:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 12:25 - 2014-05-10 12:25 - 00000000 ____D () C:\Users\Public\Documents\Yamaha
2014-05-10 12:25 - 2011-08-24 15:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-10 12:24 - 2014-05-10 12:24 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2014-05-10 12:14 - 2014-05-10 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-16 07:17 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-16 07:17 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-08 22:07 - 2014-05-08 22:07 - 00000106 _____ () C:\Users\Büro\Desktop\surf.txt
2014-05-07 15:17 - 2012-11-08 15:39 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\vlc
2014-05-07 15:10 - 2012-11-07 12:24 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Downloaded Installations
2014-05-07 10:43 - 2014-05-07 10:43 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-07 10:43 - 2012-11-06 23:21 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-07 10:39 - 2012-11-07 01:03 - 00000000 ____D () C:\windows\pss
2014-05-07 10:39 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-07 10:35 - 2014-01-09 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-05-07 10:35 - 2014-01-09 11:00 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-05-07 10:34 - 2014-05-07 10:34 - 00000312 _____ () C:\Users\Büro\cc_20140507_103405.reg
2014-05-07 10:32 - 2014-05-07 10:32 - 04745984 _____ (Piriform Ltd) C:\Users\HAL9000\Downloads\ccsetup413.exe
2014-05-07 10:32 - 2014-04-09 09:01 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-07 10:32 - 2012-11-07 00:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-06 06:40 - 2014-05-16 07:32 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 07:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 07:32 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 07:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 07:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 07:32 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 17:04 - 2014-05-05 17:04 - 00000373 _____ () C:\Users\Büro\Desktop\headhunter_roland.txt
2014-05-05 16:54 - 2014-05-05 16:54 - 00000000 ____D () C:\Users\Büro\Desktop\V3_2.tif
2014-05-05 16:51 - 2014-05-05 16:51 - 04334219 ____N () C:\Users\Büro\Desktop\V3_2.tif.zip
2014-04-29 18:40 - 2013-12-02 10:51 - 00000000 ____D () C:\Users\Büro\Desktop\Künstlerberatung
2014-04-29 17:35 - 2012-11-07 08:31 - 00105984 ___SH () C:\Users\Büro\Thumbs.db
2014-04-29 13:31 - 2014-04-28 21:43 - 00000856 _____ () C:\Users\Büro\Desktop\public domain.txt
2014-04-27 21:13 - 2014-04-27 21:12 - 00000000 ____D () C:\Users\Büro\AppData\Local\{25C47845-8828-4020-A305-0B2A94DEC737}
2014-04-27 10:53 - 2014-04-27 10:53 - 00000826 _____ () C:\Users\Büro\Documents\cc_20140427_105321.reg
2014-04-27 09:12 - 2014-04-27 09:12 - 00000000 ____D () C:\Users\Büro\AppData\Local\{F0519A40-A3BB-43A6-BD95-10FFEF4557DB}
2014-04-26 12:57 - 2012-11-28 21:08 - 00000000 ____D () C:\Users\Büro\Bellaphon
2014-04-25 09:54 - 2013-09-11 08:04 - 00000000 ____D () C:\Users\Büro\Desktop\privat
2014-04-22 18:18 - 2014-04-22 18:18 - 00000000 ____D () C:\Users\Büro\Desktop\Hunter - Sign Of The Hunter
2014-04-22 14:51 - 2014-04-22 14:51 - 00001204 _____ () C:\Users\Büro\Documents\cc_20140422_145101.reg
2014-04-21 11:22 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-16 10:45 - 2014-04-16 10:45 - 00000000 ____D () C:\Users\Büro\Desktop\REYSSWOLF-Studiotrailer-Premaster

Files to move or delete:
====================
C:\Users\Büro\cc_20121106_235629.reg
C:\Users\Büro\cc_20130227_215835.reg
C:\Users\Büro\cc_20130228_075027.reg
C:\Users\Büro\cc_20130401_094149.reg
C:\Users\Büro\cc_20130629_094808.reg
C:\Users\Büro\cc_20131123_082052.reg
C:\Users\Büro\cc_20131202_102624.reg
C:\Users\Büro\cc_20140311_183757.reg
C:\Users\Büro\cc_20140409_100251.reg
C:\Users\Büro\cc_20140507_103405.reg
C:\Users\Büro\cc_20140516_074652.reg
C:\Users\Büro\cc_20140516_075645.reg


Some content of TEMP:
====================
C:\Users\Büro\AppData\Local\Temp\avgnt.exe
C:\Users\Büro\AppData\Local\Temp\i4jdel0.exe
C:\Users\HAL9000\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-16 07:16] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by Büro at 2014-05-16 10:31:11
Running from C:\Users\Büro\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1X-Ripper (HKLM-x32\...\1X-Ripper_is1) (Version: Aktuelle Version - IN MEDIA KG)
4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.78 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.78 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Design Standard (HKLM-x32\...\{53CF3920-648B-4F99-8D05-6A6C5298F57B}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Any Video Converter 3.5.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Barcode Vectorizer 1.4 (HKLM-x32\...\bcv7f791796fe94af55094ccc34e19b8be7_is1) (Version:  - Viktor Wedel Software Design)
Beatport Downloader (HKLM-x32\...\com.beatport.BeatportDownloader) (Version: 1.4 - Beatport LLC)
Beatport Downloader (x32 Version: 1.4 - Beatport LLC) Hidden
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO RAID Utility (HKLM-x32\...\UN101018) (Version:  - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon RAW Codec (HKLM-x32\...\Canon RAW Codec) (Version: 1.11.0.75 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3623 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
GEAR driver installer 4.020 (HKLM-x32\...\{983CFCAC-5C96-4018-8BEC-D6581644C654}) (Version: 4.020.5 - GEAR Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
ITCH (HKLM-x32\...\{A86FE646-BE8F-46A7-AD10-68B69BB0029E}) (Version: 2.2.2.20 - Serato Audio Research)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MOBackup - Datensicherung für Outlook (Vollversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 6.96 - Heiko Schröder)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Paragon Backup & Recovery™ 2012 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.4001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.4001 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steinberg CI2 Extension 64bit (HKLM-x32\...\{B064BF5C-EBCC-449E-97F8-9E58310B8A96}) (Version: 1.2.1 - Yamaha Corporation)
Steinberg Cubase 6 (HKLM-x32\...\{C6200FF8-999D-4C58-9047-08D2E065BDBB}) (Version: 6.5.4 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic (HKLM-x32\...\{67F1A4F5-E2C0-4E9C-B139-35C247736133}) (Version: 1.6.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic Content (HKLM-x32\...\{1AA20A3E-B833-4309-9155-8A15D479D46F}) (Version: 1.5.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE (HKLM-x32\...\{EF7800A8-575E-4776-95A5-A9D904A85D5F}) (Version: 1.5.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 1.5.2.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg mp3 Encoder (HKLM-x32\...\{FABDD85B-EE3E-4742-964D-06E350A90984}) (Version: 1.0.3.109 - Steinberg Media Technologies GmbH)
Steinberg mp3 Encoder 64bit (HKLM\...\{BF4122F6-E52A-48E2-A49A-77CA7AA4EA24}) (Version: 1.0.3.109 - Steinberg Media Technologies GmbH)
Steinberg Padshop (HKLM-x32\...\{DC0A50F1-AD2A-4B8C-BD9E-C047B3D8F9E5}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue (HKLM-x32\...\{0EB4D2B3-9410-4FB7-AD46-C48CE45B9498}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg VST Sound Loop Set Ambient Lounge (HKLM-x32\...\{AD26ED4C-0A39-4D6E-8F4B-CFAF21FAAD48}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WaveLab Elements 8 (64 bit) (HKLM\...\WaveLabElements8_64) (Version: 8.0.1.665 - Steinberg)
WaveLab Elements 8 (HKLM-x32\...\WaveLabElements8) (Version: 8.0.1.665 - Steinberg)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{E976141F-5B03-429D-84C2-392E6BB1A45A}) (Version: 1.7.3 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.7.3 - Yamaha Corporation) Hidden
Zint (HKCU\...\Zint) (Version: 2.4.3.0 - Robin Stuart & BogDan Vatra)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-04-15 07:28 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RAID Utility [HD-xLU3].lnk => C:\windows\pss\RAID Utility [HD-xLU3].lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrowserChoice => browserchoice.exe
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: FlashPlayerUpdate => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex
MSCONFIG\startupreg: iCloud => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lenovo EE Boot Optimizer => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
MSCONFIG\startupreg: PLTSR => "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== Faulty Device Manager Devices =============

Name: CyberLink WebCam Virtual Driver
Description: CyberLink WebCam Virtual Driver
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: CyberLink
Service: clwvd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom Bluetooth 2.1 USB
Description: Broadcom Bluetooth 2.1 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Display-Audio
Description: Intel(R) Display-Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2014 10:28:20 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (05/16/2014 09:24:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 09:23:39 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (05/16/2014 08:55:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 08:54:36 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (05/16/2014 07:45:12 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (05/16/2014 07:38:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 07:38:02 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (05/16/2014 07:06:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/16/2014 07:05:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/16/2014 10:10:10 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{fb9b1647-ce52-11e0-a0e8-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{EB0EDCB6-98B5-44BA-AB13-A9702E0AE7C4}

Error: (05/16/2014 10:09:55 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.

