Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Antivir durch Gruppenrichtlinie blockiert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 19.06.2014, 14:12   #1
max89
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Hallo, vor etwa 2 Wochen habe ich festgestellt, dass mein Antivir sich nicht mehr starten lässt. Wenn ich versuche die .exe auszuführen kommt immer die Meldung "Avira wurde durch eine Gruppenrichtlinie blockiert". Ich habe versucht es zu deinstallieren, was aber nicht funktioniert, es kommt die Meldung, dass ich Admin Rechte brauche um es zu deinstallieren.
Ich vermute, dass ich mir im Copyshop einen Trojaner eingefangen habe, da auf meinem usb stick plötzlich alle Dateien durch Verknüpfungen ersetzt worden sind, und ich dummerweise auf einige draufgeklickt habe... Naja ich hoffe ihr könnt mir weiterhelfen, vielen Dank schonmal im Voraus! Anbei die Logfiles.
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by loswochos (administrator) on LOSWOCHOS-PC on 19-06-2014 14:39:24
Running from C:\Users\loswochos\Downloads\trojaner board
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dropbox, Inc.) C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
( ) C:\Users\loswochos\Downloads\Miranda\miranda64.exe
() C:\Users\loswochos\Downloads\trojaner board\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-31] ()
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [OdjuHlomo] => regsvr32.exe "
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\MountPoints2: {d271fda5-74c5-11e0-8522-665544336040} - G:\Startme.exe
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
BootExecute: autocheck autochk * sdnclean64.exelsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48D946F0E691CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{19902E11-779E-4975-ACCA-397C9EC695E6}: [NameServer]141.30.207.2

FireFox:
========
FF ProfilePath: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\loswochos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Forecastfox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF Extension: Flashblock - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-25]
FF Extension: DownloadHelper - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-06]
FF Extension: SearchPreview - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-22]
FF Extension: Ghostery - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]
FF Extension: Quick Note - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack.xpi [2012-08-14]
FF Extension: ScrollyFox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scrollyfox@shawfiresolutions.com.au.xpi [2013-04-21]
FF Extension: Scroll to Top/Bottom - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2012-08-12]
FF Extension: Status-4-Evar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\status4evar@caligonstudios.com.xpi [2014-06-19]
FF Extension: Scientific Calculator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ststusscicalc@sunny.xpi [2012-07-18]
FF Extension: TinyURL Generator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-01-13]
FF Extension: Trafficanzeige - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\traffic@anzeige3.xpi [2013-01-21]
FF Extension: YouTube to MP3 - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-06-30]
FF Extension: Stop Autoplay - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2014-05-22]
FF Extension: AniWeather - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2011-05-02]
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2012-07-23]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2011-05-02]
FF Extension: Adblock Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-24]
FF Extension: Download Statusbar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-24]
FF Extension: DownThemAll! - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-14]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2014-05-13] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2014-05-13] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB)
S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-19 14:39 - 2014-06-19 14:39 - 00000000 ____D () C:\FRST
2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 14:33 - 2014-06-19 14:39 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-19 10:02 - 2014-06-19 10:02 - 00000022 _____ () C:\Windows\S.dirmngr
2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 09:17 - 2014-06-19 10:02 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-17 20:51 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-17 20:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-17 20:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-17 20:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-17 20:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-17 20:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-17 20:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-17 20:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-17 20:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-17 20:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-17 20:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-17 20:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-17 20:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-17 20:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-17 20:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-17 20:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-17 20:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-17 20:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-17 20:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-17 20:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-17 20:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-17 20:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-17 20:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-17 20:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-17 20:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-17 20:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-17 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-17 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-17 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-17 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-17 20:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-17 20:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-17 20:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-17 20:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-17 20:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-17 20:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-17 20:10 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-17 20:10 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-17 20:10 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-17 20:10 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-17 20:10 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-17 20:10 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-17 20:10 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-17 20:10 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-17 20:10 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-17 20:10 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-17 20:10 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-17 20:10 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-17 20:10 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-17 20:10 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-17 20:10 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-17 20:10 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-17 20:10 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-17 20:10 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-17 20:10 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-17 20:10 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-17 20:10 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-17 20:10 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-17 20:10 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-17 20:10 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-17 20:10 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-17 20:10 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-17 20:10 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 22:50 - 2014-06-19 14:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 22:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 22:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 22:49 - 2014-06-10 22:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:44 - 2014-06-17 19:43 - 00002612 _____ () C:\Windows\PFRO.log
2014-06-10 22:42 - 2014-06-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 13:48 - 2014-06-19 10:02 - 00000560 _____ () C:\Windows\setupact.log
2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:28 - 2014-06-19 14:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 12:50 - 2014-06-09 12:56 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-07 20:07 - 2014-06-07 20:09 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 20:07 - 2014-06-07 20:09 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 20:05 - 2014-06-07 20:07 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 18:02 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 18:01 - 2014-06-07 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 13:33 - 2014-06-11 04:13 - 00000000 ____D () C:\AdwCleaner
2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 15:04 - 2014-06-06 18:10 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk

==================== One Month Modified Files and Folders =======

2014-06-19 14:39 - 2014-06-19 14:39 - 00000000 ____D () C:\FRST
2014-06-19 14:39 - 2014-06-19 14:33 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 14:38 - 2011-04-23 15:43 - 00000000 ____D () C:\Users\loswochos
2014-06-19 14:31 - 2014-06-10 22:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 14:23 - 2014-06-10 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 13:47 - 2012-11-10 13:58 - 00000000 ____D () C:\Users\loswochos\Downloads\Tor Browser
2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-19 11:39 - 2011-04-23 15:43 - 01706396 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 10:36 - 2012-12-31 13:06 - 00000000 ____D () C:\Users\loswochos\AppData\Local\PMB Files
2014-06-19 10:10 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 10:10 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 10:06 - 2014-05-03 11:37 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\DropboxMaster
2014-06-19 10:06 - 2012-08-30 17:27 - 00000000 ___RD () C:\Users\loswochos\Dropbox
2014-06-19 10:06 - 2012-08-30 17:17 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Dropbox
2014-06-19 10:02 - 2014-06-19 10:02 - 00000022 _____ () C:\Windows\S.dirmngr
2014-06-19 10:02 - 2014-06-18 09:17 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-19 10:02 - 2014-06-10 13:48 - 00000560 _____ () C:\Windows\setupact.log
2014-06-19 10:02 - 2014-05-14 10:42 - 00011158 _____ () C:\aaw7boot.log
2014-06-19 10:02 - 2012-05-14 16:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 10:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 19:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 09:26 - 2014-06-17 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-18 00:54 - 2013-08-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-18 00:51 - 2011-04-23 17:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-18 00:50 - 2011-04-23 16:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-18 00:48 - 2014-04-23 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-17 20:05 - 2014-05-16 12:02 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-06-17 20:05 - 2014-05-16 12:02 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-06-17 19:43 - 2014-06-10 22:44 - 00002612 _____ () C:\Windows\PFRO.log
2014-06-11 04:15 - 2011-07-30 12:54 - 00000000 ____D () C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP
2014-06-11 04:13 - 2014-05-23 13:33 - 00000000 ____D () C:\AdwCleaner
2014-06-10 23:10 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\KeePass
2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 22:50 - 2014-06-10 22:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:48 - 2014-06-10 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 22:16 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-06-10 22:16 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-06-10 22:16 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 16:46 - 2011-04-26 13:01 - 00000000 ___RD () C:\Users\loswochos\Desktop\Programme
2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:43 - 2012-04-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 13:28 - 2012-05-13 20:18 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-10 13:28 - 2011-05-28 11:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 14:54 - 2013-11-08 02:07 - 00000000 ____D () C:\Users\loswochos\AppData\Local\Arma 3
2014-06-09 12:56 - 2014-06-09 12:50 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-09 00:02 - 2011-06-07 22:41 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\vlc
2014-06-08 11:13 - 2014-06-17 20:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-17 20:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 20:09 - 2014-06-07 20:07 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 20:09 - 2014-06-07 20:07 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 20:07 - 2014-06-07 20:05 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 18:03 - 2014-06-07 18:02 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 18:02 - 2014-06-07 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-06-06 18:10 - 2014-05-22 15:04 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk
2014-05-30 16:58 - 2011-09-29 18:30 - 00000000 ____D () C:\ProgramData\Origin
2014-05-30 16:57 - 2011-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-30 12:21 - 2014-06-17 20:10 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-17 20:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-17 20:10 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-17 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-17 20:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-17 20:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-17 20:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-17 20:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-17 20:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-17 20:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-17 20:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-17 20:10 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-17 20:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-17 20:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-17 20:10 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-17 20:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-17 20:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-17 20:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-17 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-17 20:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-17 20:10 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-17 20:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-17 20:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-17 20:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-17 20:10 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-17 20:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-17 20:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-17 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-17 20:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-17 20:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-17 20:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-17 20:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-17 20:10 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-17 20:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-17 20:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-17 20:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-17 20:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-17 20:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-17 20:10 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-17 20:10 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-17 20:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-17 20:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-17 20:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-17 20:10 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-17 20:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-17 20:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-17 20:10 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-17 20:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-17 20:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-17 20:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 12:17 - 2012-08-30 17:22 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 16:44 - 2014-01-19 23:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-23 14:27 - 2011-04-24 12:07 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-23 14:27 - 2011-04-23 15:45 - 00001003 _____ () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 21:11 - 2014-05-13 21:20 - 00004894 _____ () C:\Users\loswochos\Documents\NeueDatenbank.kdbx
2014-05-22 13:12 - 2014-01-20 00:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 13:12 - 2014-01-20 00:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\loswochos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1koyzf.dll
C:\Users\loswochos\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 19:00

==================== End Of Log ============================
         
Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by loswochos at 2014-06-19 14:40:52
Running from C:\Users\loswochos\Downloads\trojaner board
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Lavasoft Ad-Watch Live! Anti-Virus (Enabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}

