Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


Plagegeister aller Art und deren Bekämpfung: TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 03.07.2014, 16:19   #1
hannover96xd
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Daumen runter

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


Hallo,

ich habe nach Aviras Meinung ein Virus, bzw. Trojaner (oder was es auch immer ist) auf meinem PC! Die Datei wurde in die Quarantäne verschoben, wurde aber schon am 29.6.14 entdeckt, ich hatte bis jetzt nur keine Zeit mich drum zu kümmern!

Es bestehen auch Probleme! Nämlich, wenn ich den PC hochfahre, spricht das BIOS die Tastatur normal an (ich komme auch mit F2 ins BIOS), aber wenn ich dann z.B. "Windows normal starten" mit der Tastatur auswählen will, dann reagiert sie nicht!

Ein anderes Problem, evtl. auch ein anderes Virus ist, dass eine system.exe im Taskmanager aufgeführt wird!
PID 4 und den Port 80 benutzt, weswegen ich auch drauf aufmerksam geworden bin, denn XAMP (PHP, MySQL... Programm, also ein "virtueller Server") braucht auch den Port 80 und meckert deswegen immer!

Sonst gibt es aber keine Probleme die mir aufgefallen sind!


Ich habe auch schoneinmal mit "Farbar Recovery Scan Tool" ein Durchlauf gemacht:

Ich hoffe, dass nun dieser spoiler funktioniert


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-07-2014
Ran by Jona at 2014-07-03 17:02:56
Running from I:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe After Effects CS4 (HKLM\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (HKLM\...\Adobe_5aab5a491a3a52ae624fd639f6aaa95) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Aptana Studio 3 (HKLM\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
DeshakerIF 2.01 (HKLM\...\{C39CDB78-924E-4DEE-94E8-97B77F1A6080}_is1) (Version:  - )
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
ffdshow v1.3.4530 [2014-02-09] (HKLM\...\ffdshow_is1) (Version: 1.3.4530.0 - )
FileZilla Client 3.8.1 (HKLM\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Free YouTube Download version 3.2.33.424 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.33.424 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version:  - Lexmark International, Inc.)
LibreOffice 4.2.2.1 (HKLM\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.214 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.214 - LogMeIn, Inc.) Hidden
MAGIX Content und Soundpools (HKLM\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM\...\MAGIX_{B03055E4-8381-4834-8CD6-602141C8D702}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 (HKLM\...\MX.{CC87429C-BC87-4D90-9D5F-C6D9721A6663}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Premium Sonderedition (HKLM\...\MAGIX_{9ADAE3A4-87DD-4091-B5E0-24F4B6F08F3A}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Premium Sonderedition (Version: 11.0.5.0 - MAGIX AG) Hidden
MediaFire Desktop (HKLM\...\MediaFire Desktop 0.10.36.9353) (Version: 0.10.52.9493 - MediaFire)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{30640168-E261-4261-B8FF-7FA5E0F6A2F1}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft WebMatrix 3 (HKLM\...\{F3A4C164-245F-4548-AE80-BB766E16B637}) (Version: 2.0.1932 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nmap 6.46 (HKLM\...\Nmap) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shark007 Standard Codecs (HKLM\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 2.0.1 - Shark007)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SRWare Iron Version SRWare Iron 34.0.1850.0 (HKLM\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 34.0.1850.0 - SRWare)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 9.0 (HKLM\...\{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}) (Version: 9.0.1147 - Sony)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WampServer 2.5 (HKLM\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Wisdom-soft AutoScreenRecorder 3.1 Free (HKLM\...\Wisdom-soft AutoScreenRecorder 3.1 Free) (Version:  - Wisdom Software Inc.)
XMedia Recode Version 3.1.8.6 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.8.6 - XMedia Recode)