Error: (05/16/2014 10:09:55 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.

Error: (05/16/2014 10:09:55 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.

Error: (05/16/2014 10:09:55 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.

Error: (05/16/2014 10:09:54 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.

Error: (05/16/2014 10:09:54 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.

Error: (05/16/2014 10:09:54 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.

Error: (05/16/2014 10:09:54 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.

Error: (05/16/2014 10:09:53 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.


Microsoft Office Sessions:
=========================
Error: (05/16/2014 10:28:20 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (05/16/2014 09:24:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 09:23:39 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (05/16/2014 08:55:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 08:54:36 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (05/16/2014 07:45:12 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (05/16/2014 07:38:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 07:38:02 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (05/16/2014 07:06:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Büro\Downloads\COMPUTER_BILD_Download_Manager_fuer_malwarebytes-anti-malware.exe

Error: (05/16/2014 07:05:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 16298.14 MB
Available physical RAM: 14140.52 MB
Total Pagefile: 32594.46 MB
Available Pagefile: 30426.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:44.4 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:4.59 GB) NTFS
Drive e: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================
Hi, und danke schonmal im Vorraus!

Beim dritten Malwarebytes Quick-Scan Durchlauf wurden nun keine infizierten Dateien mehr gefunden.
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.05.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
Büro :: R2D2 [limitiert]

16.05.2014 09:26:39
mbam-log-2014-05-16 (09-26-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227896
Laufzeit: 8 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
__________________
Alt 17.05.2014, 13:10   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Rechner lahm / Virenbefall? - Standard

Rechner lahm / Virenbefall?


Unsere Tools brauchen immer Adminrechte.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.05.2014, 08:56   #5
ak400000
 
Rechner lahm / Virenbefall? - Standard

Rechner lahm / Virenbefall?