==================== Installed Programs ======================

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
Ad-Aware (HKLM-x32\...\{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}) (Version: 9.6.0 - Lavasoft Limited)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
AMD Accelerated Video Transcoding (Version: 13.20.100.30723 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0723.1944.33607 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{E9897E08-46FA-A07E-B332-1515AAB356F4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0723.1944.33607 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80723.2017 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.13 - Advanced Micro Devices, Inc.) Hidden
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version:  - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version:  - )
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AxCrypt 1.7.2867.0 (HKLM\...\{C8118019-96B5-42FB-9A45-5D82D1CB62EE}) (Version: 1.7.2867.0 - Axantum Software AB)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.5.0.0 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version:  - )
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30265 - BitTorrent Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
calibre 64bit (HKLM\...\{8CDE6A53-B721-407E-B59B-9E9E9605BF23}) (Version: 1.39.0 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0723.1944.33607 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0723.1944.33607 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0723.1944.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0723.1943.33607 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0723.1944.33607 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - )
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Edna and Harvey - The Breakout (HKLM-x32\...\Edna and Harvey - The Breakout) (Version: 1.0 - Lace Mamba)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social Software AB)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
FarCry 3 Version 1.01 (HKLM-x32\...\{DBEFF20C-6386-4AF7-A5D4-C0B48C10A9C7}_is1) (Version: 1.01 - Ubisoft)
Free YouTube Download 3 version 3.0.12.804 (HKLM-x32\...\Free YouTube Download 3_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.3 - Ellora Assets Corporation)
GIGA F-Tasten v6.0 (HKLM-x32\...\GIGA F-Tasten_is1) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 1.4.14 - Free Software Foundation)
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - )
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Kurso de Esperanto 4 (HKLM-x32\...\{021F206C-3243-420E-9F0B-82639583E425}_is1) (Version: 4.0.2 - Esperanto)
Lexicon Lambda Driver (HKCU\...\Lexicon Lambda Driver) (Version:  - Lexicon)
Lexicon Lambda Driver (Version: 2.6 - Lexicon) Hidden
Lexicon Pantheon VST Plug-in (remove only) (HKLM-x32\...\LexiconStudio) (Version:  - )
Live 8.0.1 (HKLM-x32\...\Live 8.0.1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
Men of War Gold Edition (Nur entfernen) (HKLM-x32\...\{3F987BF0-061B-4395-9F6D-0E7C9E4F7107}_is1) (Version: 1.0 - 1C Company)
Men of War: Vietnam (Remove Only) (HKLM-x32\...\{C9935C7E-ED44-427D-B8DF-39E2ACF1AA6A}_is1) (Version: 1.0.0.0 - 1C Company)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MP3-Tag-Editor 3.14.0 (HKLM-x32\...\{DB363BBA-6375-4306-85F9-528CD666FC30}) (Version: 3.14.0 - Gisbert Müller)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Netzwerkhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Netg) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.3 - Frank Heindörfer, Philip Chinery)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.195.0 - Tracker Software Products Ltd.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Simple Shutdown Timer (HKLM-x32\...\Simple Shutdown Timer1.1.2) (Version: 1.1.2 - PcWinTech.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version:  - Unreal Software)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Walking Dead (c) 3 version 1 (HKLM-x32\...\The Walking Dead (c) 3_is1) (Version: 1 - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraISO Premium V9.12 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universal Document Converter (Demo) (HKLM-x32\...\Universal Document Converter_is1) (Version: 5.6 - fCoder Group, Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
XMedia Recode Version 3.1.2.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.2.0 - XMedia Recode)
X-Men Origins - Wolverine(TM) (HKLM-x32\...\InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}) (Version: 1.00.0000 - Activision)

==================== Restore Points  =========================

31-05-2014 12:51:17 Geplanter Prüfpunkt
07-06-2014 16:00:38 Installed calibre 64bit
17-06-2014 22:47:00 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {06065DC8-3DD7-41DD-850D-BE3D1DA605C4} - System32\Tasks\{B413FDC4-2F34-4DA4-8F3F-AEB4AC081943} => I:\Games\WWP\wwp.exe
Task: {31A45A06-6897-474E-95E8-4F6E63E17988} - System32\Tasks\{8AAAD577-3110-4550-AE86-D9646726F488} => I:\games\Mechwarrior Vengeance\MW4Mercs.exe
Task: {52376F33-A190-44F4-8C48-54B0DC97210B} - System32\Tasks\{DA438B20-1B6B-4171-86DD-398B4943E532} => I:\games\Revenant\Revenant.exe
Task: {84B36F51-C141-4343-ADD0-BB5B9588DCDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-10] (Adobe Systems Incorporated)
Task: {87EA503F-C81E-48A8-AF42-EBEBC239CB35} - System32\Tasks\{1B27E28A-77C8-4FE9-ADEE-3FEC06528FC2} => G:\Games\OfficialCnCTiberianSun\EA Games\Command &amp; Conquer The First Decade\Command &amp; Conquer(tm) Tiberian Sun(tm)\SUN\SUN.EXE
Task: {8949A456-63DA-4B1A-991F-37B173F3C1E5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28] (Lavasoft Limited                                                      )
Task: {8C38B476-60E3-4695-80FA-252C69E70219} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {A0E63F2F-55DA-4E0E-9B1A-C4C04BB090D1} - System32\Tasks\{77159BE7-39FD-469C-B44E-F7EADDAD1A49} => I:\Games\WWP\wwp.exe
Task: {BB405834-E3F3-4926-9B16-ADC1DD73FA30} - System32\Tasks\{64298624-06EB-42DE-A453-C3B6A2286079} => I:\Games\WWP\wwp.exe
Task: {C1BA488A-77B9-4997-84D0-EFF9E8D0C9F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DAB1EE6F-C263-4D8C-98CC-35D35B2DB838} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {DCD727BA-3FD9-43DD-8606-773C663B8773} - System32\Tasks\{5AA4A00F-FCEE-41F8-A0B6-81F85A08388A} => I:\games\Mechwarrior Vengeance\MW4Mercs.exe
Task: {E2863477-DC5A-427F-908B-5D79DEDEFD8C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {F2A8B2A8-582A-47B6-BDC0-98B22AC1CE83} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2942367688-666253811-2896108010-1001
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2011-07-14 19:04 - 2012-07-13 14:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-04-23 19:43 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-07-23 19:47 - 2013-07-23 19:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-22 17:50 - 2012-08-19 06:03 - 00069120 _____ () C:\Users\loswochos\Downloads\Miranda\zlib.dll
2012-08-22 17:50 - 2012-08-19 06:06 - 00033792 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\dbx_mmap.dll
2012-08-22 17:50 - 2012-08-19 06:08 - 00064512 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\clist_classic.dll
2012-08-22 17:50 - 2012-08-19 06:07 - 00251904 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\chat.dll
2012-08-22 17:50 - 2012-08-19 06:07 - 00427008 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\icq.dll
2012-08-22 17:50 - 2012-08-19 06:03 - 00402944 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\irc.dll
2012-08-22 17:50 - 2012-08-19 06:08 - 00093184 _____ () C:\Users\loswochos\Downloads\Miranda\Plugins\srmm.dll
2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Downloads\trojaner board\Defogger.exe
2011-10-28 19:35 - 2011-10-28 19:35 - 00591232 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
2011-10-28 19:35 - 2011-10-28 19:35 - 00430568 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\viprebridge.dll
2011-10-28 19:35 - 2011-10-28 19:35 - 00308560 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\Vipre.dll
2014-05-13 02:07 - 2014-06-03 11:01 - 00190752 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2014-05-13 02:07 - 2014-06-03 11:01 - 00178464 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
2014-05-13 02:06 - 2014-05-13 02:06 - 00508776 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw
2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2014-01-19 23:09 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-19 23:09 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-19 23:09 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-19 23:09 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-19 23:09 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-19 10:06 - 2014-06-19 10:06 - 00043008 _____ () C:\Users\loswochos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1koyzf.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\loswochos\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-18 18:14 - 2014-06-18 18:14 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-10 13:28 - 2014-06-10 13:28 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EPSON Stylus DX4000 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SD2CD.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON SX235 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU "C:\Users\LOSWOC~1\AppData\Local\Temp\E_S78E6.tmp" /EF "HKCU"
MSCONFIG\startupreg: Lachesis => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\loswochos\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "G:\Games\The Elder Scrolls Skyrim\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: AODDriver4.2
Description: AODDriver4.2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2014 08:05:22 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (06/17/2014 07:48:40 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Unhandled Exception

Error: (06/10/2014 01:55:52 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (06/09/2014 04:03:12 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (06/09/2014 03:59:22 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1058

Error: (06/08/2014 11:21:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: runonce.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce797ce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x029530d0
ID des fehlerhaften Prozesses: 0xa7c
Startzeit der fehlerhaften Anwendung: 0xrunonce.exe0
Pfad der fehlerhaften Anwendung: runonce.exe1
Pfad des fehlerhaften Moduls: runonce.exe2
Berichtskennung: runonce.exe3

Error: (06/06/2014 00:11:44 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (06/03/2014 01:56:28 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (05/31/2014 01:39:02 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (05/28/2014 00:22:50 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.


System errors:
=============
Error: (06/19/2014 10:02:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/18/2014 04:44:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/18/2014 09:23:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/18/2014 09:21:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/18/2014 09:19:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Diagnosesystemhost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1115

Error: (06/18/2014 09:19:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet: 
%%1747

Error: (06/18/2014 09:19:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/18/2014 09:19:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/18/2014 09:19:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/18/2014 09:19:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (06/17/2014 08:05:22 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (06/17/2014 07:48:40 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Unhandled Exception

Error: (06/10/2014 01:55:52 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (06/09/2014 04:03:12 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (06/09/2014 03:59:22 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1058

Error: (06/08/2014 11:21:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: runonce.exe6.1.7601.175144ce797ceunknown0.0.0.000000000c0000005029530d0a7c01cf835f95a359a0C:\Windows\SysWOW64\runonce.exeunknowne08b2920-ef52-11e3-a49e-665544336040

Error: (06/06/2014 00:11:44 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (06/03/2014 01:56:28 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (05/31/2014 01:39:02 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (05/28/2014 00:22:50 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 4095.24 MB
Available physical RAM: 1826.75 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 5176.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:153.38 GB) (Free:18.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (EMPIRE_DISC2) (CDROM) (Total:5.54 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 153 GB) (Disk ID: CB4ACB4A)
Partition 1: (Active) - (Size=153 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:38 on 19/06/2014 (loswochos)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Gmerlog :
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-19 15:02:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6 ExcelStor_Technology_J8160S rev.P22OA50U 153,39GB
Running: Gmer-19357.exe; Driver: C:\Users\LOSWOC~1\AppData\Local\Temp\uwtdyuoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                          fffff800033ef000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                          fffff800033ef02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                       00000000763f1465 2 bytes [3F, 76]
.text     C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                      00000000763f14bb 2 bytes [3F, 76]
.text     ...                                                                                                                                                                                                                         * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                                                     00000000729b1a22 2 bytes [9B, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                                                     00000000729b1ad0 2 bytes [9B, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                                                     00000000729b1b08 2 bytes [9B, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                                                     00000000729b1bba 2 bytes [9B, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                                                     00000000729b1bda 2 bytes [9B, 72]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                     00000000763f1465 2 bytes [3F, 76]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                    00000000763f14bb 2 bytes [3F, 76]
.text     ...                                                                                                                                                                                                                         * 2
?         C:\Windows\system32\mssprxy.dll [1260] entry point in ".rdata" section                                                                                                                                                      00000000748471e6
.text     C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe[4004] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                    00000000763f1465 2 bytes [3F, 76]
.text     C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe[4004] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                   00000000763f14bb 2 bytes [3F, 76]
.text     ...                                                                                                                                                                                                                         * 2
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          00000000763f1465 2 bytes [3F, 76]
.text     C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                         00000000763f14bb 2 bytes [3F, 76]
.text     ...                                                                                                                                                                                                                         * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3100] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                 00000000763f1465 2 bytes [3F, 76]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3100] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                00000000763f14bb 2 bytes [3F, 76]
.text     ...                                                                                                                                                                                                                         * 2
---- Processes - GMER 2.1 ----

Library   C:\Users\loswochos\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe [4004](2014-01-03 01:09:26)                                               00000000040b0000
Library   c:\users\loswoc~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1koyzf.dll (*** suspicious ***) @ C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe [4004](2014-06-19 08:06:02)  0000000003240000
Library   C:\Users\loswochos\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe [4004](2013-08-23 19:01:44)                                                     0000000069200000
Library   C:\Users\loswochos\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe [4004] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                       000000006cee0000

---- EOF - GMER 2.1 ----
         
Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 18/06/2014
Scan Time: 19:50:54
Logfile: mbmt.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.18.07
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: loswochos

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306261
Time Elapsed: 18 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         

Alt 19.06.2014, 14:20   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.


