Zurück   Trojaner-Board > Web/PC > Alles rund um Windows

Alles rund um Windows: Avira wurde durch eine Gruppenrichtlinie blockiert!

Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows.

Antwort
Alt 04.06.2014, 22:52   #1
Redfire
 
Avira wurde durch eine Gruppenrichtlinie blockiert! - Standard

Problem: Avira wurde durch eine Gruppenrichtlinie blockiert!



Hallo,

ich habe seit heute ein Problem mit Avira...
Avira lässt sich nicht mehr öffnen sobald ich es zu öffnen versuche bekomme ich die Meldung
"Diese Programm wurde durch eine Gruppenrichtlinie blockiert. Weiter Informationen erhalten Sie vom Systemadministrator." Ich kann es weder öffnen, schließen oder löschen.
Habe bereits einen Scan mit Malewarebytes durchgeführt allerdings kein Ergebnis.
Ich bin der einzige der den PC verwendet.
Betriebssystem ist Windows 7 Home Premium.
Hoffe jemand kann mir bei meinem Problem helfen.

Grüße, Redfire

Alt 05.06.2014, 00:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira wurde durch eine Gruppenrichtlinie blockiert! - Standard

Avira wurde durch eine Gruppenrichtlinie blockiert! Anleitung / Hilfe



Hallo und

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 05.06.2014, 01:59   #3
Redfire
 
Avira wurde durch eine Gruppenrichtlinie blockiert! - Standard

Avira wurde durch eine Gruppenrichtlinie blockiert! Details



FRST.txt

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Andy (administrator) on ANDY-92 on 05-06-2014 02:46:30
Running from C:\Users\Andy\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-tray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Player\vmware-tray.exe [111696 2013-10-18] (VMware, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-05] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3224415824-1822940039-3898777033-1001\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe [762368 2013-07-05] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7FA529EB7E7ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 malbot.net
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\64f2gcmn.default
FF NewTab: google.com
FF Homepage: google.com
FF NetworkProxy: "ftp", "94.218.31.149"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks", "94.218.31.149"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "94.218.31.149"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\64f2gcmn.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\64f2gcmn.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: Black Youtube Theme - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\64f2gcmn.default\Extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi [2013-09-11]
FF Extension: ShowIP - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\64f2gcmn.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-09-03]
FF Extension: Stylish - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\64f2gcmn.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-09-11]
FF Extension: TabRenamizer - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\64f2gcmn.default\Extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}.xpi [2014-05-03]
FF Extension: Adblock Plus - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\64f2gcmn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-04]
FF Extension: Black Google Theme - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\64f2gcmn.default\Extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi [2013-09-03]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-09-03]

Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://google.com/"
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-12-28]
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-28]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-28]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-28]
CHR Extension: (AdBlock) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-04]
CHR Extension: (Browsershark) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbjnipjccjloncefdoknhicbnbjaefh [2013-12-28]
CHR Extension: (FVD Downloader) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-04-12]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-28]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-07-26]