Code:
ATTFilter
ComboFix 14-05-16.01 - HAL9000 19.05.2014   9:21.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16298.13864 [GMT 2:00]
ausgeführt von:: c:\users\B³ro\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Propellerhead Software\ReCycle
c:\users\itch\AppData\Roaming\Propellerhead Software\ReCycle
c:\users\itch\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
c:\windows\s.bat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-19 bis 2014-05-19  ))))))))))))))))))))))))))))))
.
.
2014-05-18 20:20 . 2014-05-18 20:20	--------	d-----w-	c:\program files\RdDrv001
2014-05-18 20:20 . 2009-09-18 02:45	56832	----a-w-	c:\windows\system32\RDCP1003.CPL
2014-05-18 20:20 . 2009-09-18 00:02	410624	----a-w-	c:\windows\system32\RDDP1003.DAT
2014-05-18 20:20 . 2009-09-17 23:34	83072	----a-w-	c:\windows\system32\drivers\Rdwm1003.sys
2014-05-18 20:20 . 2009-09-17 22:33	9216	----a-w-	c:\windows\system32\RdCi1003.dll
2014-05-16 15:49 . 2014-05-16 15:49	--------	d-----w-	c:\windows\en
2014-05-16 15:48 . 2014-05-16 15:48	--------	d-----w-	c:\windows\de
2014-05-16 15:46 . 2014-03-31 19:06	58056	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2014-05-16 15:46 . 2014-05-16 15:46	--------	d-----w-	c:\program files\Windows Live
2014-05-16 15:44 . 2010-06-02 02:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2014-05-16 15:44 . 2010-06-02 02:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2014-05-16 15:44 . 2010-06-02 02:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2014-05-16 15:44 . 2010-06-02 02:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2014-05-16 15:44 . 2010-05-26 09:41	2526056	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2014-05-16 15:44 . 2010-05-26 09:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
2014-05-16 15:44 . 2010-05-26 09:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2014-05-16 15:44 . 2010-05-26 09:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2014-05-16 15:41 . 2014-05-16 15:41	--------	d-----w-	c:\program files (x86)\Microsoft OneDrive
2014-05-16 15:41 . 2014-05-16 15:39	6081224	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\b4a38551cf711d05\onedrivesetup.exe
2014-05-16 15:41 . 2014-05-16 15:41	--------	d-----r-	c:\users\HAL9000\OneDrive
2014-05-16 15:40 . 2014-05-16 15:40	--------	d-----w-	c:\programdata\Microsoft OneDrive
2014-05-16 15:39 . 2014-05-16 15:39	94040	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\93f457c1cf711d04\DSETUP.dll
2014-05-16 15:39 . 2014-05-16 15:39	525656	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\93f457c1cf711d04\DXSETUP.exe
2014-05-16 15:39 . 2014-05-16 15:39	1691480	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\93f457c1cf711d04\dsetup32.dll
2014-05-16 15:39 . 2014-05-16 15:39	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\758cb1d1cf711d03\DSETUP.dll
2014-05-16 15:39 . 2014-05-16 15:39	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\758cb1d1cf711d03\DXSETUP.exe
2014-05-16 15:39 . 2014-05-16 15:39	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\758cb1d1cf711d03\dsetup32.dll
2014-05-16 15:39 . 2014-05-16 15:39	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\3cf48fb1cf711d01\DXSETUP.exe
2014-05-16 15:39 . 2014-05-16 15:39	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\3cf48fb1cf711d01\DSETUP.dll
2014-05-16 15:39 . 2014-05-16 15:39	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\3cf48fb1cf711d01\dsetup32.dll
2014-05-16 15:39 . 2014-05-16 15:39	--------	d-----w-	c:\users\HAL9000\AppData\Local\Windows Live
2014-05-16 15:34 . 2014-05-16 15:34	--------	d-----w-	c:\program files\VideoLAN
2014-05-16 15:28 . 2014-05-16 15:28	--------	d-----w-	c:\program files\iPod
2014-05-16 15:28 . 2014-05-16 15:28	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 15:28 . 2014-05-16 15:28	--------	d-----w-	c:\program files\iTunes
2014-05-16 15:28 . 2014-05-16 15:28	--------	d-----w-	c:\program files (x86)\iTunes
2014-05-16 15:19 . 2014-05-16 15:19	--------	d-----w-	c:\users\HAL9000\AppData\Roaming\TuneUp Software
2014-05-16 15:19 . 2014-05-16 15:19	--------	d-----w-	c:\users\HAL9000\AppData\Local\TuneUp Software
2014-05-16 15:18 . 2014-05-16 15:19	--------	d-----w-	c:\programdata\TuneUp Software
2014-05-16 15:18 . 2014-05-16 15:18	--------	d-sh--w-	c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-16 15:18 . 2014-05-16 15:18	--------	d--h--w-	c:\programdata\Common Files
2014-05-16 15:18 . 2014-05-16 15:18	--------	d-----w-	c:\users\HAL9000\AppData\Roaming\OpenCandy
2014-05-16 15:15 . 2014-05-16 15:15	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-05-16 15:14 . 2014-05-16 15:14	313256	----a-w-	c:\windows\system32\javaws.exe
2014-05-16 15:14 . 2014-05-16 15:14	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-16 15:14 . 2014-05-16 15:14	191400	----a-w-	c:\windows\system32\javaw.exe
2014-05-16 15:14 . 2014-05-16 15:14	190888	----a-w-	c:\windows\system32\java.exe
2014-05-16 15:14 . 2014-05-16 15:14	--------	d-----w-	c:\program files\Java
2014-05-16 14:48 . 2014-05-16 14:48	--------	d-----w-	c:\users\Büro\AppData\Roaming\AVAST Software
2014-05-16 14:45 . 2014-05-16 14:45	--------	d-----w-	c:\users\HAL9000\AppData\Roaming\AVAST Software
2014-05-16 14:44 . 2014-05-17 09:31	85328	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-05-16 14:44 . 2014-05-16 14:44	208416	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-05-16 14:44 . 2014-05-17 09:31	1039096	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-05-16 14:44 . 2014-05-17 09:31	423240	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-05-16 14:44 . 2014-05-16 14:44	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-05-16 14:44 . 2014-05-16 14:44	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-05-16 14:44 . 2014-05-16 14:44	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-05-16 14:44 . 2014-05-16 14:44	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-05-16 14:44 . 2014-05-16 14:44	334648	----a-w-	c:\windows\system32\aswBoot.exe
2014-05-16 14:44 . 2014-05-16 14:44	43152	----a-w-	c:\windows\avastSS.scr
2014-05-16 14:43 . 2014-05-16 14:43	--------	d-----w-	c:\program files\AVAST Software
2014-05-16 14:42 . 2014-05-16 14:42	--------	d-----w-	c:\programdata\AVAST Software
2014-05-16 08:30 . 2014-05-16 08:31	--------	d-----w-	C:\FRST
2014-05-16 06:47 . 2014-05-16 06:47	--------	d-----w-	c:\users\HAL9000\AppData\Local\Macromedia
2014-05-16 06:17 . 2014-05-16 06:18	--------	d-----w-	c:\users\HAL9000\AppData\Local\Mozilla
2014-05-16 06:06 . 2014-05-16 06:06	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2014-05-16 06:06 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-16 05:56 . 2014-05-16 05:56	2092	----a-w-	c:\users\Büro\cc_20140516_075645.reg
2014-05-16 05:46 . 2014-05-16 05:46	5802	----a-w-	c:\users\Büro\cc_20140516_074652.reg
2014-05-16 05:32 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-16 05:32 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-16 05:32 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-16 05:32 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-16 05:17 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-05-16 05:17 . 2014-05-09 06:14	477184	----a-w-	c:\windows\system32\aepdu.dll
2014-05-16 05:17 . 2014-05-09 06:11	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-15 14:40 . 2014-05-16 05:02	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-05-11 07:01 . 2014-01-09 02:22	5694464	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-05-11 07:01 . 2014-01-03 22:44	6574592	----a-w-	c:\windows\system32\mstscax.dll
2014-05-10 19:04 . 2013-09-25 02:23	1030144	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-05-10 19:04 . 2013-09-25 01:57	792576	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-05-10 10:24 . 2014-05-10 10:24	--------	d-----w-	c:\program files (x86)\Yamaha
2014-05-08 13:48 . 2014-05-08 13:48	227704	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-07 08:34 . 2014-05-07 08:34	312	----a-w-	c:\users\Büro\cc_20140507_103405.reg
2014-05-07 07:33 . 2014-05-07 07:39	--------	d-----w-	C:\Drivers
2014-05-06 16:10 . 2014-05-16 05:35	--------	d-s---w-	c:\windows\system32\CompatTel
2014-04-27 19:12 . 2014-04-27 19:13	--------	d-----w-	c:\users\Büro\AppData\Local\{25C47845-8828-4020-A305-0B2A94DEC737}
2014-04-27 07:12 . 2014-04-27 07:12	--------	d-----w-	c:\users\Büro\AppData\Local\{F0519A40-A3BB-43A6-BD95-10FFEF4557DB}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-16 15:45 . 2010-06-24 11:33	23264	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-05-16 05:56 . 2014-05-16 05:56	2092	----a-w-	c:\users\Büro\cc_20140516_075645.reg
2014-05-16 05:56 . 2014-05-16 05:56	2092	----a-w-	c:\users\Büro\cc_20140516_075645.reg
2014-05-16 05:46 . 2014-05-16 05:46	5802	----a-w-	c:\users\Büro\cc_20140516_074652.reg
2014-05-16 05:46 . 2014-05-16 05:46	5802	----a-w-	c:\users\Büro\cc_20140516_074652.reg
2014-05-16 05:27 . 2012-11-07 08:28	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-14 10:06 . 2012-11-06 21:32	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 10:06 . 2012-11-06 21:32	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-07 08:34 . 2014-05-07 08:34	312	----a-w-	c:\users\Büro\cc_20140507_103405.reg
2014-05-07 08:34 . 2014-05-07 08:34	312	----a-w-	c:\users\Büro\cc_20140507_103405.reg
2014-04-17 03:31 . 2014-05-16 09:21	10651704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{142AC062-AAAD-4F31-B734-983570466B94}\mpengine.dll
2014-04-15 00:34 . 2014-04-15 00:34	1070232	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-09 07:02 . 2014-04-09 07:02	26898	----a-w-	c:\users\Büro\cc_20140409_100251.reg
2014-04-09 07:02 . 2014-04-09 07:02	26898	----a-w-	c:\users\Büro\cc_20140409_100251.reg
2014-03-31 19:41 . 2014-03-31 19:41	58568	----a-w-	c:\windows\SysWow64\sirenacm.dll
2014-03-31 19:34 . 2014-03-31 19:34	322248	----a-w-	c:\windows\WLXPGSS.SCR
2014-03-31 07:35 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-11 16:38 . 2014-03-11 16:37	7030	----a-w-	c:\users\Büro\cc_20140311_183757.reg
2014-03-11 16:38 . 2014-03-11 16:37	7030	----a-w-	c:\users\Büro\cc_20140311_183757.reg
2014-03-06 09:31 . 2014-04-12 12:44	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-12 12:44	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-12 12:44	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-12 12:43	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-12 12:43	2767360	----a-w-	c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-12 12:44	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-12 12:44	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-12 12:44	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-12 12:44	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-12 12:43	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-12 12:44	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-12 12:43	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-12 12:43	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-12 12:44	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-12 12:44	586240	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-12 12:44	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-12 12:44	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-12 12:43	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-12 12:44	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-12 12:44	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-12 12:43	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-12 12:44	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-12 12:44	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-12 12:43	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-12 12:44	628736	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-12 12:44	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-12 12:43	2043904	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-12 12:43	13551104	----a-w-	c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-12 12:43	1967104	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-12 12:43	2260480	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-12 12:43	1400832	----a-w-	c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-12 12:43	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-12 12:43	1789440	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 05:20	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 05:20	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 05:20	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 05:20	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 05:20	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 05:20	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 05:20	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 05:20	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 05:20	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 05:20	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 05:20	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-16 15:40	223432	----a-w-	c:\users\HAL9000\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-16 15:40	223432	----a-w-	c:\users\HAL9000\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-16 15:40	223432	----a-w-	c:\users\HAL9000\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-12-13 383344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-16 3873704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-14 152392]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]
.
c:\users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam Pro for Notebooks(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 raidfilt;BUFFALO RAID filter driver for HD-xLU3;c:\windows\system32\drivers\raidfilt.sys;c:\windows\SYSNATIVE\drivers\raidfilt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys;c:\windows\SYSNATIVE\DRIVERS\EgisTecFF.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 HD_xLU3_RaidUtility;Dienst des Buffalo RAID-Verwaltungsdienstprogramms;c:\program files (x86)\BUFFALO\HD-xLU3\RaidUtility.exe;c:\program files (x86)\BUFFALO\HD-xLU3\RaidUtility.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RDID1003;UM-2;c:\windows\system32\Drivers\rdwm1003.sys;c:\windows\SYSNATIVE\Drivers\rdwm1003.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys;c:\windows\SYSNATIVE\DRIVERS\synusb64.sys [x]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys;c:\windows\SYSNATIVE\Drivers\vm2uvcflt.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
S3 ysusb64;Yamaha Steinberg USB Audio;c:\windows\system32\drivers\ysusb64.sys;c:\windows\SYSNATIVE\drivers\ysusb64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-13 20:34	1077576	----a-w-	c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-06 10:06]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 09:50]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 09:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-16 15:41	262344	----a-w-	c:\users\HAL9000\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-16 15:41	262344	----a-w-	c:\users\HAL9000\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-16 15:41	262344	----a-w-	c:\users\HAL9000\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-16 14:44	290888	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\HAL9000\AppData\Roaming\Mozilla\Firefox\Profiles\ptkj9imn.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-19  09:51:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-19 07:51
.
Vor Suchlauf: 16 Verzeichnis(se), 73.780.359.168 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 74.183.602.176 Bytes frei
.
- - End Of File - - 4B3187D6F166C4A40D3D2B83D761D1ED


Alt 20.05.2014, 08:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Rechner lahm / Virenbefall? - Standard

Rechner lahm / Virenbefall?