==================== Restore Points  =========================

30-06-2014 13:09:32 Removed Windows Phone Emulator - ENU
30-06-2014 13:10:04 Removed Skype™ 6.16
30-06-2014 13:10:41 Removed Adobe Media Player
30-06-2014 13:14:04 Removed LibreOffice 4.2.2.1
30-06-2014 13:15:42 Microsoft PowerPoint Viewer wird entfernt
30-06-2014 13:16:46 Removed Windows Phone SDK 7.1 Assemblies
01-07-2014 14:31:08 Windows Update
01-07-2014 16:00:22 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E257772-C26E-4575-9FF7-C7FAA8FA7788} - System32\Tasks\{E9CEFB17-FAE6-4E28-962B-25A6D267E625} => C:\Users\Jona\Downloads\x264_r2431\x264-10b-r2431-ac76440.exe
Task: {333504A7-07DA-492D-817D-31BFD0C0CA4D} - System32\Tasks\FF Watcher {F3F1A344-69ED-4689-8031-D686065E4419} => C:\Program Files\V-bates\PrefHelper.exe
Task: {4E95A93D-867E-4687-8A52-47FE0FBC77B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {6D852DBB-4C08-408B-9B40-A9B8B3AE73CB} - System32\Tasks\FF Watcher {C06124DF-5D94-4C79-93A7-767545A5F03F} => C:\Program Files\V-bates\PrefHelper.exe
Task: {7E8E187B-0253-4266-826D-7E1324726C68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {8A5D1D9B-4996-4172-ADCF-FD0D4867516A} - System32\Tasks\FF Watcher {6BC52A8A-733A-4149-9DB0-F70E345BFB75} => C:\Program Files\V-bates\PrefHelper.exe
Task: {E3792A5C-EDB0-4BB6-8DFA-EDF4EE997FC3} - System32\Tasks\FF Watcher {591BDE40-27C6-4EF4-8260-58470B08B36A} => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FF Watcher {591BDE40-27C6-4EF4-8260-58470B08B36A}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FF Watcher {6BC52A8A-733A-4149-9DB0-F70E345BFB75}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FF Watcher {C06124DF-5D94-4C79-93A7-767545A5F03F}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FF Watcher {F3F1A344-69ED-4689-8031-D686065E4419}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-14 19:38 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-01 11:08 - 2014-06-01 11:08 - 00035328 _____ () F:\Programme\filezilla\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () F:\Programme\filezilla\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () F:\Programme\filezilla\FileZilla FTP Client\libstdc++-6.dll
2014-05-06 16:57 - 2014-05-30 01:04 - 00457736 _____ () C:\Users\Jona\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
2014-06-02 20:34 - 2014-06-30 20:10 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-12 20:57 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 20:57 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 20:57 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 20:58 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 20:57 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MediaFire Tray => C:\Users\Jona\AppData\Local\MediaFire Desktop\mf_watch.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Registry Helper => "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: TrayServer => F:\Programme\Magix\Videodeluxe\Programm\TrayServer_de.exe
MSCONFIG\startupreg: V-bates => C:\Program Files\V-bates\notifier.exe

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: Virtual Machine Monitor
Description: Virtual Machine Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: vmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2014 04:45:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 04:43:58 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (07/02/2014 10:30:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2014 06:22:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 06:04:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 05:02:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 04:45:01 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


For more information, see Help and Support Center at hxxp://www.mysql.com.

Error: (07/01/2014 04:45:01 PM) (Source: MySQL) (EventID: 100) (User: )
Description: wampmysqld: unknown option '--skip-locking'

For more information, see Help and Support Center at hxxp://www.mysql.com.

Error: (07/01/2014 04:26:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 09:55:18 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


For more information, see Help and Support Center at hxxp://www.mysql.com.


System errors:
=============
Error: (07/03/2014 04:44:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/03/2014 04:43:34 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/02/2014 10:29:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/02/2014 10:28:17 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/02/2014 06:21:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/02/2014 06:20:46 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/01/2014 06:03:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/01/2014 06:02:09 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/01/2014 05:01:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/01/2014 05:00:48 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.


Microsoft Office Sessions:
=========================
Error: (07/03/2014 04:45:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 04:43:58 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (07/02/2014 10:30:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2014 06:22:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 06:04:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 05:02:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 04:45:01 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting

Error: (07/01/2014 04:45:01 PM) (Source: MySQL) (EventID: 100) (User: )
Description: wampmysqld: unknown option '--skip-locking'

Error: (07/01/2014 04:26:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 09:55:18 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3327.3 MB
Available physical RAM: 2085.4 MB
Total Pagefile: 5372.59 MB
Available Pagefile: 3727.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.63 GB) (Free:2.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DatenGrab) (Fixed) (Total:117.24 GB) (Free:103.88 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:92.88 GB) (Free:63.41 GB) NTFS
Drive i: (Downloads) (Fixed) (Total:9.76 GB) (Free:6.63 GB) NTFS
Drive u: (PHP) (Fixed) (Total:13 GB) (Free:12.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 77 GB) (Disk ID: 2E2E2E2E)
Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: F9335D9E)
Partition 1: (Active) - (Size=117 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=93 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=OF Extended)