==================== Services (Whitelisted) =================

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-06-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-05] (Avira Operations GmbH & Co. KG)
R2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-10] (Apache Software Foundation)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14244 2013-10-27] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe [14405200 2013-10-18] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 adp3132; C:\Windows\system32\drivers\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.)
S3 amdide64; C:\Windows\system32\drivers\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-05] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-05] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-05] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-06-05] (Avira Operations GmbH & Co. KG)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-06-13] (Etron Technology Inc)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-04-22] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [652760 2012-10-18] (Intel Corporation)
S3 ISASerial; C:\Windows\system32\drivers\ISASerial.sys [72192 2008-02-20] (Windows (R) Codename Longhorn DDK provider)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-02-14] ()
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] ()
S3 MtsHID; C:\Windows\system32\drivers\MtsHID.sys [27664 2009-07-15] (TechniSat Provide)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nvamacpi; C:\Windows\system32\drivers\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation)
S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
S3 ocz10xx; C:\Windows\system32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group, Inc.)
S1 oxpar; C:\Windows\system32\drivers\oxpar.sys [158208 2007-01-24] (OEM)
S3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [98304 2008-07-31] (OEM)
S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [72192 2008-05-22] (Windows (R) Codename Longhorn DDK provider)
S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [95744 2008-05-22] ()
S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [126464 2008-05-22] ()
S3 PPorts; C:\Windows\system32\drivers\PPorts.sys [95744 2008-02-20] ()
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation)
S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2010-04-13] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2010-04-13] (Silicon Image, Inc.)
S3 SPorts; C:\Windows\system32\drivers\SPorts.sys [124416 2008-02-20] ()
S3 StnPport; C:\Windows\system32\drivers\StnPport.sys [97280 2009-12-17] ()
S3 StnSport; C:\Windows\system32\drivers\StnSport.sys [126464 2009-11-14] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-11-13] (Anchorfree Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [210944 2012-05-30] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [261120 2012-05-30] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NmPar; \SystemRoot\system32\drivers\NmPar.sys [X]
S3 nmserial; \SystemRoot\system32\drivers\nmserial.sys [X]
S3 Oxmfuf; \SystemRoot\system32\drivers\oxmfuf.sys [X]
S3 oxser; \SystemRoot\system32\drivers\oxser.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 02:46 - 2014-06-05 02:46 - 00023789 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-06-05 02:46 - 2014-06-05 02:46 - 00000000 ____D () C:\FRST
2014-06-05 02:45 - 2014-06-05 02:45 - 02068992 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-06-05 02:33 - 2014-06-05 02:35 - 49282284 _____ () C:\Users\Andy\Desktop\Watch Dogs Exposed Trailer - E3 2013.mp4
2014-06-05 02:15 - 2014-06-05 02:15 - 00000000 ____D () C:\Users\Andy\Downloads\Red.Hot.Jam.Vol.325.JAV.Uncensored.DVDRip.x264-APX
2014-06-05 00:50 - 2014-06-05 00:50 - 00000029 _____ () C:\Users\Andy\Desktop\Avira Key.txt
2014-06-05 00:49 - 2014-06-05 00:49 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-05 00:49 - 2014-06-05 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-05 00:49 - 2014-06-05 00:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-05 00:49 - 2014-06-05 00:41 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2014-06-05 00:49 - 2014-06-05 00:41 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-05 00:49 - 2014-06-05 00:41 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2014-06-05 00:49 - 2014-06-05 00:41 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-05 00:49 - 2014-06-05 00:41 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-05 00:49 - 2014-06-05 00:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-05 00:32 - 2014-06-05 00:32 - 00227096 _____ () C:\Users\Andy\Downloads\avira13_registry_cleaner_de.exe
2014-06-05 00:14 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\system32\gpedit.msc
2014-06-05 00:11 - 2014-06-05 00:11 - 00707354 _____ () C:\Windows\unins000.exe
2014-06-05 00:11 - 2014-06-05 00:11 - 00001529 _____ () C:\Windows\unins000.dat
2014-06-05 00:11 - 2014-06-05 00:11 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2014-06-05 00:11 - 2011-04-09 16:44 - 00901344 _____ (Richard ) C:\Users\Andy\Downloads\setup.exe
2014-06-05 00:11 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2014-06-05 00:11 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\SysWOW64\gpedit.msc
2014-06-04 23:28 - 2014-06-04 23:28 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-04 23:28 - 2014-06-04 23:28 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-04 23:28 - 2014-06-04 23:28 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-04 23:28 - 2014-06-04 23:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-04 23:28 - 2014-06-04 23:28 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Local\temp
2014-06-04 23:18 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-04 23:18 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-04 23:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-04 23:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-04 23:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-04 23:18 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-04 23:18 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-04 23:18 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-04 23:14 - 2014-06-04 23:27 - 00000000 ____D () C:\Windows\erdnt
2014-06-04 23:11 - 2014-06-04 23:14 - 05205146 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-06-04 23:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-04 23:05 - 2014-06-04 23:05 - 00097406 _____ () C:\Users\Andy\Downloads\Extras.Txt
2014-06-04 23:04 - 2014-06-04 23:32 - 00126880 _____ () C:\Users\Andy\Downloads\OTL.Txt
2014-06-04 22:58 - 2014-06-04 22:58 - 01327971 _____ () C:\Users\Andy\Downloads\adwcleaner_3.211.exe
2014-06-04 22:55 - 2014-06-04 22:55 - 00602112 _____ (OldTimer Tools) C:\Users\Andy\Downloads\OTL.exe
2014-06-04 22:36 - 2014-06-04 22:36 - 00380416 _____ () C:\Users\Andy\Downloads\Gmer-19357.exe
2014-06-04 22:35 - 2014-06-04 22:35 - 00050477 _____ () C:\Users\Andy\Downloads\Defogger.exe
2014-06-04 22:35 - 2014-06-04 22:35 - 00000470 _____ () C:\Users\Andy\Downloads\defogger_disable.log
2014-06-04 22:35 - 2014-06-04 22:35 - 00000000 _____ () C:\Users\Andy\defogger_reenable
2014-06-04 22:24 - 2014-06-04 22:24 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-06-04 22:24 - 2014-06-04 22:24 - 00000000 ____D () C:\Program Files\Unlocker
2014-06-04 22:23 - 2014-06-04 22:23 - 03029032 _____ (Crystal Rich Ltd ) C:\Users\Administrator.Andy-92\Downloads\lockhuntersetup_3-1-1.exe
2014-06-04 22:23 - 2014-06-04 22:23 - 01078591 _____ () C:\Users\Administrator.Andy-92\Downloads\Unlocker1.9.2.exe
2014-06-04 22:22 - 2014-06-04 22:22 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Roaming\Mozilla
2014-06-04 22:22 - 2014-06-04 22:22 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Local\Mozilla
2014-06-04 22:22 - 2014-06-04 22:22 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Local\Macromedia
2014-06-04 22:15 - 2014-06-04 22:15 - 00003142 _____ () C:\Windows\System32\Tasks\{FC5DBE01-F720-4BE7-B377-30DF7F5D9027}
2014-06-04 22:14 - 2014-06-04 22:14 - 00002247 _____ () C:\Users\Administrator.Andy-92\Desktop\Google Chrome.lnk
2014-06-04 22:14 - 2014-06-04 22:14 - 00001421 _____ () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-04 22:14 - 2014-06-04 22:14 - 00000020 ___SH () C:\Users\Administrator.Andy-92\ntuser.ini
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Vorlagen
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Startmenü
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Netzwerkumgebung
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Lokale Einstellungen
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Eigene Dateien
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Druckumgebung
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Documents\Eigene Musik
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Documents\Eigene Bilder
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\AppData\Local\Verlauf
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\AppData\Local\Anwendungsdaten
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Anwendungsdaten
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ___RD () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ___RD () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Roaming\Macromedia
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Roaming\Adobe
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Local\Google
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\Administrator.Andy-92
2014-06-04 22:14 - 2013-07-29 11:47 - 00002116 _____ () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-06-04 22:14 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-04 22:14 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-04 21:56 - 2014-06-05 01:52 - 00000392 _____ () C:\Windows\setupact.log
2014-06-04 21:56 - 2014-06-05 00:38 - 00001790 _____ () C:\Windows\PFRO.log
2014-06-04 21:56 - 2014-06-04 21:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 20:46 - 2014-06-04 20:46 - 00003124 _____ () C:\Windows\System32\Tasks\{0D8927E1-C006-4D29-A394-CFD745ACAD82}
2014-06-03 15:45 - 2014-06-03 15:45 - 00583443 _____ () C:\Users\Andy\Downloads\XviD05_Install.exe
2014-06-03 15:45 - 2014-06-03 15:45 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XviD
2014-06-03 15:04 - 2014-06-03 15:04 - 00000000 ____D () C:\Users\Andy\apktool
2014-06-03 14:56 - 2014-06-03 15:04 - 00000000 ____D () C:\Users\Andy\Downloads\APK-Multi-Tool
2014-06-03 14:55 - 2014-06-03 14:55 - 05804387 _____ () C:\Users\Andy\Downloads\APK-Multi-Toolv1.0.11.zip
2014-06-03 13:34 - 2014-06-03 13:34 - 00000000 ____D () C:\ProgramData\Stardock
2014-06-03 13:07 - 2014-06-03 13:07 - 00000017 _____ () C:\Users\Andy\AppData\Local\resmon.resmoncfg
2014-06-03 02:06 - 2014-06-03 02:06 - 00248259 _____ () C:\Users\Andy\Downloads\tweakslogon.zip
2014-06-03 00:14 - 2014-06-03 00:14 - 00004534 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-03 00:14 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-03 00:14 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-03 00:14 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-03 00:14 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-02 19:47 - 2014-06-02 19:47 - 02170904 _____ () C:\Users\Andy\Desktop\jspy008.zip
2014-06-02 18:23 - 2014-06-02 18:23 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList
2014-06-02 18:23 - 2014-06-02 18:23 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList
2014-06-02 18:16 - 2014-06-02 18:16 - 00795217 _____ () C:\Users\Andy\Downloads\Win7LogonBackgroundChanger_1_5_2(1).zip
2014-05-15 00:25 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 00:25 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 00:25 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 00:25 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 00:25 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 00:25 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 13:58 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 13:58 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 13:58 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 13:58 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 13:57 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 13:57 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 13:57 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 13:57 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 13:57 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 13:57 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 13:57 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 13:57 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 13:57 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 13:57 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 13:57 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 13:57 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 13:57 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 13:57 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 13:57 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 13:57 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 13:57 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 13:57 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 13:57 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 13:57 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 13:57 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 13:57 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 13:57 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 13:57 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 13:57 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 13:57 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 13:57 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 13:57 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 13:57 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 13:57 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 18:05 - 2014-05-13 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
2014-05-13 18:00 - 2014-05-13 18:00 - 00000000 ____D () C:\Users\Andy\Downloads\http%3a%2f%2fmirrors.163.com%2fcygwin%2f
2014-05-13 17:58 - 2014-05-13 17:58 - 00020260 _____ () C:\Users\Andy\Downloads\setup.log.full
2014-05-13 17:58 - 2014-05-13 17:58 - 00008620 _____ () C:\Users\Andy\Downloads\setup.log