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Rechner lahm / Virenbefall?

Alt 22.05.2014, 08:40   #7
ak400000
 
Rechner lahm / Virenbefall? - Standard

Rechner lahm / Virenbefall?


Code:
ATTFilter
# AdwCleaner v3.210 - Bericht erstellt am 22/05/2014 um 09:15:08
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : HAL9000 - R2D2
# Gestartet von : C:\Users\Büro\Downloads\adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\HAL9000\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\HAL9000\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\HAL9000\AppData\Roaming\OpenCandy

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd-decrypter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dvd-decrypter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\f113ze9j.default\prefs.js ]


[ Datei : C:\Users\HAL9000\AppData\Roaming\Mozilla\Firefox\Profiles\ptkj9imn.default\prefs.js ]


[ Datei : C:\Users\itch\AppData\Roaming\Mozilla\Firefox\Profiles\whutc9oq.default-1354135951059\prefs.js ]


-\\ Google Chrome v34.0.1847.137

[ Datei : C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\HAL9000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\itch\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4253 octets] - [22/05/2014 09:12:53]
AdwCleaner[S0].txt - [4122 octets] - [22/05/2014 09:15:08]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4182 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by HAL9000 on 22.05.2014 at  9:19:55,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2503926239-1926982911-573156712-1003\Software\sweetim