Schritt 2
Panda USB Vaccine

Bitte lade Dir von hier Panda USB Vaccine herunter.
  • Starte und installiere es.
  • Impfe Deinen PC

Stecke Deinen USB-Stick an und lasse ihn angesteckt.

Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 19.06.2014, 20:21   #3
max89
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Hallo Jürgen,

erstmal Vielen Dank für die schnelle Antwort und deine Zeit.
Also ich hoffe ich habe alles richtig befolgt, soweit hat glaube ich auch alles so geklappt, allerdings als ich den Combofix Scan laufen lassen habe, hat er sich beschwert, dass Avira und Spybot noch laufen würden.
Soweit ich das aber überblicken konnte lief Avira nicht,das ist ja eigentlich genau mein Problem. Spybot habe ich vorher noch beendet gehabt.
Scan lief trotzdem durch. Ich poste mal die Logfiles:

Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by loswochos at 2014-06-19 15:39:28 Run:1
Running from C:\Users\loswochos\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         
Combofix:

Code:
ATTFilter
ComboFix 14-06-19.01 - loswochos 19/06/2014  15:50:39.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.1764 [GMT 2:00]
ausgeführt von:: c:\users\loswochos\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\tmp55F3.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-19 bis 2014-06-19  ))))))))))))))))))))))))))))))
.
.
2014-06-19 14:04 . 2014-06-19 14:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-19 14:04 . 2014-06-19 14:04	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-06-19 13:41 . 2014-06-19 13:41	--------	d-----w-	c:\programdata\Panda Security
2014-06-19 13:41 . 2014-06-19 13:41	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2014-06-19 12:39 . 2014-06-19 13:39	--------	d-----w-	C:\FRST
2014-06-17 18:51 . 2014-06-18 07:26	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2014-06-17 18:10 . 2014-05-30 09:39	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-06-10 20:50 . 2014-06-19 13:37	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-10 20:50 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-06-10 20:50 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-06-10 20:50 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-06-10 20:49 . 2014-06-10 20:50	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 20:49 . 2014-06-10 20:49	--------	d-----w-	c:\programdata\Malwarebytes
2014-06-07 16:03 . 2014-06-07 16:03	--------	d-----w-	c:\users\loswochos\AppData\Local\calibre-cache
2014-06-07 16:02 . 2014-06-07 16:03	--------	d-----w-	c:\users\loswochos\AppData\Roaming\calibre
2014-06-07 16:01 . 2014-06-07 16:01	--------	d-----w-	c:\program files\Calibre2
2014-06-06 14:58 . 2013-12-06 18:01	389290	--sha-w-	c:\users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs
2014-05-23 11:34 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-05-23 11:33 . 2014-06-11 02:13	--------	d-----w-	C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-17 22:51 . 2011-04-23 15:09	95414520	----a-w-	c:\windows\system32\MRT.exe
2014-06-10 11:28 . 2012-05-13 18:18	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-10 11:28 . 2011-05-28 09:42	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-22 11:12 . 2014-01-19 22:07	130584	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-05-22 11:12 . 2014-01-19 22:07	112080	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-05-13 00:08 . 2014-05-13 00:08	55384	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2014-05-13 00:07 . 2014-05-13 00:15	16432	----a-w-	c:\windows\system32\lsdelete.exe
2014-05-12 22:23 . 2014-05-12 22:23	231376	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2014-04-15 00:34 . 2014-04-15 00:34	1070232	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-14 18:13 . 2014-04-17 20:05	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22 . 2014-05-15 09:49	155072	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-15 09:49	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-15 09:49	136192	----a-w-	c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-15 09:49	29184	----a-w-	c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-15 09:49	28160	----a-w-	c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-15 09:49	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-15 09:49	31232	----a-w-	c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-15 09:49	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-15 09:49	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-03-25 02:43 . 2014-05-15 09:50	14175744	----a-w-	c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-31 3093624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"java ska"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-07-23 766208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-05-22 737872]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-04-13 2099200]
.
c:\users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
java ska.vbs [2013-12-6 389290]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
3;3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
3;3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
3;4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrackPro.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys;c:\windows\SYSNATIVE\drivers\Lachesis.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - UWTDYUOC
*Deregistered* - uwtdyuoc
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 11:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\loswochos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\loswochos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\loswochos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{19902E11-779E-4975-ACCA-397C9EC695E6}: NameServer = 141.30.207.2
FF - ProfilePath - c:\users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-01-13 23:11; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Wow6432Node-HKCU-Run-OdjuHlomo - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ArmA 2 - g:\games\Bohemia Interactive\UnInstall.exe
AddRemove-ARMA 2 Operation Arrowhead - g:\games\Bohemia Interactive\UnInstall_OA.exe
AddRemove-BattlEye - i:\games\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - g:\games\Bohemia Interactive\Expansion\BattlEye\UnInstallBE.exe
AddRemove-Edna and Harvey - The Breakout - g:\games\Edna and Harvey - The Breakout\uninstall.exe
AddRemove-Live 8.0.1 - g:\ableto~1.1\Install\UNWISE.EXE
AddRemove-The Walking Dead (c) 3_is1 - g:\games\The Walking Dead\unins000.exe
AddRemove-{3F987BF0-061B-4395-9F6D-0E7C9E4F7107}_is1 - g:\games\Men of War Gold Edition\unins000.exe
AddRemove-{C9935C7E-ED44-427D-B8DF-39E2ACF1AA6A}_is1 - g:\games\Men of War Vietnam\unins000.exe
AddRemove-{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1 - g:\games\Stranded II\unins000.exe
AddRemove-{DBEFF20C-6386-4AF7-A5D4-C0B48C10A9C7}_is1 - g:\games\FarCry 3\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2942367688-666253811-2896108010-1001\Software\SecuROM\License information*]
"datasecu"=hex:0f,1a,97,07,69,3e,1d,df,21,5e,4f,fc,05,21,b6,07,62,85,1a,c1,4b,
   0e,fa,51,d2,0b,32,6d,82,4e,e6,e8,7f,b2,5b,95,e1,c7,70,45,3e,29,fe,08,41,97,\
"rkeysecu"=hex:d1,4d,ad,08,b8,d2,b6,67,6a,8c,53,6a,0e,da,f9,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-19  16:09:31
ComboFix-quarantined-files.txt  2014-06-19 14:09
.
Vor Suchlauf: 12 Verzeichnis(se), 19.319.828.480 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 19.107.631.104 Bytes frei
.
- - End Of File - - CB01860203464DB9AA5D4474DA4154FB
A36C5E4F47E84449FF07ED3517B43A31
         
__________________

Alt 19.06.2014, 20:27   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Ok,

mach bitte mal einen frischen Scan mit FRST....
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 19.06.2014, 20:47   #5
max89
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Alles klar , hab ich gemacht,

Hier wieder das Log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by loswochos (administrator) on LOSWOCHOS-PC on 19-06-2014 21:44:31
Running from C:\Users\loswochos\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(fCoder Group, Inc.) C:\Windows\System32\spool\drivers\x64\3\udceng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-31] ()
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
BootExecute: autocheck autochk * sdnclean64.exelsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48D946F0E691CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{19902E11-779E-4975-ACCA-397C9EC695E6}: [NameServer]141.30.207.2

FireFox:
========
FF ProfilePath: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\loswochos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Forecastfox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF Extension: Flashblock - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-25]
FF Extension: DownloadHelper - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-06]
FF Extension: SearchPreview - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-22]
FF Extension: Ghostery - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]
FF Extension: Quick Note - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack.xpi [2012-08-14]
FF Extension: ScrollyFox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scrollyfox@shawfiresolutions.com.au.xpi [2013-04-21]
FF Extension: Scroll to Top/Bottom - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2012-08-12]
FF Extension: Status-4-Evar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\status4evar@caligonstudios.com.xpi [2014-06-19]
FF Extension: Scientific Calculator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ststusscicalc@sunny.xpi [2012-07-18]
FF Extension: TinyURL Generator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-01-13]
FF Extension: Trafficanzeige - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\traffic@anzeige3.xpi [2013-01-21]
FF Extension: YouTube to MP3 - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-06-30]
FF Extension: Stop Autoplay - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2014-05-22]
FF Extension: AniWeather - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2011-05-02]
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2012-07-23]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2011-05-02]
FF Extension: Adblock Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-24]
FF Extension: Download Statusbar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-24]
FF Extension: DownThemAll! - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-14]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2014-05-13] (Lavasoft Limited)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
U3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2014-05-13] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB)
S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation)
U3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 uwtdyuoc; \??\C:\Users\LOSWOC~1\AppData\Local\Temp\uwtdyuoc.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt
2014-06-19 15:47 - 2014-06-19 16:09 - 00000000 ____D () C:\ComboFix
2014-06-19 15:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-19 15:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-19 15:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-19 15:45 - 2014-06-19 16:09 - 00000000 ____D () C:\Qoobox
2014-06-19 15:44 - 2014-06-19 16:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe
2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe
2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt
2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt
2014-06-19 14:40 - 2014-06-19 14:42 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt
2014-06-19 14:39 - 2014-06-19 21:44 - 00019210 _____ () C:\Users\loswochos\Desktop\FRST.txt
2014-06-19 14:39 - 2014-06-19 21:44 - 00000000 ____D () C:\FRST
2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log
2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 14:33 - 2014-06-19 15:37 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 14:33 - 2014-06-19 14:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe
2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-19 10:02 - 2014-06-19 10:02 - 00000022 _____ () C:\Windows\S.dirmngr
2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 09:17 - 2014-06-19 10:02 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-17 20:51 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-17 20:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-17 20:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-17 20:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-17 20:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-17 20:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-17 20:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-17 20:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-17 20:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-17 20:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-17 20:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-17 20:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-17 20:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-17 20:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-17 20:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-17 20:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-17 20:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-17 20:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-17 20:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-17 20:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-17 20:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-17 20:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-17 20:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-17 20:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-17 20:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-17 20:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-17 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-17 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-17 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-17 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-17 20:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-17 20:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-17 20:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-17 20:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-17 20:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-17 20:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-17 20:10 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-17 20:10 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-17 20:10 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-17 20:10 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-17 20:10 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-17 20:10 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-17 20:10 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-17 20:10 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-17 20:10 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-17 20:10 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-17 20:10 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-17 20:10 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-17 20:10 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-17 20:10 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-17 20:10 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-17 20:10 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-17 20:10 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-17 20:10 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-17 20:10 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-17 20:10 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-17 20:10 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-17 20:10 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-17 20:10 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-17 20:10 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-17 20:10 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-17 20:10 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-17 20:10 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 22:50 - 2014-06-19 15:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 22:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 22:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 22:49 - 2014-06-10 22:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:44 - 2014-06-17 19:43 - 00002612 _____ () C:\Windows\PFRO.log
2014-06-10 22:42 - 2014-06-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 13:48 - 2014-06-19 10:02 - 00000560 _____ () C:\Windows\setupact.log
2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:28 - 2014-06-19 21:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 12:50 - 2014-06-09 12:56 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-07 20:07 - 2014-06-07 20:09 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 20:07 - 2014-06-07 20:09 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 20:05 - 2014-06-07 20:07 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 18:02 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 18:01 - 2014-06-07 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 13:33 - 2014-06-11 04:13 - 00000000 ____D () C:\AdwCleaner
2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 15:04 - 2014-06-06 18:10 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk

==================== One Month Modified Files and Folders =======

2014-06-19 21:44 - 2014-06-19 14:39 - 00019210 _____ () C:\Users\loswochos\Desktop\FRST.txt
2014-06-19 21:44 - 2014-06-19 14:39 - 00000000 ____D () C:\FRST
2014-06-19 21:23 - 2014-06-10 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt
2014-06-19 16:09 - 2014-06-19 15:47 - 00000000 ____D () C:\ComboFix
2014-06-19 16:09 - 2014-06-19 15:45 - 00000000 ____D () C:\Qoobox
2014-06-19 16:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-19 16:06 - 2014-06-19 15:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 16:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-19 15:49 - 2011-04-23 15:43 - 01706950 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe
2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe
2014-06-19 15:37 - 2014-06-19 14:33 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 15:37 - 2014-06-10 22:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt
2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt
2014-06-19 14:42 - 2014-06-19 14:40 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt
2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log
2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 14:38 - 2011-04-23 15:43 - 00000000 ____D () C:\Users\loswochos
2014-06-19 14:33 - 2014-06-19 14:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe
2014-06-19 13:47 - 2012-11-10 13:58 - 00000000 ____D () C:\Users\loswochos\Downloads\Tor Browser
2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-19 10:36 - 2012-12-31 13:06 - 00000000 ____D () C:\Users\loswochos\AppData\Local\PMB Files
2014-06-19 10:10 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 10:10 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 10:06 - 2014-05-03 11:37 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\DropboxMaster
2014-06-19 10:06 - 2012-08-30 17:27 - 00000000 ___RD () C:\Users\loswochos\Dropbox
2014-06-19 10:06 - 2012-08-30 17:17 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Dropbox
2014-06-19 10:02 - 2014-06-19 10:02 - 00000022 _____ () C:\Windows\S.dirmngr
2014-06-19 10:02 - 2014-06-18 09:17 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-19 10:02 - 2014-06-10 13:48 - 00000560 _____ () C:\Windows\setupact.log
2014-06-19 10:02 - 2014-05-14 10:42 - 00011158 _____ () C:\aaw7boot.log
2014-06-19 10:02 - 2012-05-14 16:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 10:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 19:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 09:26 - 2014-06-17 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-18 00:54 - 2013-08-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-18 00:51 - 2011-04-23 17:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-18 00:50 - 2011-04-23 16:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-18 00:48 - 2014-04-23 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-17 20:05 - 2014-05-16 12:02 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-06-17 20:05 - 2014-05-16 12:02 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-06-17 19:43 - 2014-06-10 22:44 - 00002612 _____ () C:\Windows\PFRO.log
2014-06-11 04:15 - 2011-07-30 12:54 - 00000000 ____D () C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP
2014-06-11 04:13 - 2014-05-23 13:33 - 00000000 ____D () C:\AdwCleaner
2014-06-10 23:10 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\KeePass
2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 22:50 - 2014-06-10 22:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:48 - 2014-06-10 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 22:16 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-06-10 22:16 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-06-10 22:16 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 16:46 - 2011-04-26 13:01 - 00000000 ___RD () C:\Users\loswochos\Desktop\Programme
2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:43 - 2012-04-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 13:28 - 2012-05-13 20:18 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-10 13:28 - 2011-05-28 11:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 14:54 - 2013-11-08 02:07 - 00000000 ____D () C:\Users\loswochos\AppData\Local\Arma 3
2014-06-09 12:56 - 2014-06-09 12:50 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-09 00:02 - 2011-06-07 22:41 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\vlc
2014-06-08 11:13 - 2014-06-17 20:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-17 20:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 20:09 - 2014-06-07 20:07 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 20:09 - 2014-06-07 20:07 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 20:07 - 2014-06-07 20:05 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 18:03 - 2014-06-07 18:02 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 18:02 - 2014-06-07 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-06-06 18:10 - 2014-05-22 15:04 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk
2014-05-30 16:58 - 2011-09-29 18:30 - 00000000 ____D () C:\ProgramData\Origin
2014-05-30 16:57 - 2011-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-30 12:21 - 2014-06-17 20:10 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-17 20:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-17 20:10 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-17 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-17 20:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-17 20:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-17 20:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-17 20:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-17 20:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-17 20:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-17 20:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-17 20:10 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-17 20:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-17 20:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-17 20:10 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-17 20:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-17 20:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-17 20:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-17 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-17 20:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-17 20:10 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-17 20:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-17 20:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-17 20:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-17 20:10 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-17 20:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-17 20:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-17 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-17 20:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-17 20:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-17 20:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-17 20:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-17 20:10 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-17 20:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-17 20:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-17 20:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-17 20:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-17 20:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-17 20:10 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-17 20:10 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-17 20:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-17 20:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-17 20:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-17 20:10 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-17 20:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-17 20:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-17 20:10 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-17 20:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-17 20:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-17 20:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 12:17 - 2012-08-30 17:22 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 16:44 - 2014-01-19 23:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-23 14:27 - 2011-04-24 12:07 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-23 14:27 - 2011-04-23 15:45 - 00001003 _____ () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 21:11 - 2014-05-13 21:20 - 00004894 _____ () C:\Users\loswochos\Documents\NeueDatenbank.kdbx
2014-05-22 13:12 - 2014-01-20 00:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 13:12 - 2014-01-20 00:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 19:00

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 19.06.2014, 21:07   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Ok,

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs
Reboot:
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3



Bitte starte FRST erneut und drücke auf Scan.
Bitte poste mir den Inhalt der FRST.txt.
__________________
--> Antivir durch Gruppenrichtlinie blockiert

Alt 19.06.2014, 21:56   #7
max89
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Ok habe alles so gemacht wie du gesagt hast, nach dem ersten Neustarten schien auch Antivir wieder zu laufen (ein gutes Zeichen..oder? ), habe dann den Adwcleaner laufen lassen und zuletzt noch mal FRST.

Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by loswochos at 2014-06-19 22:25:14 Run:2
Running from C:\Users\loswochos\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs
Reboot:
*****************

C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs => Moved successfully.
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\Software\Microsoft\Windows\CurrentVersion\Run\\java ska => value deleted successfully.
Could not move "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-19 22:33:14)<=

C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs => Is moved successfully.

==== End of Fixlog ====
         
adwcleaner:

Code:
ATTFilter
# AdwCleaner v3.212 - Bericht erstellt am 19/06/2014 um 22:38:59
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : loswochos - LOSWOCHOS-PC
# Gestartet von : C:\Users\loswochos\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v35vtery.default\prefs.js ]


[ Datei : C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.aniweather.timeShifted", 1479036);

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [16404 octets] - [23/05/2014 13:34:05]
AdwCleaner[R1].txt - [1103 octets] - [10/06/2014 22:41:19]
AdwCleaner[R2].txt - [1223 octets] - [11/06/2014 03:16:31]
AdwCleaner[R3].txt - [1394 octets] - [19/06/2014 22:37:55]
AdwCleaner[S0].txt - [14336 octets] - [23/05/2014 14:27:48]
AdwCleaner[S1].txt - [1165 octets] - [10/06/2014 22:42:40]
AdwCleaner[S2].txt - [1285 octets] - [11/06/2014 04:12:49]
AdwCleaner[S3].txt - [1315 octets] - [19/06/2014 22:38:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1375 octets] ##########
         

FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by loswochos (administrator) on LOSWOCHOS-PC on 19-06-2014 22:50:18
Running from C:\Users\loswochos\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dropbox, Inc.) C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-31] ()
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
BootExecute: autocheck autochk * sdnclean64.exelsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48D946F0E691CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{19902E11-779E-4975-ACCA-397C9EC695E6}: [NameServer]141.30.207.2

FireFox:
========
FF ProfilePath: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\loswochos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Forecastfox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF Extension: Flashblock - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-25]
FF Extension: DownloadHelper - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-06]
FF Extension: SearchPreview - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-22]
FF Extension: Ghostery - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]
FF Extension: Quick Note - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack.xpi [2012-08-14]
FF Extension: ScrollyFox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scrollyfox@shawfiresolutions.com.au.xpi [2013-04-21]
FF Extension: Scroll to Top/Bottom - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2012-08-12]
FF Extension: Status-4-Evar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\status4evar@caligonstudios.com.xpi [2014-06-19]
FF Extension: Scientific Calculator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ststusscicalc@sunny.xpi [2012-07-18]
FF Extension: TinyURL Generator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-01-13]
FF Extension: Trafficanzeige - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\traffic@anzeige3.xpi [2013-01-21]
FF Extension: YouTube to MP3 - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-06-30]
FF Extension: Stop Autoplay - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2014-05-22]
FF Extension: AniWeather - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2011-05-02]
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2012-07-23]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2011-05-02]
FF Extension: Adblock Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-24]
FF Extension: Download Statusbar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-24]
FF Extension: DownThemAll! - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-14]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2014-05-13] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2014-05-13] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB)
S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-19 22:40 - 2014-06-19 22:40 - 00000022 _____ () C:\Windows\S.dirmngr
2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt
2014-06-19 15:47 - 2014-06-19 16:09 - 00000000 ____D () C:\ComboFix
2014-06-19 15:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-19 15:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-19 15:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-19 15:45 - 2014-06-19 16:09 - 00000000 ____D () C:\Qoobox
2014-06-19 15:44 - 2014-06-19 16:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe
2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe
2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt
2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt
2014-06-19 14:40 - 2014-06-19 14:42 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt
2014-06-19 14:39 - 2014-06-19 22:50 - 00019708 _____ () C:\Users\loswochos\Desktop\FRST.txt
2014-06-19 14:39 - 2014-06-19 22:50 - 00000000 ____D () C:\FRST
2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log
2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 14:33 - 2014-06-19 15:37 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 14:33 - 2014-06-19 14:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe
2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 09:17 - 2014-06-19 22:42 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-17 20:51 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-17 20:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-17 20:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-17 20:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-17 20:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-17 20:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-17 20:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-17 20:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-17 20:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-17 20:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-17 20:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-17 20:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-17 20:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-17 20:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-17 20:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-17 20:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-17 20:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-17 20:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-17 20:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-17 20:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-17 20:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-17 20:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-17 20:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-17 20:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-17 20:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-17 20:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-17 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-17 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-17 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-17 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-17 20:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-17 20:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-17 20:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-17 20:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-17 20:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-17 20:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-17 20:10 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-17 20:10 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-17 20:10 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-17 20:10 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-17 20:10 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-17 20:10 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-17 20:10 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-17 20:10 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-17 20:10 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-17 20:10 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-17 20:10 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-17 20:10 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-17 20:10 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-17 20:10 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-17 20:10 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-17 20:10 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-17 20:10 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-17 20:10 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-17 20:10 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-17 20:10 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-17 20:10 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-17 20:10 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-17 20:10 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-17 20:10 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-17 20:10 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-17 20:10 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-17 20:10 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 22:50 - 2014-06-19 22:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 22:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 22:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 22:49 - 2014-06-10 22:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:44 - 2014-06-19 22:40 - 00003478 _____ () C:\Windows\PFRO.log
2014-06-10 22:42 - 2014-06-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 22:40 - 2014-06-10 22:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe
2014-06-10 13:48 - 2014-06-19 22:40 - 00000672 _____ () C:\Windows\setupact.log
2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:28 - 2014-06-19 22:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 12:50 - 2014-06-09 12:56 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-07 20:07 - 2014-06-07 20:09 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 20:07 - 2014-06-07 20:09 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 20:05 - 2014-06-07 20:07 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 18:02 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 18:01 - 2014-06-07 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 13:33 - 2014-06-19 22:39 - 00000000 ____D () C:\AdwCleaner
2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 15:04 - 2014-06-06 18:10 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk

==================== One Month Modified Files and Folders =======

2014-06-19 22:51 - 2014-06-19 14:39 - 00019708 _____ () C:\Users\loswochos\Desktop\FRST.txt
2014-06-19 22:51 - 2012-12-31 13:06 - 00000000 ____D () C:\Users\loswochos\AppData\Local\PMB Files
2014-06-19 22:50 - 2014-06-19 14:39 - 00000000 ____D () C:\FRST
2014-06-19 22:50 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 22:50 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 22:47 - 2011-04-23 15:43 - 01722501 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 22:45 - 2014-06-10 22:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 22:43 - 2014-05-03 11:37 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\DropboxMaster
2014-06-19 22:43 - 2012-08-30 17:27 - 00000000 ___RD () C:\Users\loswochos\Dropbox
2014-06-19 22:43 - 2012-08-30 17:17 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Dropbox
2014-06-19 22:42 - 2014-06-18 09:17 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-19 22:40 - 2014-06-19 22:40 - 00000022 _____ () C:\Windows\S.dirmngr
2014-06-19 22:40 - 2014-06-10 22:44 - 00003478 _____ () C:\Windows\PFRO.log
2014-06-19 22:40 - 2014-06-10 13:48 - 00000672 _____ () C:\Windows\setupact.log
2014-06-19 22:40 - 2014-05-14 10:42 - 00011606 _____ () C:\aaw7boot.log
2014-06-19 22:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 22:39 - 2014-05-23 13:33 - 00000000 ____D () C:\AdwCleaner
2014-06-19 22:23 - 2014-06-10 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt
2014-06-19 16:09 - 2014-06-19 15:47 - 00000000 ____D () C:\ComboFix
2014-06-19 16:09 - 2014-06-19 15:45 - 00000000 ____D () C:\Qoobox
2014-06-19 16:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-19 16:06 - 2014-06-19 15:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 16:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe
2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe
2014-06-19 15:37 - 2014-06-19 14:33 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt
2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt
2014-06-19 14:42 - 2014-06-19 14:40 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt
2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log
2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 14:38 - 2011-04-23 15:43 - 00000000 ____D () C:\Users\loswochos
2014-06-19 14:33 - 2014-06-19 14:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe
2014-06-19 13:47 - 2012-11-10 13:58 - 00000000 ____D () C:\Users\loswochos\Downloads\Tor Browser
2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-19 10:02 - 2012-05-14 16:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 19:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 09:26 - 2014-06-17 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-18 00:54 - 2013-08-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-18 00:51 - 2011-04-23 17:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-18 00:50 - 2011-04-23 16:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-18 00:48 - 2014-04-23 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-17 20:05 - 2014-05-16 12:02 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-06-17 20:05 - 2014-05-16 12:02 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-06-11 04:15 - 2011-07-30 12:54 - 00000000 ____D () C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP
2014-06-10 23:10 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\KeePass
2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 22:50 - 2014-06-10 22:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:48 - 2014-06-10 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 22:40 - 2014-06-10 22:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe
2014-06-10 22:16 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-06-10 22:16 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-06-10 22:16 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 16:46 - 2011-04-26 13:01 - 00000000 ___RD () C:\Users\loswochos\Desktop\Programme
2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:43 - 2012-04-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 13:28 - 2012-05-13 20:18 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-10 13:28 - 2011-05-28 11:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 14:54 - 2013-11-08 02:07 - 00000000 ____D () C:\Users\loswochos\AppData\Local\Arma 3
2014-06-09 12:56 - 2014-06-09 12:50 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-09 00:02 - 2011-06-07 22:41 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\vlc
2014-06-08 11:13 - 2014-06-17 20:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-17 20:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 20:09 - 2014-06-07 20:07 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 20:09 - 2014-06-07 20:07 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 20:07 - 2014-06-07 20:05 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 18:03 - 2014-06-07 18:02 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 18:02 - 2014-06-07 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-06-06 18:10 - 2014-05-22 15:04 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk
2014-05-30 16:58 - 2011-09-29 18:30 - 00000000 ____D () C:\ProgramData\Origin
2014-05-30 16:57 - 2011-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-30 12:21 - 2014-06-17 20:10 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-17 20:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-17 20:10 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-17 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-17 20:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-17 20:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-17 20:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-17 20:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-17 20:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-17 20:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-17 20:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-17 20:10 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-17 20:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-17 20:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-17 20:10 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-17 20:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-17 20:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-17 20:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-17 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-17 20:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-17 20:10 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-17 20:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-17 20:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-17 20:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-17 20:10 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-17 20:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-17 20:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-17 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-17 20:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-17 20:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-17 20:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-17 20:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-17 20:10 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-17 20:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-17 20:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-17 20:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-17 20:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-17 20:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-17 20:10 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-17 20:10 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-17 20:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-17 20:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-17 20:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-17 20:10 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-17 20:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-17 20:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-17 20:10 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-17 20:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-17 20:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-17 20:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 12:17 - 2012-08-30 17:22 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 16:44 - 2014-01-19 23:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-23 14:27 - 2011-04-24 12:07 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-23 14:27 - 2011-04-23 15:45 - 00001003 _____ () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 21:11 - 2014-05-13 21:20 - 00004894 _____ () C:\Users\loswochos\Documents\NeueDatenbank.kdbx
2014-05-22 13:12 - 2014-01-20 00:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 13:12 - 2014-01-20 00:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\loswochos\AppData\Local\Temp\avgnt.exe
C:\Users\loswochos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaopkuu.dll
C:\Users\loswochos\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 19:00

==================== End Of Log ============================
         
--- --- ---

Alt 19.06.2014, 22:03   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert




Naja, ich muss Dich jetzt in die Tiefen von Windows schicken...

Zur Übung machen wir erstmal nen Scan mit FRST aus der RE:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.06.2014, 14:37   #9
max89
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Hallo und guten Tag,

also ich bin so verfahren wie beschrieben, es ist aber ein Problem aufgetaucht, denn der USB Stick auf dem ich jetzt das Log vom Scan habe, zeigt nur Verknüpfungen an ( ich vermute auch infiziert? ). Wie auch bei meinem anderen Stick. Bin etwas ratlos ,deswegen und dachte ich frage sicherheitshalber erst nochmal nach, hoffe du kannst mir weiterhelfen.

Gruß

Alt 20.06.2014, 15:52   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Hi,
kannst Du das Log denn posten?

Schließe den Stick auch an den PC an und lasse ihn "impfen".
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.06.2014, 16:40   #11
max89
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Hey, habe versucht den USB Stick zu impfen allerdings erhalte ich die Fehlermeldung " Vaccination not possible. Error backing up the original AUTORUN.inf".
Das Logfile lässt sich allerdings öffnen:

FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by SYSTEM on MININT-IQDOH9E on 20-06-2014 15:15:46
Running from F:\
Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\loswochos\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-31] ()
HKU\loswochos\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
BootExecute: autocheck autochk * sdnclean64.exelsdelete