2014-05-06 23:44 - 2014-05-15 15:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-05 02:46 - 2014-06-05 02:46 - 00023789 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-06-05 02:46 - 2014-06-05 02:46 - 00000000 ____D () C:\FRST
2014-06-05 02:46 - 2013-09-03 19:04 - 00000000 ____D () C:\Users\Andy\AppData\Local\Temp
2014-06-05 02:45 - 2014-06-05 02:45 - 02068992 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-06-05 02:33 - 2013-09-04 00:36 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-06-05 02:18 - 2013-12-28 01:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 01:52 - 2014-06-04 21:56 - 00000392 _____ () C:\Windows\setupact.log
2014-06-05 01:44 - 2013-12-15 01:01 - 00000000 ____D () C:\Users\Andy\Desktop\2013
2014-06-05 01:02 - 2010-11-21 08:50 - 00767766 _____ () C:\Windows\system32\perfh007.dat
2014-06-05 01:02 - 2010-11-21 08:50 - 00175232 _____ () C:\Windows\system32\perfc007.dat
2014-06-05 01:02 - 2009-07-14 07:13 - 01813142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 00:49 - 2014-06-05 00:49 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-05 00:49 - 2014-06-05 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-05 00:49 - 2014-06-05 00:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-05 00:49 - 2013-09-03 20:43 - 00000000 ____D () C:\ProgramData\Avira
2014-06-05 00:46 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 00:46 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 00:43 - 2013-09-03 18:53 - 01179080 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 00:41 - 2014-06-05 00:49 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2014-06-05 00:41 - 2014-06-05 00:49 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-05 00:41 - 2014-06-05 00:49 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2014-06-05 00:41 - 2014-06-05 00:49 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-05 00:41 - 2014-06-05 00:49 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-05 00:41 - 2014-06-05 00:49 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-05 00:41 - 2014-03-02 23:36 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-06-05 00:39 - 2013-12-28 01:50 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 00:39 - 2013-09-03 23:41 - 00000000 ____D () C:\ProgramData\VMware
2014-06-05 00:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 00:38 - 2014-06-04 21:56 - 00001790 _____ () C:\Windows\PFRO.log
2014-06-05 00:32 - 2014-06-05 00:32 - 00227096 _____ () C:\Users\Andy\Downloads\avira13_registry_cleaner_de.exe
2014-06-05 00:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-05 00:15 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-05 00:11 - 2014-06-05 00:11 - 00707354 _____ () C:\Windows\unins000.exe
2014-06-05 00:11 - 2014-06-05 00:11 - 00001529 _____ () C:\Windows\unins000.dat
2014-06-05 00:11 - 2014-06-05 00:11 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2014-06-04 23:32 - 2014-06-04 23:04 - 00126880 _____ () C:\Users\Andy\Downloads\OTL.Txt
2014-06-04 23:28 - 2014-06-04 23:28 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-04 23:28 - 2014-06-04 23:28 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-04 23:28 - 2014-06-04 23:28 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-04 23:28 - 2014-06-04 23:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-04 23:28 - 2014-06-04 23:28 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Local\temp
2014-06-04 23:28 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-04 23:27 - 2014-06-04 23:14 - 00000000 ____D () C:\Windows\erdnt
2014-06-04 23:26 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-04 23:14 - 2014-06-04 23:11 - 05205146 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-06-04 23:05 - 2014-06-04 23:05 - 00097406 _____ () C:\Users\Andy\Downloads\Extras.Txt
2014-06-04 22:58 - 2014-06-04 22:58 - 01327971 _____ () C:\Users\Andy\Downloads\adwcleaner_3.211.exe
2014-06-04 22:55 - 2014-06-04 22:55 - 00602112 _____ (OldTimer Tools) C:\Users\Andy\Downloads\OTL.exe
2014-06-04 22:36 - 2014-06-04 22:36 - 00380416 _____ () C:\Users\Andy\Downloads\Gmer-19357.exe
2014-06-04 22:35 - 2014-06-04 22:35 - 00050477 _____ () C:\Users\Andy\Downloads\Defogger.exe
2014-06-04 22:35 - 2014-06-04 22:35 - 00000470 _____ () C:\Users\Andy\Downloads\defogger_disable.log
2014-06-04 22:35 - 2014-06-04 22:35 - 00000000 _____ () C:\Users\Andy\defogger_reenable
2014-06-04 22:35 - 2013-09-03 19:03 - 00000000 ____D () C:\Users\Andy
2014-06-04 22:24 - 2014-06-04 22:24 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-06-04 22:24 - 2014-06-04 22:24 - 00000000 ____D () C:\Program Files\Unlocker
2014-06-04 22:23 - 2014-06-04 22:23 - 01078591 _____ () C:\Users\Administrator.Andy-92\Downloads\Unlocker1.9.2.exe
2014-06-04 22:22 - 2014-06-04 22:22 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Roaming\Mozilla
2014-06-04 22:22 - 2014-06-04 22:22 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Local\Mozilla
2014-06-04 22:22 - 2014-06-04 22:22 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Local\Macromedia
2014-06-04 22:15 - 2014-06-04 22:15 - 00003142 _____ () C:\Windows\System32\Tasks\{FC5DBE01-F720-4BE7-B377-30DF7F5D9027}
2014-06-04 22:14 - 2014-06-04 22:14 - 00002247 _____ () C:\Users\Administrator.Andy-92\Desktop\Google Chrome.lnk
2014-06-04 22:14 - 2014-06-04 22:14 - 00001421 _____ () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-04 22:14 - 2014-06-04 22:14 - 00000020 ___SH () C:\Users\Administrator.Andy-92\ntuser.ini
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Vorlagen
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Startmenü
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Netzwerkumgebung
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Lokale Einstellungen
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Eigene Dateien
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Druckumgebung
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Documents\Eigene Musik
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Documents\Eigene Bilder