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2014 at  9:30:42,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Büro (ATTENTION: The logged in user is not administrator) on R2D2 on 22-05-2014 09:31:20
Running from C:\Users\Büro\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Spotify Ltd) C:\Users\Büro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-16] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-14] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2503926239-1926982911-573156712-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2503926239-1926982911-573156712-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2503926239-1926982911-573156712-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2503926239-1926982911-573156712-1001\...\Run: [Spotify Web Helper] => C:\Users\Büro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-19] (Spotify Ltd)
Startup: C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\f113ze9j.default
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\f113ze9j.default\searchplugins\faroo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flashblock - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\f113ze9j.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-16]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\f113ze9j.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-06-07]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-11-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-16]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Wallet) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-11-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-16]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-16] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 HD_xLU3_RaidUtility; C:\Program Files (x86)\BUFFALO\HD-xLU3\RaidUtility.exe [1045880 2011-02-10] (BUFFALO INC.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-16] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 raidfilt; C:\Windows\System32\drivers\raidfilt.sys [20608 2010-10-16] (BUFFALO INC.)
R3 RDID1003; C:\Windows\System32\Drivers\rdwm1003.sys [83072 2009-09-18] (Roland Corporation)
R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [113960 2013-01-29] (Yamaha Corporation)
U3 BcmSqlStartupSvc; 
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-22 09:30 - 2014-05-22 09:30 - 00000816 _____ () C:\Users\HAL9000\Desktop\JRT.txt
2014-05-22 09:19 - 2014-05-22 09:19 - 00000000 ____D () C:\windows\ERUNT
2014-05-22 09:16 - 2014-05-22 09:16 - 00000310 _____ () C:\windows\PFRO.log
2014-05-22 09:16 - 2014-05-22 09:16 - 00000056 _____ () C:\windows\setupact.log
2014-05-22 09:16 - 2014-05-22 09:16 - 00000000 _____ () C:\windows\setuperr.log
2014-05-22 09:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-22 09:12 - 2014-05-22 09:15 - 00000000 ____D () C:\AdwCleaner
2014-05-22 08:57 - 2014-05-22 08:57 - 01016261 _____ (Thisisu) C:\Users\Büro\Downloads\JRT.exe
2014-05-22 08:56 - 2014-05-22 08:56 - 01326389 _____ () C:\Users\Büro\Downloads\adwcleaner_3.210.exe
2014-05-22 08:53 - 2014-05-22 08:53 - 00004092 _____ () C:\Users\Büro\cc_20140522_085328.reg
2014-05-21 18:27 - 2014-05-21 18:28 - 156005009 _____ () C:\Users\Büro\Desktop\AFBF.rar
2014-05-21 17:57 - 2014-05-21 18:18 - 00000000 ____D () C:\Users\Büro\Desktop\AFBF
2014-05-21 08:19 - 2014-05-21 08:18 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-05-21 08:15 - 2014-05-21 08:16 - 31112616 _____ (Oracle Corporation) C:\Users\Büro\Downloads\jre-8u5-windows-i586.exe
2014-05-21 08:15 - 2014-05-21 08:15 - 24677393 _____ () C:\Users\Büro\Downloads\vlc-2.1.3-win32.exe
2014-05-21 08:14 - 2014-05-21 08:14 - 02087616 _____ () C:\Users\Büro\Downloads\winrar-x64-501d.exe
2014-05-19 16:28 - 2014-05-19 16:28 - 00000000 ____D () C:\Users\itch\AppData\Roaming\AVAST Software
2014-05-19 09:53 - 2014-05-19 09:53 - 00034520 _____ () C:\Users\Büro\Desktop\combo.txt
2014-05-19 09:51 - 2014-05-19 09:51 - 00034520 _____ () C:\ComboFix.txt
2014-05-19 09:16 - 2014-05-19 09:51 - 00000000 ____D () C:\Qoobox
2014-05-19 09:16 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-05-19 09:16 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-05-19 09:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-05-19 09:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-05-19 09:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-05-19 09:16 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-05-19 09:16 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-05-19 09:16 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-05-19 09:15 - 2014-05-19 09:49 - 00000000 ____D () C:\windows\erdnt
2014-05-19 09:13 - 2014-05-19 09:14 - 05200990 ____R (Swearware) C:\Users\Büro\Desktop\ComboFix.exe
2014-05-19 08:51 - 2014-05-19 08:51 - 00000460 _____ () C:\Users\Büro\Documents\cc_20140519_085151.reg
2014-05-18 22:20 - 2014-05-18 22:20 - 00000000 ____D () C:\Users\Büro\Downloads\UM2_Win7drv_64
2014-05-18 22:20 - 2014-05-18 22:20 - 00000000 ____D () C:\Program Files\RdDrv001
2014-05-18 22:20 - 2009-09-18 04:45 - 00056832 _____ () C:\windows\system32\RDCP1003.CPL
2014-05-18 22:20 - 2009-09-18 02:02 - 00410624 _____ (Roland Corporation) C:\windows\system32\RDDP1003.DAT
2014-05-18 22:20 - 2009-09-18 01:34 - 00083072 _____ (Roland Corporation) C:\windows\system32\Drivers\Rdwm1003.sys
2014-05-18 22:20 - 2009-09-18 00:33 - 00009216 _____ () C:\windows\system32\RdCi1003.dll
2014-05-18 22:19 - 2014-05-18 22:19 - 01472607 _____ () C:\Users\Büro\Downloads\UM2_Win7drv_64.zip
2014-05-16 17:49 - 2014-05-16 17:49 - 00000000 ____D () C:\windows\en
2014-05-16 17:48 - 2014-05-16 17:48 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-16 17:48 - 2014-05-16 17:48 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-16 17:48 - 2014-05-16 17:48 - 00000000 ____D () C:\windows\de
2014-05-16 17:46 - 2014-05-16 17:46 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-16 17:46 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fssfltr.sys
2014-05-16 17:44 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2014-05-16 17:44 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2014-05-16 17:44 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2014-05-16 17:44 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2014-05-16 17:44 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2014-05-16 17:44 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2014-05-16 17:44 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-05-16 17:44 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2014-05-16 17:41 - 2014-05-16 17:41 - 00002196 _____ () C:\Users\HAL9000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-16 17:41 - 2014-05-16 17:41 - 00002120 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-16 17:41 - 2014-05-16 17:41 - 00002120 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-16 17:41 - 2014-05-16 17:41 - 00000000 ___RD () C:\Users\HAL9000\OneDrive
2014-05-16 17:41 - 2014-05-16 17:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-05-16 17:40 - 2014-05-16 17:40 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-05-16 17:39 - 2014-05-16 17:39 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Windows Live
2014-05-16 17:35 - 2014-05-16 17:35 - 01239752 _____ (Microsoft Corporation) C:\Users\HAL9000\Downloads\wlsetup-web.exe
2014-05-16 17:34 - 2014-05-21 08:17 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-16 17:34 - 2014-05-16 17:34 - 00000000 ____D () C:\Program Files\VideoLAN
2014-05-16 17:30 - 2014-05-16 17:30 - 25035644 _____ () C:\Users\HAL9000\Downloads\vlc-2.1.3-win64.exe
2014-05-16 17:28 - 2014-05-16 17:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-16 17:28 - 2014-05-16 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-16 17:28 - 2014-05-16 17:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 17:28 - 2014-05-16 17:28 - 00000000 ____D () C:\Program Files\iTunes
2014-05-16 17:28 - 2014-05-16 17:28 - 00000000 ____D () C:\Program Files\iPod
2014-05-16 17:28 - 2014-05-16 17:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-16 17:19 - 2014-05-16 17:19 - 00000000 ____D () C:\Users\HAL9000\AppData\Roaming\TuneUp Software
2014-05-16 17:19 - 2014-05-16 17:19 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\TuneUp Software
2014-05-16 17:18 - 2014-05-16 17:20 - 112623440 _____ (Apple Inc.) C:\Users\HAL9000\Downloads\iTunes64Setup.exe
2014-05-16 17:18 - 2014-05-16 17:19 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-05-16 17:18 - 2014-05-16 17:18 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-16 17:15 - 2014-05-16 17:16 - 31488344 _____ (Any-Video-Converter.com ) C:\Users\HAL9000\Downloads\avc-free.exe
2014-05-16 17:14 - 2014-05-16 17:14 - 00313256 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-05-16 17:14 - 2014-05-16 17:14 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-05-16 17:14 - 2014-05-16 17:14 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-05-16 17:14 - 2014-05-16 17:14 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-05-16 17:14 - 2014-05-16 17:14 - 00000000 ____D () C:\Program Files\Java
2014-05-16 17:13 - 2014-05-16 17:13 - 34131368 _____ (Oracle Corporation) C:\Users\HAL9000\Downloads\jre-8u5-windows-x64.exe
2014-05-16 17:10 - 2014-05-16 17:11 - 34131368 _____ (Oracle Corporation) C:\Users\Büro\Downloads\jre-8u5-windows-x64.exe
2014-05-16 16:52 - 2014-05-16 16:52 - 00000830 _____ () C:\Users\Büro\Documents\cc_20140516_165243.reg
2014-05-16 16:48 - 2014-05-16 16:48 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\AVAST Software
2014-05-16 16:45 - 2014-05-16 16:45 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-16 16:45 - 2014-05-16 16:45 - 00000000 ____D () C:\Users\HAL9000\AppData\Roaming\AVAST Software
2014-05-16 16:45 - 2014-05-16 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-16 16:44 - 2014-05-17 11:31 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-05-16 16:44 - 2014-05-17 11:31 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-05-16 16:44 - 2014-05-17 11:31 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-05-16 16:44 - 2014-05-16 16:44 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.1400319086836
2014-05-16 16:44 - 2014-05-16 16:44 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.1400319086836
2014-05-16 16:44 - 2014-05-16 16:44 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-05-16 16:44 - 2014-05-16 16:44 - 00208416 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-05-16 16:44 - 2014-05-16 16:44 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-05-16 16:44 - 2014-05-16 16:44 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-05-16 16:44 - 2014-05-16 16:44 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-05-16 16:44 - 2014-05-16 16:44 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-05-16 16:44 - 2014-05-16 16:44 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-05-16 16:43 - 2014-05-16 16:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-16 16:42 - 2014-05-16 16:42 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-16 16:36 - 2014-05-16 16:36 - 88882192 _____ (AVAST Software) C:\Users\Büro\Downloads\avast_free_antivirus_setup_9_0_2018.exe
2014-05-16 11:24 - 2014-05-16 11:24 - 00006764 _____ () C:\Users\Büro\Documents\cc_20140516_112447.reg
2014-05-16 10:31 - 2014-05-16 11:18 - 00041391 _____ () C:\Users\Büro\Downloads\Addition.txt
2014-05-16 10:30 - 2014-05-22 09:31 - 00017528 _____ () C:\Users\Büro\Downloads\FRST.txt
2014-05-16 10:30 - 2014-05-22 09:31 - 00000000 ____D () C:\FRST
2014-05-16 10:29 - 2014-05-16 10:29 - 02067456 _____ (Farbar) C:\Users\Büro\Downloads\FRST64.exe
2014-05-16 08:47 - 2014-05-16 08:47 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Macromedia
2014-05-16 08:17 - 2014-05-16 08:18 - 00000000 ____D () C:\Users\HAL9000\AppData\Roaming\Mozilla
2014-05-16 08:17 - 2014-05-16 08:18 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Mozilla
2014-05-16 08:06 - 2014-05-16 08:06 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-16 08:06 - 2014-05-16 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-16 08:06 - 2014-05-16 08:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-16 08:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-16 07:56 - 2014-05-16 07:56 - 00002092 _____ () C:\Users\Büro\cc_20140516_075645.reg
2014-05-16 07:55 - 2014-05-16 07:55 - 04968079 _____ (Tim Kosse) C:\Users\HAL9000\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-05-16 07:54 - 2014-05-16 07:54 - 00264757 _____ () C:\Users\HAL9000\Downloads\FHSetup.exe
2014-05-16 07:51 - 2014-05-16 07:52 - 74696576 _____ (Adobe Systems Incorporated) C:\Users\HAL9000\Downloads\AdbeRdr11007_en_US.exe
2014-05-16 07:50 - 2014-05-16 07:50 - 18731608 _____ (Adobe Systems Inc.) C:\Users\HAL9000\Downloads\air14_win.exe
2014-05-16 07:46 - 2014-05-16 07:46 - 00005802 _____ () C:\Users\Büro\cc_20140516_074652.reg
2014-05-16 07:32 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 07:32 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 07:32 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 07:32 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 07:32 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 07:32 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-16 07:17 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-16 07:17 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-16 07:17 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-16 07:17 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-16 07:16 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-16 07:16 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-16 07:16 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-16 07:16 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-16 07:16 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-16 07:16 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-16 07:16 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-16 07:16 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-16 07:16 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-16 07:16 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-16 07:16 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-16 07:16 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-16 07:16 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-16 07:16 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-16 07:16 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-16 07:16 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-16 07:16 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-16 07:16 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-16 07:16 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-16 00:19 - 2014-05-16 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-15 16:40 - 2014-05-16 07:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-13 16:13 - 2014-05-13 16:13 - 00000132 _____ () C:\Users\Büro\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-05-11 09:01 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-05-11 09:01 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-05-10 21:05 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-05-10 21:05 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-10 21:05 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-10 21:05 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-05-10 21:05 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-05-10 21:05 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-05-10 21:05 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-05-10 21:05 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-05-10 21:05 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-05-10 21:05 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-05-10 21:05 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-05-10 21:05 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-05-10 21:05 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-05-10 21:05 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-05-10 21:05 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-05-10 21:05 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-05-10 21:04 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-05-10 21:04 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-05-10 12:25 - 2014-05-10 12:25 - 00000000 ____D () C:\Users\Public\Documents\Yamaha
2014-05-10 12:24 - 2014-05-10 12:24 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2014-05-10 12:14 - 2014-05-10 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 22:07 - 2014-05-08 22:07 - 00000106 _____ () C:\Users\Büro\Desktop\surf.txt
2014-05-07 10:43 - 2014-05-07 10:43 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-07 10:34 - 2014-05-07 10:34 - 00000312 _____ () C:\Users\Büro\cc_20140507_103405.reg
2014-05-07 10:32 - 2014-05-07 10:32 - 04745984 _____ (Piriform Ltd) C:\Users\HAL9000\Downloads\ccsetup413.exe
2014-05-06 18:10 - 2014-05-16 07:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-05 17:04 - 2014-05-05 17:04 - 00000373 _____ () C:\Users\Büro\Desktop\headhunter_roland.txt
2014-05-05 16:54 - 2014-05-05 16:54 - 00000000 ____D () C:\Users\Büro\Desktop\V3_2.tif
2014-04-29 13:30 - 2014-05-13 18:21 - 00010370 _____ () C:\Users\Büro\Desktop\vö plan 2014.xlsx
2014-04-28 21:43 - 2014-04-29 13:31 - 00000856 _____ () C:\Users\Büro\Desktop\public domain.txt
2014-04-27 21:12 - 2014-04-27 21:13 - 00000000 ____D () C:\Users\Büro\AppData\Local\{25C47845-8828-4020-A305-0B2A94DEC737}
2014-04-27 10:53 - 2014-04-27 10:53 - 00000826 _____ () C:\Users\Büro\Documents\cc_20140427_105321.reg
2014-04-27 09:12 - 2014-04-27 09:12 - 00000000 ____D () C:\Users\Büro\AppData\Local\{F0519A40-A3BB-43A6-BD95-10FFEF4557DB}
2014-04-22 18:18 - 2014-04-22 18:18 - 00000000 ____D () C:\Users\Büro\Desktop\Hunter - Sign Of The Hunter
2014-04-22 14:51 - 2014-04-22 14:51 - 00001204 _____ () C:\Users\Büro\Documents\cc_20140422_145101.reg