==================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-23] (Advanced Micro Devices, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] ()
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2014-05-13] (Lavasoft Limited)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-13] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2014-05-13] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB)
S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-20 08:09 - 2014-06-20 08:09 - 00506208 _____ () C:\Windows\Minidump\062014-17721-01.dmp
2014-06-19 15:09 - 2014-06-19 15:09 - 00021776 _____ () C:\ComboFix.txt
2014-06-19 14:47 - 2014-06-19 15:09 - 00000000 ____D () C:\ComboFix
2014-06-19 14:47 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-19 14:47 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-19 14:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-19 14:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-19 14:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-19 14:47 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-19 14:47 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-19 14:47 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-19 14:45 - 2014-06-19 15:09 - 00000000 ____D () C:\Qoobox
2014-06-19 14:44 - 2014-06-19 15:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 14:43 - 2014-06-19 14:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe
2014-06-19 14:41 - 2014-06-19 14:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-19 14:41 - 2014-06-19 14:41 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 14:41 - 2014-06-19 14:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-19 14:40 - 2014-06-19 14:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe
2014-06-19 14:05 - 2014-06-19 14:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt
2014-06-19 14:02 - 2014-06-19 14:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt
2014-06-19 13:40 - 2014-06-19 13:42 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt
2014-06-19 13:39 - 2014-06-20 15:15 - 00000000 ____D () C:\FRST
2014-06-19 13:39 - 2014-06-19 21:51 - 00051152 _____ () C:\Users\loswochos\Desktop\FRST.txt
2014-06-19 13:38 - 2014-06-19 13:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log
2014-06-19 13:38 - 2014-06-19 13:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 13:33 - 2014-06-19 14:37 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 13:33 - 2014-06-19 13:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe
2014-06-19 13:33 - 2014-06-19 13:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe
2014-06-19 13:33 - 2014-06-19 13:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe
2014-06-19 12:45 - 2014-06-19 12:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-18 17:14 - 2014-06-18 17:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 08:17 - 2014-06-20 14:04 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-17 19:51 - 2014-06-18 08:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-17 19:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-06-17 19:11 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-06-17 19:11 - 2014-05-30 10:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-06-17 19:11 - 2014-05-30 10:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-06-17 19:11 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-17 19:11 - 2014-05-30 10:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-06-17 19:11 - 2014-05-30 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-17 19:11 - 2014-05-30 09:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-17 19:11 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-17 19:11 - 2014-05-30 09:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-17 19:11 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-17 19:11 - 2014-05-30 09:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-17 19:11 - 2014-05-30 09:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-17 19:11 - 2014-05-30 09:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-17 19:11 - 2014-05-30 09:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-06-17 19:11 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-17 19:11 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-17 19:11 - 2014-05-30 09:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-17 19:11 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-17 19:11 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-17 19:11 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-17 19:11 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-17 19:11 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-17 19:11 - 2014-05-30 08:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-06-17 19:11 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-17 19:11 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2014-06-17 19:11 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-17 19:11 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-06-17 19:11 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-06-17 19:11 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-06-17 19:11 - 2014-03-26 15:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-06-17 19:11 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2014-06-17 19:11 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-06-17 19:11 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-17 19:11 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-17 19:11 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-17 19:11 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-17 19:10 - 2014-06-08 10:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-17 19:10 - 2014-06-08 10:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-06-17 19:10 - 2014-05-30 11:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-06-17 19:10 - 2014-05-30 10:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-06-17 19:10 - 2014-05-30 10:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-06-17 19:10 - 2014-05-30 10:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-06-17 19:10 - 2014-05-30 10:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-06-17 19:10 - 2014-05-30 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-06-17 19:10 - 2014-05-30 10:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-06-17 19:10 - 2014-05-30 10:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-06-17 19:10 - 2014-05-30 10:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-06-17 19:10 - 2014-05-30 10:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-17 19:10 - 2014-05-30 10:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-06-17 19:10 - 2014-05-30 09:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-06-17 19:10 - 2014-05-30 09:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-06-17 19:10 - 2014-05-30 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-17 19:10 - 2014-05-30 09:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-06-17 19:10 - 2014-05-30 09:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-06-17 19:10 - 2014-05-30 09:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-17 19:10 - 2014-05-30 09:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-06-17 19:10 - 2014-05-30 09:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-06-17 19:10 - 2014-05-30 09:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-17 19:10 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-17 19:10 - 2014-05-30 08:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-06-17 19:10 - 2014-05-30 08:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-17 19:10 - 2014-05-30 08:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-06-17 19:10 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-17 19:10 - 2014-05-30 08:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-06-17 19:10 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 21:50 - 2014-06-20 14:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-06-10 21:50 - 2014-06-10 21:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 21:50 - 2014-05-12 06:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-06-10 21:50 - 2014-05-12 06:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-06-10 21:50 - 2014-05-12 06:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-06-10 21:49 - 2014-06-10 21:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 21:49 - 2014-06-10 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 21:44 - 2014-06-19 21:40 - 00003478 _____ () C:\Windows\PFRO.log
2014-06-10 21:42 - 2014-06-10 21:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 21:40 - 2014-06-10 21:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe
2014-06-10 12:48 - 2014-06-20 14:02 - 00000840 _____ () C:\Windows\setupact.log
2014-06-10 12:48 - 2014-06-10 12:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 12:28 - 2014-06-20 11:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 12:28 - 2014-06-10 12:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 12:22 - 2014-06-10 12:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 11:50 - 2014-06-09 11:56 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-07 19:07 - 2014-06-07 19:09 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 19:07 - 2014-06-07 19:09 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 19:06 - 2014-06-07 19:07 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 19:06 - 2014-06-07 19:07 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 19:06 - 2014-06-07 19:07 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 19:05 - 2014-06-07 19:07 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 17:03 - 2014-06-07 17:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 17:02 - 2014-06-07 17:03 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 17:01 - 2014-06-07 17:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 16:56 - 2014-06-07 16:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 12:34 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 12:33 - 2014-06-19 21:39 - 00000000 ____D () C:\AdwCleaner
2014-05-22 22:22 - 2014-05-22 22:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 22:22 - 2014-05-22 22:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 14:04 - 2014-06-06 17:10 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk

==================== One Month Modified Files and Folders =======

2014-06-20 15:15 - 2014-06-19 13:39 - 00000000 ____D () C:\FRST
2014-06-20 14:12 - 2012-12-31 12:06 - 00000000 ____D () C:\Users\loswochos\AppData\Local\PMB Files
2014-06-20 14:12 - 2012-08-30 16:27 - 00000000 ___RD () C:\Users\loswochos\Dropbox
2014-06-20 14:12 - 2011-04-23 14:43 - 01746660 _____ () C:\Windows\WindowsUpdate.log
2014-06-20 14:12 - 2009-07-14 05:45 - 00013568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-20 14:12 - 2009-07-14 05:45 - 00013568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 14:07 - 2014-06-10 21:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-06-20 14:04 - 2014-06-18 08:17 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-20 14:04 - 2014-05-03 10:37 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\DropboxMaster
2014-06-20 14:04 - 2012-08-30 16:17 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Dropbox
2014-06-20 14:02 - 2014-06-10 12:48 - 00000840 _____ () C:\Windows\setupact.log
2014-06-20 14:02 - 2014-05-14 09:42 - 00012278 _____ () C:\aaw7boot.log
2014-06-20 14:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 11:23 - 2014-06-10 12:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-20 08:09 - 2014-06-20 08:09 - 00506208 _____ () C:\Windows\Minidump\062014-17721-01.dmp
2014-06-20 08:09 - 2011-08-25 12:32 - 00000000 ____D () C:\Windows\Minidump
2014-06-19 21:51 - 2014-06-19 13:39 - 00051152 _____ () C:\Users\loswochos\Desktop\FRST.txt
2014-06-19 21:40 - 2014-06-10 21:44 - 00003478 _____ () C:\Windows\PFRO.log
2014-06-19 21:39 - 2014-05-23 12:33 - 00000000 ____D () C:\AdwCleaner
2014-06-19 15:09 - 2014-06-19 15:09 - 00021776 _____ () C:\ComboFix.txt
2014-06-19 15:09 - 2014-06-19 14:47 - 00000000 ____D () C:\ComboFix
2014-06-19 15:09 - 2014-06-19 14:45 - 00000000 ____D () C:\Qoobox
2014-06-19 15:09 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default
2014-06-19 15:06 - 2014-06-19 14:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 15:04 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-19 14:43 - 2014-06-19 14:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe
2014-06-19 14:41 - 2014-06-19 14:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-19 14:41 - 2014-06-19 14:41 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 14:41 - 2014-06-19 14:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-19 14:40 - 2014-06-19 14:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe
2014-06-19 14:37 - 2014-06-19 13:33 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 14:05 - 2014-06-19 14:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt
2014-06-19 14:02 - 2014-06-19 14:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt
2014-06-19 13:42 - 2014-06-19 13:40 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt
2014-06-19 13:38 - 2014-06-19 13:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log
2014-06-19 13:38 - 2014-06-19 13:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 13:38 - 2011-04-23 14:43 - 00000000 ____D () C:\users\loswochos
2014-06-19 13:33 - 2014-06-19 13:33 - 02082304 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe
2014-06-19 13:33 - 2014-06-19 13:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe
2014-06-19 13:33 - 2014-06-19 13:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe
2014-06-19 12:47 - 2012-11-10 12:58 - 00000000 ____D () C:\Users\loswochos\Downloads\Tor Browser
2014-06-19 12:45 - 2014-06-19 12:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-19 09:02 - 2012-05-14 15:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 18:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-06-18 17:14 - 2014-06-18 17:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 08:26 - 2014-06-17 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-17 23:54 - 2013-08-26 02:01 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-17 23:51 - 2011-04-23 16:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-06-17 23:50 - 2011-04-23 15:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-17 23:48 - 2014-04-23 18:09 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-06-17 19:05 - 2014-05-16 11:02 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-06-17 19:05 - 2014-05-16 11:02 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-06-11 03:15 - 2011-07-30 11:54 - 00000000 ____D () C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP
2014-06-10 22:10 - 2014-05-13 00:57 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\KeePass
2014-06-10 21:50 - 2014-06-10 21:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 21:50 - 2014-06-10 21:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 21:49 - 2014-06-10 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 21:48 - 2014-06-10 21:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 21:40 - 2014-06-10 21:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe
2014-06-10 21:16 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\System32\perfh007.dat
2014-06-10 21:16 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\System32\perfc007.dat
2014-06-10 21:16 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-06-10 15:46 - 2011-04-26 12:01 - 00000000 ___RD () C:\Users\loswochos\Desktop\Programme
2014-06-10 12:48 - 2014-06-10 12:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 12:43 - 2012-04-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-10 12:28 - 2014-06-10 12:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 12:28 - 2012-05-13 19:18 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-10 12:28 - 2011-05-28 10:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-10 12:22 - 2014-06-10 12:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 13:54 - 2013-11-08 01:07 - 00000000 ____D () C:\Users\loswochos\AppData\Local\Arma 3
2014-06-09 11:56 - 2014-06-09 11:50 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-08 23:02 - 2011-06-07 21:41 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\vlc
2014-06-08 10:13 - 2014-06-17 19:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-08 10:08 - 2014-06-17 19:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-06-07 19:09 - 2014-06-07 19:07 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 19:09 - 2014-06-07 19:07 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 19:07 - 2014-06-07 19:06 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 19:07 - 2014-06-07 19:06 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 19:07 - 2014-06-07 19:06 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 19:07 - 2014-06-07 19:05 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 17:03 - 2014-06-07 17:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 17:03 - 2014-06-07 17:02 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 17:01 - 2014-06-07 17:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 16:56 - 2014-06-07 16:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-06-06 17:10 - 2014-05-22 14:04 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk
2014-05-30 15:58 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-05-30 15:57 - 2011-09-29 17:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-30 11:21 - 2014-06-17 19:10 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-30 11:02 - 2014-06-17 19:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-30 11:02 - 2014-06-17 19:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 10:45 - 2014-06-17 19:10 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-05-30 10:39 - 2014-06-17 19:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-05-30 10:39 - 2014-06-17 19:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-05-30 10:38 - 2014-06-17 19:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-05-30 10:28 - 2014-06-17 19:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-05-30 10:27 - 2014-06-17 19:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-05-30 10:24 - 2014-06-17 19:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-05-30 10:21 - 2014-06-17 19:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-05-30 10:21 - 2014-06-17 19:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-05-30 10:20 - 2014-06-17 19:10 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-05-30 10:18 - 2014-06-17 19:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 10:11 - 2014-06-17 19:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 10:08 - 2014-06-17 19:10 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-05-30 10:06 - 2014-06-17 19:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-05-30 10:02 - 2014-06-17 19:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 09:55 - 2014-06-17 19:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 09:49 - 2014-06-17 19:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-05-30 09:46 - 2014-06-17 19:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-30 09:44 - 2014-06-17 19:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 09:44 - 2014-06-17 19:10 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-05-30 09:43 - 2014-06-17 19:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 09:42 - 2014-06-17 19:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 09:38 - 2014-06-17 19:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 09:35 - 2014-06-17 19:10 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-05-30 09:34 - 2014-06-17 19:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 09:33 - 2014-06-17 19:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 09:30 - 2014-06-17 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 09:29 - 2014-06-17 19:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-05-30 09:28 - 2014-06-17 19:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 09:27 - 2014-06-17 19:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 09:24 - 2014-06-17 19:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-05-30 09:23 - 2014-06-17 19:10 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-05-30 09:16 - 2014-06-17 19:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 09:10 - 2014-06-17 19:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 09:06 - 2014-06-17 19:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 09:04 - 2014-06-17 19:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 09:02 - 2014-06-17 19:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 08:56 - 2014-06-17 19:10 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 08:56 - 2014-06-17 19:10 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-05-30 08:54 - 2014-06-17 19:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 08:50 - 2014-06-17 19:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 08:49 - 2014-06-17 19:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 08:43 - 2014-06-17 19:10 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-05-30 08:40 - 2014-06-17 19:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 08:30 - 2014-06-17 19:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-05-30 08:21 - 2014-06-17 19:10 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 08:15 - 2014-06-17 19:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 08:13 - 2014-06-17 19:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-05-30 08:13 - 2014-06-17 19:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-23 15:44 - 2014-05-23 15:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 15:44 - 2014-01-19 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-22 22:22 - 2014-05-22 22:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 22:22 - 2014-05-22 22:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 20:11 - 2014-05-13 20:20 - 00004894 _____ () C:\Users\loswochos\Documents\NeueDatenbank.kdbx
2014-05-22 12:12 - 2014-01-19 23:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2014-05-22 12:12 - 2014-01-19 23:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\loswochos\AppData\Local\Temp\avgnt.exe
C:\Users\loswochos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqi95zq.dll
C:\Users\loswochos\AppData\Local\Temp\Quarantine.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-05-31 13:51:35
Restore point made on: 2014-06-03 16:14:38
Restore point made on: 2014-06-07 17:01:04
Restore point made on: 2014-06-10 16:14:41
Restore point made on: 2014-06-17 23:47:15
Restore point made on: 2014-06-19 14:47:36