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\AppData\Local\Verlauf
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\AppData\Local\Anwendungsdaten
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 _SHDL () C:\Users\Administrator.Andy-92\Anwendungsdaten
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ___RD () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ___RD () C:\Users\Administrator.Andy-92\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Roaming\Macromedia
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Roaming\Adobe
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\Administrator.Andy-92\AppData\Local\Google
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\Administrator.Andy-92
2014-06-04 22:14 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-04 21:56 - 2014-06-04 21:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 20:46 - 2014-06-04 20:46 - 00003124 _____ () C:\Windows\System32\Tasks\{0D8927E1-C006-4D29-A394-CFD745ACAD82}
2014-06-04 20:38 - 2014-04-30 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-03 16:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-03 15:45 - 2014-06-03 15:45 - 00583443 _____ () C:\Users\Andy\Downloads\XviD05_Install.exe
2014-06-03 15:45 - 2014-06-03 15:45 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XviD
2014-06-03 15:45 - 2013-09-03 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-06-03 15:45 - 2013-09-03 23:05 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-06-03 15:04 - 2014-06-03 15:04 - 00000000 ____D () C:\Users\Andy\apktool
2014-06-03 15:04 - 2014-06-03 14:56 - 00000000 ____D () C:\Users\Andy\Downloads\APK-Multi-Tool
2014-06-03 14:55 - 2014-06-03 14:55 - 05804387 _____ () C:\Users\Andy\Downloads\APK-Multi-Toolv1.0.11.zip
2014-06-03 13:34 - 2014-06-03 13:34 - 00000000 ____D () C:\ProgramData\Stardock
2014-06-03 13:07 - 2014-06-03 13:07 - 00000017 _____ () C:\Users\Andy\AppData\Local\resmon.resmoncfg
2014-06-03 02:08 - 2013-09-04 00:02 - 00038912 ____H () C:\Users\Andy\Desktop\photothumb.db
2014-06-03 02:06 - 2014-06-03 02:06 - 00248259 _____ () C:\Users\Andy\Downloads\tweakslogon.zip
2014-06-03 00:14 - 2014-06-03 00:14 - 00004534 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-03 00:14 - 2013-10-19 20:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-03 00:14 - 2013-10-19 20:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 19:47 - 2014-06-02 19:47 - 02170904 _____ () C:\Users\Andy\Desktop\jspy008.zip
2014-06-02 18:23 - 2014-06-02 18:23 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList
2014-06-02 18:23 - 2014-06-02 18:23 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList
2014-06-02 18:16 - 2014-06-02 18:16 - 00795217 _____ () C:\Users\Andy\Downloads\Win7LogonBackgroundChanger_1_5_2(1).zip
2014-05-30 03:18 - 2014-05-30 03:18 - 03607567 _____ () C:\Users\Andy\Downloads\androrat-master.zip
2014-05-30 02:58 - 2013-09-05 22:41 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Audacity
2014-05-23 19:13 - 2014-04-03 20:39 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-22 14:50 - 2013-09-03 19:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 14:50 - 2013-09-03 19:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-21 17:26 - 2014-05-21 17:26 - 01868918 _____ () C:\Users\Andy\Downloads\YOURLS-1.7.zip
2014-05-20 22:45 - 2014-05-20 22:45 - 01110476 _____ () C:\Users\Andy\Downloads\7z920.exe
2014-05-17 15:01 - 2013-09-03 20:10 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Skype
2014-05-15 15:56 - 2013-09-03 19:04 - 00000000 ___RD () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 15:56 - 2013-09-03 19:04 - 00000000 ___RD () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 15:53 - 2014-05-06 23:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 00:25 - 2013-09-09 14:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 00:24 - 2013-09-09 14:24 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 18:05 - 2014-05-13 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
2014-05-13 18:05 - 2014-05-13 17:56 - 00000000 ____D () C:\cygwin64
2014-05-13 18:00 - 2014-05-13 18:00 - 00000000 ____D () C:\Users\Andy\Downloads\http%3a%2f%2fmirrors.163.com%2fcygwin%2f
2014-05-13 17:58 - 2014-05-13 17:58 - 00020260 _____ () C:\Users\Andy\Downloads\setup.log.full
2014-05-13 17:58 - 2014-05-13 17:58 - 00008620 _____ () C:\Users\Andy\Downloads\setup.log
2014-05-12 22:56 - 2014-05-12 22:56 - 02927432 _____ () C:\Users\Andy\Downloads\FOCA_3.0.zip
2014-05-10 02:29 - 2014-05-03 02:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 01:57 - 2013-10-09 19:42 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\VMware
2014-05-10 01:57 - 2013-10-09 19:42 - 00000000 ____D () C:\Users\Andy\AppData\Local\VMware
2014-05-09 23:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-05-09 21:13 - 2013-12-28 01:50 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 21:13 - 2013-12-28 01:50 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 18:12 - 2014-05-09 18:12 - 00345644 _____ () C:\Users\Andy\Downloads\Version.1.42-master.zip
2014-05-09 18:01 - 2014-05-09 18:01 - 00759808 _____ (rejetto) C:\Users\Andy\Downloads\hfs23.exe
2014-05-09 10:49 - 2014-05-09 10:49 - 00632517 _____ () C:\Users\Andy\Downloads\Logo.zip
2014-05-09 08:14 - 2014-05-14 13:58 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 13:58 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 15:02 - 2014-06-03 00:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-07 14:59 - 2014-06-03 00:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-07 14:59 - 2014-06-03 00:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-07 14:58 - 2014-06-03 00:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-06 18:29 - 2014-05-06 17:18 - 3138715648 _____ () C:\Users\Andy\Desktop\kali-linux-1.0.6-amd64.iso
2014-05-06 06:40 - 2014-05-15 00:25 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 00:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 00:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 00:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-03 16:17