==================== One Month Modified Files and Folders =======

2014-05-22 09:32 - 2014-05-16 10:30 - 00017528 _____ () C:\Users\Büro\Downloads\FRST.txt
2014-05-22 09:31 - 2014-05-16 10:30 - 00000000 ____D () C:\FRST
2014-05-22 09:30 - 2014-05-22 09:30 - 00000816 _____ () C:\Users\HAL9000\Desktop\JRT.txt
2014-05-22 09:24 - 2011-08-19 00:07 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-05-22 09:24 - 2011-08-19 00:07 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-05-22 09:24 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-22 09:24 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 09:24 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 09:19 - 2014-05-22 09:19 - 00000000 ____D () C:\windows\ERUNT
2014-05-22 09:17 - 2013-01-04 11:50 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 09:17 - 2011-08-24 16:12 - 00214405 _____ () C:\windows\system32\fastboot.set
2014-05-22 09:17 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-22 09:16 - 2014-05-22 09:16 - 00000310 _____ () C:\windows\PFRO.log
2014-05-22 09:16 - 2014-05-22 09:16 - 00000056 _____ () C:\windows\setupact.log
2014-05-22 09:16 - 2014-05-22 09:16 - 00000000 _____ () C:\windows\setuperr.log
2014-05-22 09:16 - 2013-12-02 11:25 - 01771739 _____ () C:\windows\WindowsUpdate.log
2014-05-22 09:15 - 2014-05-22 09:12 - 00000000 ____D () C:\AdwCleaner
2014-05-22 09:06 - 2012-11-06 23:32 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 08:57 - 2014-05-22 08:57 - 01016261 _____ (Thisisu) C:\Users\Büro\Downloads\JRT.exe
2014-05-22 08:56 - 2014-05-22 08:56 - 01326389 _____ () C:\Users\Büro\Downloads\adwcleaner_3.210.exe
2014-05-22 08:53 - 2014-05-22 08:53 - 00004092 _____ () C:\Users\Büro\cc_20140522_085328.reg
2014-05-22 08:53 - 2012-11-06 22:45 - 00000000 ____D () C:\Users\Büro
2014-05-21 22:34 - 2013-01-04 11:50 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 21:56 - 2012-11-06 23:35 - 00000000 ____D () C:\Users\Büro\Documents\Outlook-Dateien
2014-05-21 20:14 - 2012-11-08 15:39 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\vlc
2014-05-21 18:51 - 2013-10-23 14:26 - 00000000 ____D () C:\Users\Büro\AppData\Local\Spotify
2014-05-21 18:51 - 2013-10-23 14:25 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\Spotify
2014-05-21 18:28 - 2014-05-21 18:27 - 156005009 _____ () C:\Users\Büro\Desktop\AFBF.rar
2014-05-21 18:18 - 2014-05-21 17:57 - 00000000 ____D () C:\Users\Büro\Desktop\AFBF
2014-05-21 12:00 - 2012-11-08 15:01 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-21 08:18 - 2014-05-21 08:19 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-05-21 08:18 - 2013-11-19 12:01 - 00176040 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-05-21 08:18 - 2013-11-19 12:01 - 00176040 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-05-21 08:18 - 2013-11-19 12:01 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-21 08:18 - 2013-05-20 15:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-21 08:17 - 2014-05-16 17:34 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-21 08:17 - 2012-11-08 15:01 - 00000000 ____D () C:\Users\HAL9000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-21 08:17 - 2012-11-08 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-21 08:16 - 2014-05-21 08:15 - 31112616 _____ (Oracle Corporation) C:\Users\Büro\Downloads\jre-8u5-windows-i586.exe
2014-05-21 08:15 - 2014-05-21 08:15 - 24677393 _____ () C:\Users\Büro\Downloads\vlc-2.1.3-win32.exe
2014-05-21 08:14 - 2014-05-21 08:14 - 02087616 _____ () C:\Users\Büro\Downloads\winrar-x64-501d.exe
2014-05-19 21:59 - 2014-02-28 15:23 - 00000000 ____D () C:\Users\Büro\AppData\Local\Windows Live
2014-05-19 16:29 - 2013-10-23 19:02 - 00000000 ____D () C:\Users\itch\AppData\Roaming\Spotify
2014-05-19 16:28 - 2014-05-19 16:28 - 00000000 ____D () C:\Users\itch\AppData\Roaming\AVAST Software
2014-05-19 16:28 - 2012-11-07 11:53 - 00000000 ___RD () C:\Users\itch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 16:28 - 2012-11-07 11:53 - 00000000 ___RD () C:\Users\itch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 14:36 - 2013-01-18 10:35 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\FileZilla
2014-05-19 09:53 - 2014-05-19 09:53 - 00034520 _____ () C:\Users\Büro\Desktop\combo.txt
2014-05-19 09:51 - 2014-05-19 09:51 - 00034520 _____ () C:\ComboFix.txt
2014-05-19 09:51 - 2014-05-19 09:16 - 00000000 ____D () C:\Qoobox
2014-05-19 09:51 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-19 09:49 - 2014-05-19 09:15 - 00000000 ____D () C:\windows\erdnt
2014-05-19 09:43 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-05-19 09:32 - 2012-11-29 01:39 - 00000000 ____D () C:\Users\itch\AppData\Roaming\Propellerhead Software
2014-05-19 09:32 - 2012-11-29 01:39 - 00000000 ____D () C:\ProgramData\Propellerhead Software
2014-05-19 09:14 - 2014-05-19 09:13 - 05200990 ____R (Swearware) C:\Users\Büro\Desktop\ComboFix.exe
2014-05-19 08:51 - 2014-05-19 08:51 - 00000460 _____ () C:\Users\Büro\Documents\cc_20140519_085151.reg
2014-05-19 08:49 - 2013-11-04 13:02 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-05-19 08:49 - 2012-11-07 00:19 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-05-19 08:49 - 2012-11-07 00:19 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-05-19 08:49 - 2012-11-07 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-05-18 22:20 - 2014-05-18 22:20 - 00000000 ____D () C:\Users\Büro\Downloads\UM2_Win7drv_64
2014-05-18 22:20 - 2014-05-18 22:20 - 00000000 ____D () C:\Program Files\RdDrv001
2014-05-18 22:19 - 2014-05-18 22:19 - 01472607 _____ () C:\Users\Büro\Downloads\UM2_Win7drv_64.zip
2014-05-17 20:11 - 2012-11-06 23:09 - 00000000 ____D () C:\Users\HAL9000
2014-05-17 11:31 - 2014-05-16 16:44 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-05-17 11:31 - 2014-05-16 16:44 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-05-17 11:31 - 2014-05-16 16:44 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-05-16 17:49 - 2014-05-16 17:49 - 00000000 ____D () C:\windows\en
2014-05-16 17:48 - 2014-05-16 17:48 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-16 17:48 - 2014-05-16 17:48 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-16 17:48 - 2014-05-16 17:48 - 00000000 ____D () C:\windows\de
2014-05-16 17:48 - 2011-08-24 16:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-16 17:47 - 2011-08-24 16:05 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-05-16 17:47 - 2011-08-24 16:05 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-16 17:46 - 2014-05-16 17:46 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-16 17:46 - 2011-08-24 16:05 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-16 17:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-16 17:41 - 2014-05-16 17:41 - 00002196 _____ () C:\Users\HAL9000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-16 17:41 - 2014-05-16 17:41 - 00002120 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-16 17:41 - 2014-05-16 17:41 - 00002120 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-16 17:41 - 2014-05-16 17:41 - 00000000 ___RD () C:\Users\HAL9000\OneDrive
2014-05-16 17:41 - 2014-05-16 17:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-05-16 17:40 - 2014-05-16 17:40 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-05-16 17:39 - 2014-05-16 17:39 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Windows Live
2014-05-16 17:35 - 2014-05-16 17:35 - 01239752 _____ (Microsoft Corporation) C:\Users\HAL9000\Downloads\wlsetup-web.exe
2014-05-16 17:34 - 2014-05-16 17:34 - 00000000 ____D () C:\Program Files\VideoLAN
2014-05-16 17:30 - 2014-05-16 17:30 - 25035644 _____ () C:\Users\HAL9000\Downloads\vlc-2.1.3-win64.exe
2014-05-16 17:28 - 2014-05-16 17:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-16 17:28 - 2014-05-16 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-16 17:28 - 2014-05-16 17:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 17:28 - 2014-05-16 17:28 - 00000000 ____D () C:\Program Files\iTunes
2014-05-16 17:28 - 2014-05-16 17:28 - 00000000 ____D () C:\Program Files\iPod
2014-05-16 17:28 - 2014-05-16 17:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-16 17:20 - 2014-05-16 17:18 - 112623440 _____ (Apple Inc.) C:\Users\HAL9000\Downloads\iTunes64Setup.exe
2014-05-16 17:19 - 2014-05-16 17:19 - 00000000 ____D () C:\Users\HAL9000\AppData\Roaming\TuneUp Software
2014-05-16 17:19 - 2014-05-16 17:19 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\TuneUp Software
2014-05-16 17:19 - 2014-05-16 17:18 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-05-16 17:18 - 2014-05-16 17:18 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-16 17:16 - 2014-05-16 17:15 - 31488344 _____ (Any-Video-Converter.com ) C:\Users\HAL9000\Downloads\avc-free.exe
2014-05-16 17:14 - 2014-05-16 17:14 - 00313256 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-05-16 17:14 - 2014-05-16 17:14 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-05-16 17:14 - 2014-05-16 17:14 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-05-16 17:14 - 2014-05-16 17:14 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-05-16 17:14 - 2014-05-16 17:14 - 00000000 ____D () C:\Program Files\Java
2014-05-16 17:14 - 2013-11-19 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-16 17:13 - 2014-05-16 17:13 - 34131368 _____ (Oracle Corporation) C:\Users\HAL9000\Downloads\jre-8u5-windows-x64.exe