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4095.24 MB
Available physical RAM: 3500.3 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3491.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:153.38 GB) (Free:17.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (EMPIRE_DISC2) (CDROM) (Total:5.54 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:14.53 GB) (Free:4.31 GB) FAT32
Drive f: (KINGSTON) (Removable) (Total:14.64 GB) (Free:14.64 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 153 GB) (Disk ID: CB4ACB4A)
Partition 1: (Active) - (Size=153 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: 88032E65)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2014-06-18 18:00

==================== End Of Log ============================
         
--- --- ---

Alt 20.06.2014, 16:45   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



OK, dann mache bitte diesen Fix auch in den Reparaturoptionen und starte danach in den Normalmodus und mache einen normalen Scan mit FRST.


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
HKU\loswochos\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.06.2014, 17:03   #13
max89
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Hab ich gemacht, hier das Fixlog dazu:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by SYSTEM at 2014-06-20 17:55:38 Run:3
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\loswochos\...\Run: [java ska] => wscript.exe //B "C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs" <===== ATTENTION
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs ()
C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs
*****************

HKU\loswochos\Software\Microsoft\Windows\CurrentVersion\Run\\java ska => value deleted successfully.
C:\Users\LOSWOC~1\AppData\Local\Temp\java ska.vbs => Moved successfully.
C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs => Moved successfully.
"C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java ska.vbs" => File/Directory not found.

==== End of Fixlog ====
         

Alt 20.06.2014, 17:32   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



OK, gut gemacht. Und jetzt noch FRST im Normalmodus bitte...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.06.2014, 17:42   #15
max89
 
Antivir durch Gruppenrichtlinie blockiert - Standard

Antivir durch Gruppenrichtlinie blockiert



Achja sorry,

Hier ist das FRST aus dem Normalmodus:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2014
Ran by loswochos (administrator) on LOSWOCHOS-PC on 20-06-2014 18:41:04
Running from C:\Users\loswochos\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2942367688-666253811-2896108010-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-31] ()
Startup: C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\loswochos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exelsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48D946F0E691CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{19902E11-779E-4975-ACCA-397C9EC695E6}: [NameServer]141.30.207.2

FireFox:
========
FF ProfilePath: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Xchange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\loswochos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Forecastfox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF Extension: Flashblock - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-25]
FF Extension: DownloadHelper - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-06]
FF Extension: SearchPreview - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-22]
FF Extension: Ghostery - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]
FF Extension: Quick Note - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack.xpi [2012-08-14]
FF Extension: ScrollyFox - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scrollyfox@shawfiresolutions.com.au.xpi [2013-04-21]
FF Extension: Scroll to Top/Bottom - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2012-08-12]
FF Extension: Status-4-Evar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\status4evar@caligonstudios.com.xpi [2014-06-19]
FF Extension: Scientific Calculator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\ststusscicalc@sunny.xpi [2012-07-18]
FF Extension: TinyURL Generator - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-01-13]
FF Extension: Trafficanzeige - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\traffic@anzeige3.xpi [2013-01-21]
FF Extension: YouTube to MP3 - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\youtube2mp3@mondayx.de.xpi [2011-06-30]
FF Extension: Stop Autoplay - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}.xpi [2014-05-22]
FF Extension: AniWeather - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2011-05-02]
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2012-07-23]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2011-05-02]
FF Extension: Adblock Plus - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-24]
FF Extension: Download Statusbar - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-04-24]
FF Extension: DownThemAll! - C:\Users\loswochos\AppData\Roaming\Mozilla\Firefox\Profiles\kdwuqsmi.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-14]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-07-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2014-05-13] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-07-13] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2014-05-13] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB)
S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-20 18:40 - 2014-06-20 18:40 - 00000000 ____D () C:\Users\loswochos\Desktop\FRST-OlderVersion
2014-06-20 17:56 - 2014-06-20 17:56 - 00000022 _____ () C:\Windows\S.dirmngr
2014-06-20 09:09 - 2014-06-20 09:09 - 00506208 _____ () C:\Windows\Minidump\062014-17721-01.dmp
2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt
2014-06-19 15:47 - 2014-06-19 16:09 - 00000000 ____D () C:\ComboFix
2014-06-19 15:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-19 15:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-19 15:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-19 15:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-19 15:45 - 2014-06-19 16:09 - 00000000 ____D () C:\Qoobox
2014-06-19 15:44 - 2014-06-19 16:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe
2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe
2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt
2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt
2014-06-19 14:40 - 2014-06-19 14:42 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt
2014-06-19 14:39 - 2014-06-20 18:41 - 00022184 _____ () C:\Users\loswochos\Desktop\FRST.txt
2014-06-19 14:39 - 2014-06-20 18:41 - 00000000 ____D () C:\FRST
2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log
2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 14:33 - 2014-06-20 18:40 - 02083328 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe
2014-06-19 14:33 - 2014-06-19 15:37 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe
2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 09:17 - 2014-06-20 17:57 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-17 20:51 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-17 20:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-17 20:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-17 20:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-17 20:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-17 20:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-17 20:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-17 20:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-17 20:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-17 20:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-17 20:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-17 20:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-17 20:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-17 20:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-17 20:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-17 20:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-17 20:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-17 20:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-17 20:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-17 20:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-17 20:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-17 20:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-17 20:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-17 20:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-17 20:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-17 20:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-17 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-17 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-17 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-17 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-17 20:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-17 20:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-17 20:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-17 20:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-17 20:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-17 20:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-17 20:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-17 20:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-17 20:10 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-17 20:10 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-17 20:10 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-17 20:10 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-17 20:10 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-17 20:10 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-17 20:10 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-17 20:10 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-17 20:10 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-17 20:10 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-17 20:10 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-17 20:10 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-17 20:10 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-17 20:10 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-17 20:10 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-17 20:10 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-17 20:10 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-17 20:10 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-17 20:10 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-17 20:10 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-17 20:10 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-17 20:10 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-17 20:10 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-17 20:10 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-17 20:10 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-17 20:10 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-17 20:10 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 22:50 - 2014-06-20 18:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 22:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 22:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-10 22:49 - 2014-06-10 22:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:44 - 2014-06-19 22:40 - 00003478 _____ () C:\Windows\PFRO.log
2014-06-10 22:42 - 2014-06-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 22:40 - 2014-06-10 22:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe
2014-06-10 13:48 - 2014-06-20 17:56 - 00001747 _____ () C:\Windows\setupact.log
2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:28 - 2014-06-20 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 12:50 - 2014-06-09 12:56 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-07 20:07 - 2014-06-07 20:09 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 20:07 - 2014-06-07 20:09 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 20:06 - 2014-06-07 20:07 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 20:05 - 2014-06-07 20:07 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 18:02 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 18:01 - 2014-06-07 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 13:33 - 2014-06-19 22:39 - 00000000 ____D () C:\AdwCleaner
2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 15:04 - 2014-06-06 18:10 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk