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Addition.txt
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Andy at 2014-06-05 02:46:51
Running from C:\Users\Andy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AnalogX Proxy (HKLM-x32\...\AnalogX Proxy_is1) (Version: 4.15 - AnalogX, LLC)
Apache HTTP Server 2.2.25 (HKLM-x32\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.25 - Apache Software Foundation)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.31141 - BitTorrent Inc.)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Brother MFL-Pro Suite MFC-J220 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.398 - Softland)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.32.1230 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
JavaScript Tooling (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Advertising SDK for Windows 8.1 - ENU (x32 Version: 8.1.30809.0 - Microsoft Corporation) Hidden
Microsoft Advertising Service Extension for Visual Studio (x32 Version: 12.0.30809.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (x32 Version: 4.0.20716.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU (x32 Version: 5.0.11001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20716.0 - Microsoft Corporation) Hidden
Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Microsoft Exchange Web Services Managed API 2.0 (x32 Version: 15.0.516.14 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Identity Extensions (Version: 2.0.1459.0 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 Core (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 v4.0 Tools (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 v4.0 ToolsRes - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch v4.0 SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio 2013 (x32 Version: 2.7.40911.287 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) - ENU Language Pack (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 12.0.21005.01 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (x32 Version: 12.0.21005.01 - Microsoft Corporation) Hidden
Microsoft Report Viewer Add-On for Visual Studio 2013 (x32 Version: 11.1.3366.16 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio ENU Language Pack (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Team Foundation Server 2013 Object Model (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  ARM Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Native Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Native Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-arm Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-arm Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-x86 Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-x86 Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013  x64 Designtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 32bit Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Extended Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40825 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Devenv (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Devenv Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Performance Collection Tools - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Performance Collection Tools (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Preparation (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Profiling Tools (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 VsGraphics Helper Dependencies (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{6dff50d0-3bc3-4a92-b724-bf6d6a99de4f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Developer Tools 2013 - Visual Studio 2013 (x32 Version: 2.0.40926.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MySQL Connector C++ 1.1.3 (HKLM\...\{5C7A1ED6-DC5F-4017-B363-3E80644B4BD0}) (Version: 1.1.3 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{6444BBDA-25B5-41E9-8FDB-6C6A57C7A797}) (Version: 5.1.25 - Oracle Corporation)
MySQL Connector Net 6.7.4 (HKLM-x32\...\{D6952EDA-6AC4-4480-A060-BD6025B15BAD}) (Version: 6.7.4 - Oracle)
MySQL Connector/ODBC 5.2 64bit (community edition) (HKLM\...\{D8053A16-A50E-401C-B162-18119EB7CC33}) (Version: 5.2.5 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{4C102489-D4F3-4324-B573-0802120B1D80}) (Version: 5.6.13 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{7FC20482-AE94-4DF1-90C1-09EDEC416970}) (Version: 5.6.13 - Oracle Corporation)
MySQL Installer (HKLM-x32\...\{D8BAC677-5CCD-49FA-BF7D-21F65AB0EE0E}) (Version: 1.3.2.0 - Oracle Corporation)
MySQL Notifier 1.1.4 (HKLM-x32\...\{D7C3E617-EB02-47B3-8D0E-BF3E00D873D5}) (Version: 1.1.4 - Oracle)
MySQL Server 5.6 (HKLM\...\{0B9D4C33-AC1B-4973-B754-FE9EAB03D327}) (Version: 5.6.13 - Oracle Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{48A9B9DD-66B9-4846-AA7C-825A5729B643}) (Version: 5.2.47 - Oracle Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python 3.3.3 (HKLM-x32\...\{39b6eb84-331c-3657-ad2e-837537ddf04f}) (Version: 3.3.3150 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
tools-freebsd (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-netware (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual F# 3.1 SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual F# 3.1 VS (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2013 Prerequisites - ENU Language Pack (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2013 Prerequisites (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.9600.16408 - Microsoft Corporation) Hidden
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.1 - VMware, Inc)
VMware Workstation (Version: 10.0.1 - VMware, Inc.) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows App Certification Kit Native Components (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Azure Mobile Services SDK (x32 Version: 1.0.10815.0 - Microsoft Corporation) Hidden
Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0 (x32 Version: 1.0.60906.1602 - Microsoft Corporation) Hidden
Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0 (x32 Version: 1.0.10829.1601 - Microsoft Corporation) Hidden
Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1 (x32 Version: 2.1.10909.1601 - Microsoft) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Runtime Intellisense Content - en-us (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (Version: 11.0.51106 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.48-9 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.48.9 - HTTrack)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
XviD MPEG-4 Codec (HKLM-x32\...\XviD) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Restore Points  =========================