2014-05-16 17:11 - 2014-05-16 17:10 - 34131368 _____ (Oracle Corporation) C:\Users\Büro\Downloads\jre-8u5-windows-x64.exe
2014-05-16 16:52 - 2014-05-16 16:52 - 00000830 _____ () C:\Users\Büro\Documents\cc_20140516_165243.reg
2014-05-16 16:48 - 2014-05-16 16:48 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\AVAST Software
2014-05-16 16:45 - 2014-05-16 16:45 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-16 16:45 - 2014-05-16 16:45 - 00000000 ____D () C:\Users\HAL9000\AppData\Roaming\AVAST Software
2014-05-16 16:45 - 2014-05-16 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-16 16:44 - 2014-05-16 16:44 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.1400319086836
2014-05-16 16:44 - 2014-05-16 16:44 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.1400319086836
2014-05-16 16:44 - 2014-05-16 16:44 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-05-16 16:44 - 2014-05-16 16:44 - 00208416 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-05-16 16:44 - 2014-05-16 16:44 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-05-16 16:44 - 2014-05-16 16:44 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-05-16 16:44 - 2014-05-16 16:44 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-05-16 16:44 - 2014-05-16 16:44 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-05-16 16:44 - 2014-05-16 16:44 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-05-16 16:43 - 2014-05-16 16:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-16 16:42 - 2014-05-16 16:42 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-16 16:36 - 2014-05-16 16:36 - 88882192 _____ (AVAST Software) C:\Users\Büro\Downloads\avast_free_antivirus_setup_9_0_2018.exe
2014-05-16 11:24 - 2014-05-16 11:24 - 00006764 _____ () C:\Users\Büro\Documents\cc_20140516_112447.reg
2014-05-16 11:18 - 2014-05-16 10:31 - 00041391 _____ () C:\Users\Büro\Downloads\Addition.txt
2014-05-16 10:29 - 2014-05-16 10:29 - 02067456 _____ (Farbar) C:\Users\Büro\Downloads\FRST64.exe
2014-05-16 10:06 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-05-16 08:47 - 2014-05-16 08:47 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Macromedia
2014-05-16 08:18 - 2014-05-16 08:17 - 00000000 ____D () C:\Users\HAL9000\AppData\Roaming\Mozilla
2014-05-16 08:18 - 2014-05-16 08:17 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Mozilla
2014-05-16 08:06 - 2014-05-16 08:06 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-16 08:06 - 2014-05-16 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-16 08:06 - 2014-05-16 08:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-16 07:56 - 2014-05-16 07:56 - 00002092 _____ () C:\Users\Büro\cc_20140516_075645.reg
2014-05-16 07:55 - 2014-05-16 07:55 - 04968079 _____ (Tim Kosse) C:\Users\HAL9000\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-05-16 07:55 - 2013-11-19 11:56 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-05-16 07:55 - 2013-05-15 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-05-16 07:55 - 2012-11-07 00:54 - 00001999 _____ () C:\Users\HAL9000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-05-16 07:55 - 2012-11-07 00:54 - 00001969 _____ () C:\Users\HAL9000\Desktop\Update Checker.lnk
2014-05-16 07:54 - 2014-05-16 07:54 - 00264757 _____ () C:\Users\HAL9000\Downloads\FHSetup.exe
2014-05-16 07:53 - 2013-10-04 10:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 07:52 - 2014-05-16 07:51 - 74696576 _____ (Adobe Systems Incorporated) C:\Users\HAL9000\Downloads\AdbeRdr11007_en_US.exe
2014-05-16 07:50 - 2014-05-16 07:50 - 18731608 _____ (Adobe Systems Inc.) C:\Users\HAL9000\Downloads\air14_win.exe
2014-05-16 07:47 - 2012-11-10 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-05-16 07:47 - 2012-11-10 20:39 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-16 07:46 - 2014-05-16 07:46 - 00005802 _____ () C:\Users\Büro\cc_20140516_074652.reg
2014-05-16 07:42 - 2012-11-07 00:56 - 00138816 _____ () C:\Users\HAL9000\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-16 07:41 - 2013-06-21 12:58 - 00000000 ___RD () C:\Users\HAL9000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:41 - 2013-06-21 12:58 - 00000000 ___RD () C:\Users\HAL9000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:38 - 2012-11-06 22:46 - 00000000 ___RD () C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:38 - 2012-11-06 22:46 - 00000000 ___RD () C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:35 - 2014-05-06 18:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-16 07:34 - 2012-11-06 23:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 07:31 - 2013-10-28 08:47 - 00000000 ____D () C:\windows\system32\MRT
2014-05-16 07:27 - 2012-11-07 10:28 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-16 07:19 - 2013-04-25 15:07 - 00000000 ____D () C:\Users\itch\Desktop\Grafik Privat
2014-05-16 07:18 - 2012-11-28 21:38 - 00000000 ____D () C:\Music Production
2014-05-16 07:03 - 2012-11-07 11:53 - 00000000 ____D () C:\Users\itch
2014-05-16 07:02 - 2014-05-16 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-16 07:02 - 2014-05-15 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-16 07:02 - 2012-11-07 11:53 - 00000000 ____D () C:\Users\itch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-05-16 07:02 - 2012-11-06 22:48 - 00000000 ____D () C:\Users\Büro\AppData\Local\BioExcess
2014-05-16 07:02 - 2011-08-24 16:00 - 00000000 ____D () C:\ProgramData\Port Locker
2014-05-16 07:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-05-16 07:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-05-15 16:40 - 2013-06-29 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 12:06 - 2012-11-06 23:32 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 12:06 - 2012-11-06 23:32 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 18:21 - 2014-04-29 13:30 - 00010370 _____ () C:\Users\Büro\Desktop\vö plan 2014.xlsx
2014-05-13 16:13 - 2014-05-13 16:13 - 00000132 _____ () C:\Users\Büro\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-05-12 18:08 - 2009-07-14 06:45 - 05094280 _____ () C:\windows\system32\FNTCACHE.DAT
2014-05-12 14:35 - 2012-11-06 22:48 - 00138816 _____ () C:\Users\Büro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 09:26 - 2013-02-19 13:24 - 00000000 ____D () C:\Users\Büro\Documents\Cubase Projects
2014-05-10 12:37 - 2012-11-06 23:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 12:25 - 2014-05-10 12:25 - 00000000 ____D () C:\Users\Public\Documents\Yamaha
2014-05-10 12:25 - 2011-08-24 15:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-10 12:24 - 2014-05-10 12:24 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2014-05-10 12:14 - 2014-05-10 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-16 07:17 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-16 07:17 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-08 22:07 - 2014-05-08 22:07 - 00000106 _____ () C:\Users\Büro\Desktop\surf.txt
2014-05-07 15:10 - 2012-11-07 12:24 - 00000000 ____D () C:\Users\HAL9000\AppData\Local\Downloaded Installations
2014-05-07 10:43 - 2014-05-07 10:43 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-07 10:43 - 2012-11-06 23:21 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-07 10:39 - 2012-11-07 01:03 - 00000000 ____D () C:\windows\pss
2014-05-07 10:39 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-07 10:35 - 2014-01-09 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-05-07 10:35 - 2014-01-09 11:00 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-05-07 10:34 - 2014-05-07 10:34 - 00000312 _____ () C:\Users\Büro\cc_20140507_103405.reg
2014-05-07 10:32 - 2014-05-07 10:32 - 04745984 _____ (Piriform Ltd) C:\Users\HAL9000\Downloads\ccsetup413.exe
2014-05-07 10:32 - 2014-04-09 09:01 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-07 10:32 - 2012-11-07 00:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-06 06:40 - 2014-05-16 07:32 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 07:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 07:32 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 07:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 07:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 07:32 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 17:04 - 2014-05-05 17:04 - 00000373 _____ () C:\Users\Büro\Desktop\headhunter_roland.txt
2014-05-05 16:54 - 2014-05-05 16:54 - 00000000 ____D () C:\Users\Büro\Desktop\V3_2.tif
2014-04-29 18:40 - 2013-12-02 10:51 - 00000000 ____D () C:\Users\Büro\Desktop\Künstlerberatung
2014-04-29 17:35 - 2012-11-07 08:31 - 00105984 ___SH () C:\Users\Büro\Thumbs.db
2014-04-29 13:31 - 2014-04-28 21:43 - 00000856 _____ () C:\Users\Büro\Desktop\public domain.txt
2014-04-27 21:13 - 2014-04-27 21:12 - 00000000 ____D () C:\Users\Büro\AppData\Local\{25C47845-8828-4020-A305-0B2A94DEC737}
2014-04-27 10:53 - 2014-04-27 10:53 - 00000826 _____ () C:\Users\Büro\Documents\cc_20140427_105321.reg
2014-04-27 09:12 - 2014-04-27 09:12 - 00000000 ____D () C:\Users\Büro\AppData\Local\{F0519A40-A3BB-43A6-BD95-10FFEF4557DB}
2014-04-26 12:57 - 2012-11-28 21:08 - 00000000 ____D () C:\Users\Büro\Bellaphon
2014-04-25 09:54 - 2013-09-11 08:04 - 00000000 ____D () C:\Users\Büro\Desktop\privat
2014-04-22 18:18 - 2014-04-22 18:18 - 00000000 ____D () C:\Users\Büro\Desktop\Hunter - Sign Of The Hunter
2014-04-22 14:51 - 2014-04-22 14:51 - 00001204 _____ () C:\Users\Büro\Documents\cc_20140422_145101.reg