==================== One Month Modified Files and Folders =======

2014-06-20 18:41 - 2014-06-19 14:39 - 00022184 _____ () C:\Users\loswochos\Desktop\FRST.txt
2014-06-20 18:41 - 2014-06-19 14:39 - 00000000 ____D () C:\FRST
2014-06-20 18:40 - 2014-06-20 18:40 - 00000000 ____D () C:\Users\loswochos\Desktop\FRST-OlderVersion
2014-06-20 18:40 - 2014-06-19 14:33 - 02083328 _____ (Farbar) C:\Users\loswochos\Desktop\FRST64.exe
2014-06-20 18:30 - 2012-12-31 13:06 - 00000000 ____D () C:\Users\loswochos\AppData\Local\PMB Files
2014-06-20 18:23 - 2014-06-10 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-20 18:10 - 2014-06-10 22:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 18:06 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-20 18:06 - 2009-07-14 06:45 - 00013568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 18:02 - 2011-04-23 15:43 - 01753849 _____ () C:\Windows\WindowsUpdate.log
2014-06-20 17:59 - 2012-08-30 17:27 - 00000000 ___RD () C:\Users\loswochos\Dropbox
2014-06-20 17:59 - 2012-08-30 17:17 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Dropbox
2014-06-20 17:58 - 2014-05-03 11:37 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\DropboxMaster
2014-06-20 17:57 - 2014-06-18 09:17 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-06-20 17:56 - 2014-06-20 17:56 - 00000022 _____ () C:\Windows\S.dirmngr
2014-06-20 17:56 - 2014-06-10 13:48 - 00001747 _____ () C:\Windows\setupact.log
2014-06-20 17:56 - 2014-05-14 10:42 - 00012726 _____ () C:\aaw7boot.log
2014-06-20 17:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 16:20 - 2011-05-11 21:27 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-20 15:32 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-06-20 15:32 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-06-20 15:32 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 09:09 - 2014-06-20 09:09 - 00506208 _____ () C:\Windows\Minidump\062014-17721-01.dmp
2014-06-20 09:09 - 2011-08-25 13:32 - 00000000 ____D () C:\Windows\Minidump
2014-06-19 22:40 - 2014-06-10 22:44 - 00003478 _____ () C:\Windows\PFRO.log
2014-06-19 22:39 - 2014-05-23 13:33 - 00000000 ____D () C:\AdwCleaner
2014-06-19 16:09 - 2014-06-19 16:09 - 00021776 _____ () C:\ComboFix.txt
2014-06-19 16:09 - 2014-06-19 15:47 - 00000000 ____D () C:\ComboFix
2014-06-19 16:09 - 2014-06-19 15:45 - 00000000 ____D () C:\Qoobox
2014-06-19 16:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-19 16:06 - 2014-06-19 15:44 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 16:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-19 15:43 - 2014-06-19 15:43 - 05207168 ____R (Swearware) C:\Users\loswochos\Desktop\ComboFix.exe
2014-06-19 15:41 - 2014-06-19 15:41 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-19 15:41 - 2014-06-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-06-19 15:40 - 2014-06-19 15:40 - 00848856 _____ (Panda Security ) C:\Users\loswochos\Desktop\USBVaccineSetup.exe
2014-06-19 15:37 - 2014-06-19 14:33 - 00000000 ____D () C:\Users\loswochos\Downloads\trojaner board
2014-06-19 15:05 - 2014-06-19 15:05 - 00001059 _____ () C:\Users\loswochos\Desktop\mbmt.txt
2014-06-19 15:02 - 2014-06-19 15:02 - 00007426 _____ () C:\Users\loswochos\Desktop\Gmer.txt
2014-06-19 14:42 - 2014-06-19 14:40 - 00045731 _____ () C:\Users\loswochos\Desktop\Addition.txt
2014-06-19 14:38 - 2014-06-19 14:38 - 00000480 _____ () C:\Users\loswochos\Desktop\defogger_disable.log
2014-06-19 14:38 - 2014-06-19 14:38 - 00000000 _____ () C:\Users\loswochos\defogger_reenable
2014-06-19 14:38 - 2011-04-23 15:43 - 00000000 ____D () C:\Users\loswochos
2014-06-19 14:33 - 2014-06-19 14:33 - 00380416 _____ () C:\Users\loswochos\Desktop\Gmer-19357.exe
2014-06-19 14:33 - 2014-06-19 14:33 - 00050477 _____ () C:\Users\loswochos\Desktop\Defogger.exe
2014-06-19 13:47 - 2012-11-10 13:58 - 00000000 ____D () C:\Users\loswochos\Downloads\Tor Browser
2014-06-19 13:45 - 2014-06-19 13:45 - 27437354 _____ () C:\Users\loswochos\Downloads\torbrowser-install-3.6.2_de.exe
2014-06-19 10:02 - 2012-05-14 16:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 19:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-18 18:14 - 2014-06-18 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 09:26 - 2014-06-17 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-18 00:54 - 2013-08-26 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-18 00:51 - 2011-04-23 17:09 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-18 00:50 - 2011-04-23 16:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-18 00:48 - 2014-04-23 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-17 20:05 - 2014-05-16 12:02 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-06-17 20:05 - 2014-05-16 12:02 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-06-11 04:15 - 2011-07-30 12:54 - 00000000 ____D () C:\Windows\64F6748976BB4CDDA236F954BE774B35.TMP
2014-06-10 23:10 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\KeePass
2014-06-10 22:50 - 2014-06-10 22:50 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-10 22:50 - 2014-06-10 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-10 22:50 - 2014-06-10 22:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-10 22:49 - 2014-06-10 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-10 22:48 - 2014-06-10 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\loswochos\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-10 22:40 - 2014-06-10 22:40 - 01333465 _____ () C:\Users\loswochos\Desktop\adwcleaner_3.212.exe
2014-06-10 16:46 - 2011-04-26 13:01 - 00000000 ___RD () C:\Users\loswochos\Desktop\Programme
2014-06-10 13:48 - 2014-06-10 13:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-10 13:43 - 2012-04-21 14:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-10 13:28 - 2014-06-10 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 13:28 - 2012-05-13 20:18 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-10 13:28 - 2011-05-28 11:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-10 13:22 - 2014-06-10 13:22 - 01057176 _____ (Adobe) C:\Users\loswochos\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-06-09 14:54 - 2013-11-08 02:07 - 00000000 ____D () C:\Users\loswochos\AppData\Local\Arma 3
2014-06-09 12:56 - 2014-06-09 12:50 - 00000000 ____D () C:\Users\loswochos\Desktop\dresktop
2014-06-09 00:02 - 2011-06-07 22:41 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\vlc
2014-06-08 11:13 - 2014-06-17 20:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-17 20:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 20:09 - 2014-06-07 20:07 - 21903785 _____ () C:\Users\loswochos\Downloads\The Walking Dead 092.cbz
2014-06-07 20:09 - 2014-06-07 20:07 - 21866326 _____ () C:\Users\loswochos\Downloads\The Walking Dead 091.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 18796468 _____ () C:\Users\loswochos\Downloads\The Walking Dead 086.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 17863030 _____ () C:\Users\loswochos\Downloads\The Walking Dead 080.cbr
2014-06-07 20:07 - 2014-06-07 20:06 - 10376899 _____ () C:\Users\loswochos\Downloads\The Walking Dead 061.cbr
2014-06-07 20:07 - 2014-06-07 20:05 - 17669982 _____ () C:\Users\loswochos\Downloads\The Walking Dead 074.cbr
2014-06-07 18:03 - 2014-06-07 18:03 - 00000000 ____D () C:\Users\loswochos\AppData\Local\calibre-cache
2014-06-07 18:03 - 2014-06-07 18:02 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\calibre
2014-06-07 18:02 - 2014-06-07 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-07 17:56 - 2014-06-07 17:56 - 61444096 _____ () C:\Users\loswochos\Downloads\calibre-64bit-1.39.0.msi
2014-06-06 18:10 - 2014-05-22 15:04 - 00000000 ____D () C:\Users\loswochos\Desktop\Schreiben Jurk
2014-05-30 16:58 - 2011-09-29 18:30 - 00000000 ____D () C:\ProgramData\Origin
2014-05-30 16:57 - 2011-09-29 18:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-30 12:21 - 2014-06-17 20:10 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-17 20:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-17 20:10 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-17 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-17 20:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-17 20:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-17 20:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-17 20:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-17 20:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-17 20:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-17 20:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-17 20:10 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-17 20:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-17 20:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-17 20:10 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-17 20:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-17 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-17 20:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-17 20:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-17 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-17 20:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-17 20:10 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-17 20:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-17 20:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-17 20:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-17 20:10 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-17 20:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-17 20:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-17 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-17 20:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-17 20:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-17 20:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-17 20:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-17 20:10 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-17 20:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-17 20:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-17 20:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-17 20:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-17 20:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-17 20:10 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-17 20:10 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-17 20:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-17 20:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-17 20:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-17 20:10 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-17 20:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-17 20:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-17 20:10 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-17 20:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-17 20:10 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-17 20:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 12:17 - 2012-08-30 17:22 - 00000000 ____D () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\loswochos\Documents\ProcAlyzer Dumps
2014-05-23 16:44 - 2014-01-19 23:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-23 14:27 - 2011-04-24 12:07 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-23 14:27 - 2011-04-23 15:45 - 00001003 _____ () C:\Users\loswochos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-22 23:22 - 2014-05-22 23:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\loswochos\Downloads\Stop Autoplay - CHIP-Downloader.exe
2014-05-22 23:22 - 2014-05-22 23:22 - 00041147 _____ () C:\Users\loswochos\Downloads\stop_autoplay-1.2.1-sm_fx.zip
2014-05-22 21:11 - 2014-05-13 21:20 - 00004894 _____ () C:\Users\loswochos\Documents\NeueDatenbank.kdbx
2014-05-22 13:12 - 2014-01-20 00:07 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 13:12 - 2014-01-20 00:07 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\loswochos\AppData\Local\Temp\avgnt.exe
C:\Users\loswochos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpingoks.dll
C:\Users\loswochos\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 19:00

==================== End Of Log ============================
         
--- --- ---

Antwort

Themen zu Antivir durch Gruppenrichtlinie blockiert
ad-aware, antivirus, association, blockiert, branding, calculator, converter, cpu-z, cubase, desktop, durch gruppenrichtlinie blockiert, dvdvideosoft ltd., entfernen, flash player, gruppenrichtlinie blockiert, helper, homepage, iexplore.exe, launch, newtab, refresh, software, spotify web helper, svchost.exe, system, tracker, vbs/kryptik.af, win32/downloadsponsor.a, win32/packed.vmprotect.aaa, win32/packed.vmprotect.aah, win32/thinknice.a, win32/thinknice.b, win32/toolbar.babylon, win32/toolbar.conduit, win32/toolbar.visicom.a, win32/winloadsda.d, win64/thinknice.a




Ähnliche Themen: Antivir durch Gruppenrichtlinie blockiert


  1. AntiVir kann nicht geöffnet werden. (Dieses Programm wurde durch eine Gruppenrichtlinie blockiert..
    Plagegeister aller Art und deren Bekämpfung - 14.06.2015 (22)
  2. Avg durch Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (18)
  3. Avira Antivir wird durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.01.2015 (11)
  4. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 27.11.2014 (11)
  5. AntiVir und Malwarebytes werden durch eine Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 19.11.2014 (11)
  6. Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir
    Log-Analyse und Auswertung - 18.11.2014 (7)
  7. Win 7: Avast Antivir Fehler "dieses Programm wurde durch eine Gruppenrichtlinie blockiert [...]"
    Log-Analyse und Auswertung - 08.10.2014 (8)
  8. Avira Antivir dieses programm wurde durch eine gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.09.2014 (1)
  9. AntiVir: Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 26.08.2014 (11)
  10. AntiVir durch Gruppenrichtlinie blockiert + Downloads werden gestartet
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (24)
  11. Antivir wird durch eine Gruppenrichtlinie blockiert.
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (13)
  12. AntiVir durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 27.06.2014 (10)
  13. Dieses Programm wurde durch eine Gruppenrichtlinie blockiert... Avast und Antivir lassen sich nicht mehr starten!
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (17)
  14. Fehlermeldung AntiVir: Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 04.06.2014 (10)
  15. Antivir wird durch eine Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 01.06.2014 (9)
  16. win 7 32bit, erst wurde antivir durch Gruppenrichtlinie blockiert, nun kein internetexplorer mehr, u.a.
    Log-Analyse und Auswertung - 29.05.2014 (15)
  17. Antivir durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 13.05.2014 (15)

Zum Thema Antivir durch Gruppenrichtlinie blockiert - Hallo, vor etwa 2 Wochen habe ich festgestellt, dass mein Antivir sich nicht mehr starten lässt. Wenn ich versuche die .exe auszuführen kommt immer die Meldung "Avira wurde durch eine - Antivir durch Gruppenrichtlinie blockiert...
Archiv
Du betrachtest: Antivir durch Gruppenrichtlinie blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.