04-06-2014 21:18:34 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-01-07 00:22 - 00000849 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 malbot.net

==================== Scheduled Tasks (whitelisted) =============

Task: {34DD21C3-77B3-4DCB-ADD1-4A27699BAFFD} - System32\Tasks\{672A651F-C892-492C-A937-0B30750FAB7D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.13.0.104/de/abandoninstall?page=tsMain
Task: {3FDCCB14-C808-495A-BE3B-0FFE7C02BD32} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-02] ()
Task: {869F83C5-D60E-417E-A28A-4F5F3789B434} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.)
Task: {ABDA3984-AEA9-42BF-A80A-8B15B34CDC88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {DAFED42B-6F3F-4E10-95FD-A908F55EB125} - System32\Tasks\{0F4E3432-460E-470A-9F35-E324CBB2407B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/abandoninstall?page=tsPlugin
Task: {DD93249B-3873-4D3D-A432-443243433880} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-07-10 19:59 - 2013-07-10 19:59 - 12897792 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
2013-10-18 13:10 - 2013-10-18 13:10 - 14405200 _____ () C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe
2013-04-03 14:17 - 2013-03-09 04:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-10-18 13:46 - 2013-10-18 13:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-09-04 22:30 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-05-03 15:25 - 2014-05-10 02:29 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2014 00:40:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 00:39:20 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.120 for ServerName     .

Error: (06/05/2014 00:37:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 00:23:03 AM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft Word: Rejected Safe Mode action : Word hat festgestellt, dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Word.

Error: (06/04/2014 11:36:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 11:35:16 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.120 for ServerName     .

Error: (06/04/2014 11:10:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 11:08:42 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.120 for ServerName     .

Error: (06/04/2014 10:54:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 10:53:16 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.120 for ServerName     .


System errors:
=============
Error: (06/05/2014 00:37:39 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (06/05/2014 00:37:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/05/2014 00:36:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/05/2014 00:36:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/05/2014 00:36:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/05/2014 00:36:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/05/2014 00:36:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/05/2014 00:36:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/05/2014 00:36:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/05/2014 00:36:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (06/05/2014 00:40:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 00:39:20 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.120 for ServerName

Error: (06/05/2014 00:37:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 00:23:03 AM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft WordWord hat festgestellt, dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus starten?

Error: (06/04/2014 11:36:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 11:35:16 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.120 for ServerName

Error: (06/04/2014 11:10:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 11:08:42 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.120 for ServerName

Error: (06/04/2014 10:54:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 10:53:16 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.2.120 for ServerName


CodeIntegrity Errors:
===================================
  Date: 2014-06-05 02:46:04.912
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 02:46:03.379
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 02:45:56.477
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 02:38:22.067
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 02:33:48.519
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 02:33:47.839
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 02:26:01.051
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 02:25:30.037
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 02:25:17.218
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 02:25:16.849
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 8114.92 MB
Available physical RAM: 5428.94 MB
Total Pagefile: 16228.02 MB
Available Pagefile: 13126.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:97.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:857.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DFCFAFE0)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

Danke für die schnelle antwort und hilfe!
__________________

Alt 05.06.2014, 09:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira wurde durch eine Gruppenrichtlinie blockiert! - Standard

Lösung: Avira wurde durch eine Gruppenrichtlinie blockiert!