Files to move or delete:
====================
C:\Users\Büro\cc_20121106_235629.reg
C:\Users\Büro\cc_20130227_215835.reg
C:\Users\Büro\cc_20130228_075027.reg
C:\Users\Büro\cc_20130401_094149.reg
C:\Users\Büro\cc_20130629_094808.reg
C:\Users\Büro\cc_20131123_082052.reg
C:\Users\Büro\cc_20131202_102624.reg
C:\Users\Büro\cc_20140311_183757.reg
C:\Users\Büro\cc_20140409_100251.reg
C:\Users\Büro\cc_20140507_103405.reg
C:\Users\Büro\cc_20140516_074652.reg
C:\Users\Büro\cc_20140516_075645.reg
C:\Users\Büro\cc_20140522_085328.reg


Some content of TEMP:
====================
C:\Users\Büro\AppData\Local\temp\i4jdel0.exe
C:\Users\HAL9000\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-16 07:16] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---
Alt 23.05.2014, 10:47   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Rechner lahm / Virenbefall? - Standard

Rechner lahm / Virenbefall?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Rechner lahm / Virenbefall?
administrator, anti-malware, autostart, bösartige, erfolgreich, gelöscht, loader, malwarebytes, pup.optional.installcore.a, pup.optional.oneclickdownloader.a, pup.optional.optimuminstaller.a, pup.optional.softonic, pup.optional.softonic.a, pup.optional.sweetim.a, quarantäne, registrierung, service, version, verzeichnisse, virenbefall


« Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten | Windows 7 64 bit: TR/Injector.bsy.2 »


Ähnliche Themen: Rechner lahm / Virenbefall?


  1. Rechner sehr langsam nach Virenbefall
    Log-Analyse und Auswertung - 08.12.2014 (21)
  2. Windows XP - nach Virenbefall bootet Rechner nicht
    Plagegeister aller Art und deren Bekämpfung - 20.08.2014 (28)
  3. Skype legt Rechner lahm
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (0)
  4. Verdacht auf Virenbefall - Rechner ist langsamer geworden
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (6)
  5. men rechner ist voll lahm
    Netzwerk und Hardware - 24.03.2011 (2)
  6. Internat Lahm - ist der Rechner infiziert?
    Log-Analyse und Auswertung - 08.12.2010 (8)
  7. AVG-Update legt 64-Bit-Rechner lahm
    Nachrichten - 03.12.2010 (0)
  8. Rechner friert ein und Browser stürzt ab. Verdacht auf Virenbefall.
    Plagegeister aller Art und deren Bekämpfung - 28.01.2010 (2)
  9. 3 Trojaner legen 2 Rechner lahm
    Plagegeister aller Art und deren Bekämpfung - 22.01.2009 (9)
  10. werde umverklinkt und rechner lahm
    Mülltonne - 03.01.2009 (1)
  11. wormwin32netbooster legt Rechner lahm
    Plagegeister aller Art und deren Bekämpfung - 08.10.2008 (3)
  12. Rechner im Internet lahm
    Log-Analyse und Auswertung - 10.09.2008 (7)
  13. Virenbefall, mein Rechner bekommt dauernd portscans..
    Plagegeister aller Art und deren Bekämpfung - 06.09.2008 (4)
  14. rechner lahm - trotz spy- & virencheck
    Log-Analyse und Auswertung - 04.05.2007 (11)
  15. svchost.exe legt Rechner lahm
    Log-Analyse und Auswertung - 16.03.2007 (7)
  16. Rechner lahm,friert ein..Ursache?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2007 (1)
  17. Rechner lahm, und Internetverbindung unstetig :(
    Log-Analyse und Auswertung - 28.01.2007 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rechner lahm / Virenbefall? - Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.05.16.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17107 HAL9000 :: R2D2 [Administrator] 16.05.2014 08:08:57 mbam-log-2014-05-16 (08-08-57).txt Art des Suchlaufs: Quick-Scan Aktivierte - Rechner lahm / Virenbefall?...
Archiv
Du betrachtest: Rechner lahm / Virenbefall? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130