Zitat:
2014-06-04 23:11 - 2014-06-04 23:14 - 05205146 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
Wer hat dich instruiert Combofix zu laden?
Warum verlierst du kein Wort darüber, wo ist das Log dazu?

Zitat:
C:\Windows\System32\Tasks\AutoKMS
Ist ein Office-Crack

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.06.2014, 10:53   #5
Redfire
 
Avira wurde durch eine Gruppenrichtlinie blockiert! - Standard

Wie Avira wurde durch eine Gruppenrichtlinie blockiert!



Combofix Logfile:
Code:
ATTFilter
ComboFix 14-06-04.01 - Andy 05.06.2014  11:35:31.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8115.5691 [GMT 2:00]
ausgeführt von:: c:\users\Andy\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-05 bis 2014-06-05  ))))))))))))))))))))))))))))))
.
.
2014-06-05 09:40 . 2014-06-05 09:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-05 09:40 . 2014-06-05 09:40	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-06-05 00:46 . 2014-06-05 00:47	--------	d-----w-	C:\FRST
2014-06-04 22:11 . 2014-06-04 22:11	--------	d-----w-	c:\windows\SysWow64\GPBAK
2014-06-04 22:11 . 2008-04-14 00:11	295936	----a-w-	c:\windows\SysWow64\appmgr.dll
2014-06-04 22:11 . 2014-06-04 22:11	707354	----a-w-	c:\windows\unins000.exe
2014-06-04 21:06 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-06-04 20:24 . 2014-06-04 20:24	--------	d-----w-	c:\program files\Unlocker
2014-06-04 20:14 . 2014-06-04 20:14	--------	d-----w-	c:\users\Administrator.Andy-92
2014-06-03 13:04 . 2014-06-03 13:04	--------	d-----w-	c:\users\Andy\apktool
2014-06-03 11:34 . 2014-06-03 11:34	--------	d-----w-	c:\programdata\Stardock
2014-06-02 22:14 . 2014-06-02 22:14	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-06-02 22:14 . 2014-05-07 13:02	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-02 16:23 . 2014-06-02 16:23	--------	d-sh--w-	c:\users\Andy\AppData\Local\EmieUserList
2014-06-02 16:23 . 2014-06-02 16:23	--------	d-sh--w-	c:\users\Andy\AppData\Local\EmieSiteList
2014-06-01 22:13 . 2014-06-01 22:13	--------	d-----w-	c:\program files (x86)\WinHTTrack
2014-05-14 22:25 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-14 22:25 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-14 22:25 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-14 22:25 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-14 11:58 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-05-14 11:58 . 2014-05-09 06:14	477184	----a-w-	c:\windows\system32\aepdu.dll
2014-05-14 11:58 . 2014-05-09 06:11	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-13 15:56 . 2014-05-13 16:05	--------	d-----w-	C:\cygwin64
2014-05-06 21:44 . 2014-05-15 13:53	--------	d-s---w-	c:\windows\system32\CompatTel
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-22 12:50 . 2013-09-03 17:03	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-22 12:50 . 2013-09-03 17:03	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 22:24 . 2013-09-09 12:24	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-04-23 16:11 . 2014-04-23 16:11	2784960	----a-w-	c:\programdata\Microsoft\VisualStudio\12.0\1033\ResourceCache.dll
2014-04-15 19:08 . 2014-04-15 19:08	1139040	----a-w-	c:\programdata\Microsoft\WDExpress\12.0\1031\ResourceCache.dll
2014-03-19 13:11 . 2014-04-03 18:07	25888	----a-w-	c:\windows\system32\dopdfmn7.dll
2014-03-19 13:11 . 2014-04-03 18:07	21280	----a-w-	c:\windows\system32\dopdfmi7.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySQL Notifier"="c:\program files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe" [2013-07-05 762368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Player\vmware-tray.exe" [2013-10-18 111696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2013-7-10 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisplayLastLogonInfo"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 oxpar;OX16PCI95x Parallel port driver;c:\windows\system32\drivers\oxpar.sys;c:\windows\SYSNATIVE\drivers\oxpar.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 adp3132;adp3132;c:\windows\system32\drivers\adp3132.sys;c:\windows\SYSNATIVE\drivers\adp3132.sys [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x]
R3 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x]
R3 amdide64;amdide64;c:\windows\system32\drivers\amdide64.sys;c:\windows\SYSNATIVE\drivers\amdide64.sys [x]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x]
R3 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys;c:\windows\SYSNATIVE\drivers\FLxHCIc.sys [x]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys;c:\windows\SYSNATIVE\drivers\FLxHCIh.sys [x]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
R3 iaStorS;iaStorS;c:\windows\system32\drivers\iaStorS.sys;c:\windows\SYSNATIVE\drivers\iaStorS.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ISASerial;PCIe-ISA Communication Port;c:\windows\system32\drivers\ISASerial.sys;c:\windows\SYSNATIVE\drivers\ISASerial.sys [x]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x]
R3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys;c:\windows\SYSNATIVE\drivers\MtsHID.sys [x]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys;c:\windows\SYSNATIVE\drivers\mv91cons.sys [x]
R3 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys;c:\windows\SYSNATIVE\drivers\mv91xx.sys [x]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys;c:\windows\SYSNATIVE\drivers\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\nmserial.sys;c:\windows\SYSNATIVE\drivers\nmserial.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\drivers\NVAMACPI.sys;c:\windows\SYSNATIVE\drivers\NVAMACPI.sys [x]
R3 ocz10xx;ocz10xx;c:\windows\system32\drivers\ocz10xx.sys;c:\windows\SYSNATIVE\drivers\ocz10xx.sys [x]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys;c:\windows\SYSNATIVE\drivers\oxmfuf.sys [x]
R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys;c:\windows\SYSNATIVE\drivers\OxPPort.sys [x]
R3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys;c:\windows\SYSNATIVE\drivers\oxser.sys [x]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\drivers\PciIsaSerial.sys;c:\windows\SYSNATIVE\drivers\PciIsaSerial.sys [x]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys;c:\windows\SYSNATIVE\drivers\PciPPorts.sys [x]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys;c:\windows\SYSNATIVE\drivers\PciSPorts.sys [x]
R3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\drivers\PPorts.sys;c:\windows\SYSNATIVE\drivers\PPorts.sys [x]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys;c:\windows\SYSNATIVE\drivers\rusb3hub.sys [x]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys;c:\windows\SYSNATIVE\drivers\rusb3xhc.sys [x]
R3 Si3124r5;Si3124r5;c:\windows\system32\drivers\Si3124r5.sys;c:\windows\SYSNATIVE\drivers\Si3124r5.sys [x]
R3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\drivers\SPorts.sys;c:\windows\SYSNATIVE\drivers\SPorts.sys [x]
R3 StnPport;PCIe to Multi Mode Parallel Port;c:\windows\system32\drivers\StnPport.sys;c:\windows\SYSNATIVE\drivers\StnPport.sys [x]
R3 StnSport;PCIe to High Speed Serial Port;c:\windows\system32\drivers\StnSport.sys;c:\windows\SYSNATIVE\drivers\StnSport.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
R3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\drivers\ViaHub3.sys;c:\windows\SYSNATIVE\drivers\ViaHub3.sys [x]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\drivers\xhcdrv.sys;c:\windows\SYSNATIVE\drivers\xhcdrv.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [x]
S2 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Player\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Player\vmware-hostd.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-20 23:21	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-27 23:50]
.
2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-27 23:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\64f2gcmn.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-05  11:42:09
ComboFix-quarantined-files.txt  2014-06-05 09:42
.
Vor Suchlauf: 15 Verzeichnis(se), 105.346.494.464 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 105.268.617.216 Bytes frei
.
- - End Of File - - 69045B90AD8CB8CF1919A3F43BE4DDEE
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

[/CODE]

Ich habe Combofix benutzt da ich versuchte es nach dieser Anleitung zu löschen bevor ich meinen eigenen Post machte... http://www.trojaner-board.de/135521-...an-fakems.html

Desweiteren habe ich versucht Avira im gesicherten Modus zu löschen was mir auch gelang... jedoch bei einer neu Installation bekomme ich dann wieder die gleiche Meldung...
Kann es dann wieder nicht öffnen da durch Gruppenrichtlinie blockiert wird.


Alt 05.06.2014, 13:16   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira wurde durch eine Gruppenrichtlinie blockiert! - Standard

Wo Avira wurde durch eine Gruppenrichtlinie blockiert! Lösung!



Du hast den Hinweis zum Office Crack gelesen und zur Kenntnis genommen? Wenn ja, solltest du ja wissen wie es weitergeht
__________________
--> Avira wurde durch eine Gruppenrichtlinie blockiert!

Antwort

Themen zu Avira wurde durch eine Gruppenrichtlinie blockiert!
avira, bereits, blockiert, durchgeführt, einzige, erhalte, erhalten, gruppenrichtlinie, gruppenrichtlinie blockiert, heute, home, informationen, malewarebytes, meldung, nicht mehr, problem, programm, scan, schließe, schließen, sobald, versuche, windows, windows 7, windows 7 home, öffnen




Ähnliche Themen: Avira wurde durch eine Gruppenrichtlinie blockiert!


  1. Avira: Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 18.01.2015 (33)
  2. Avira Meldung: Dieses Programm wurde durch eine Gruppenrichtlinie blockiert...
    Log-Analyse und Auswertung - 29.11.2014 (11)
  3. Avira Pro - "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator."
    Plagegeister aller Art und deren Bekämpfung - 15.11.2014 (22)
  4. Avira - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 18.10.2014 (3)
  5. Bei Avira - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Mülltonne - 23.09.2014 (1)
  6. Bitte Hilfe! Avira - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 18.09.2014 (9)
  7. Avira Antivir dieses programm wurde durch eine gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.09.2014 (1)
  8. Avira läuft nicht - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 16.08.2014 (39)
  9. 2x Avira wurde durch eine Gruppenrichtlinie blockiert. Was soll ich tuhen?
    Mülltonne - 27.07.2014 (2)
  10. Avira wurde durch eine Gruppenrichtlinie blockiert. Was soll ich machen?
    Log-Analyse und Auswertung - 27.07.2014 (1)
  11. Avira: Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (15)
  12. Avira - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 05.07.2014 (5)
  13. Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 25.06.2014 (17)
  14. Avira - dieses programm wurde durch eine gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 05.06.2014 (15)
  15. Virus / Trojaner blockiert Avira "...wurde durch eine Gruppenrichtlinie blockiert"
    Log-Analyse und Auswertung - 20.03.2014 (7)
  16. avira: dieses programm wurde durch eine gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 13.12.2013 (9)
  17. avira: dieses programm wurde durch eine gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 03.12.2013 (11)

Zum Thema Avira wurde durch eine Gruppenrichtlinie blockiert! - Hallo, ich habe seit heute ein Problem mit Avira... Avira lässt sich nicht mehr öffnen sobald ich es zu öffnen versuche bekomme ich die Meldung "Diese Programm wurde durch eine - Avira wurde durch eine Gruppenrichtlinie blockiert!...
Archiv
Du betrachtest: Avira wurde durch eine Gruppenrichtlinie blockiert! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.