==================== End Of Log ============================
--- --- ---


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014
Ran by Jona (administrator) on JONAPC on 03-07-2014 17:22:41
Running from I:\
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
( ) C:\Windows\System32\lxdacoms.exe
() C:\Users\Jona\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [BCSSync] => F:\Programme\Microsoft Office Pack\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-17610030-839998563-2177145587-1000\...\Run: [MediaFire Tray] => [X]
ShellIconOverlayIdentifiers: 1MediaFireIconError -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files\MediaFire Desktop\MediaFireIcon3_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 1MediaFireIconSynched -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files\MediaFire Desktop\MediaFireIcon_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 1MediaFireIconSyncing -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files\MediaFire Desktop\MediaFireIcon2_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: MediaFireIconLock -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files\MediaFire Desktop\MediaFireIcon4_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: MediaFireIconReadOnly -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files\MediaFire Desktop\MediaFireIcon5_edc86.dll (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MF544B194-ECFB-4DFD-A2B0-5AE82508B40F&SearchSource=55&CUI=&UM=5&UP=SPDEAE4214-E735-455A-9CAF-73CA57767414&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE5154D72AA3FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office Pack\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\ut86ydbj.default
FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MF544B194-ECFB-4DFD-A2B0-5AE82508B40F&SearchSource=55&CUI=&UM=5&UP=SPDEAE4214-E735-455A-9CAF-73CA57767414&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.4.0 - C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\ut86ydbj.default\user.js
FF SearchPlugin: C:\Users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\ut86ydbj.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MF544B194-ECFB-4DFD-A2B0-5AE82508B40F&SearchSource=55&CUI=&UM=5&UP=SPDEAE4214-E735-455A-9CAF-73CA57767414&SSPV=
CHR StartupUrls: "hxxp://multicultipage.bplaced.net/"
CHR Extension: (Google Translate) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-05-27]
CHR Extension: (Google Docs) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Web Developer) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-05-16]
CHR Extension: (YouTube) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Telegram UNOFFICIAL) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2014-03-20]
CHR Extension: (Google-Suche) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (Button Generator) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\njphjoojdldjpogfhbncccnkldebgbnd [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]

Wenn ihr noch irgendwelche Infos braucht meldet euch!



Vielen Dank für eure tolle Hilfe!!!!!
Geändert von hannover96xd (03.07.2014 um 16:24 Uhr)

Alt 03.07.2014, 16:28   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe




Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Bitte FRST-Log vollständig posten!
__________________

__________________
Alt 03.07.2014, 16:31   #3
hannover96xd
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


Zitat:
Zitat von deeprybka Beitrag anzeigen
Bitte FRST-Log vollständig posten!
Danke für deine Hilfe!

Aber was fehlt denn da? Beide Dateien sind das, mehr hat er nicht ausgespuckt!
__________________
Alt 03.07.2014, 16:34   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


Naja, es wäre in der Tat seltsam wenn beim Chrome im Log schon Ende wäre...

Dienste, Treiber, modifizierte und erstellte Dateien sind auch wichtig...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.07.2014, 16:39   #5
hannover96xd
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


Zitat:
Zitat von deeprybka Beitrag anzeigen
Naja, es wäre in der Tat seltsam wenn beim Chrome im Log schon Ende wäre...

Dienste, Treiber, modifizierte und erstellte Dateien sind auch wichtig...

Nochmal, das ist alles!


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014
Ran by Jona (administrator) on JONAPC on 03-07-2014 17:22:41
Running from I:\
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
( ) C:\Windows\System32\lxdacoms.exe
() C:\Users\Jona\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [BCSSync] => F:\Programme\Microsoft Office Pack\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-17610030-839998563-2177145587-1000\...\Run: [MediaFire Tray] => [X]
ShellIconOverlayIdentifiers: 1MediaFireIconError -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files\MediaFire Desktop\MediaFireIcon3_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 1MediaFireIconSynched -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files\MediaFire Desktop\MediaFireIcon_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 1MediaFireIconSyncing -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files\MediaFire Desktop\MediaFireIcon2_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: MediaFireIconLock -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files\MediaFire Desktop\MediaFireIcon4_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: MediaFireIconReadOnly -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files\MediaFire Desktop\MediaFireIcon5_edc86.dll (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MF544B194-ECFB-4DFD-A2B0-5AE82508B40F&SearchSource=55&CUI=&UM=5&UP=SPDEAE4214-E735-455A-9CAF-73CA57767414&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE5154D72AA3FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office Pack\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\ut86ydbj.default
FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MF544B194-ECFB-4DFD-A2B0-5AE82508B40F&SearchSource=55&CUI=&UM=5&UP=SPDEAE4214-E735-455A-9CAF-73CA57767414&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.4.0 - C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\ut86ydbj.default\user.js
FF SearchPlugin: C:\Users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\ut86ydbj.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MF544B194-ECFB-4DFD-A2B0-5AE82508B40F&SearchSource=55&CUI=&UM=5&UP=SPDEAE4214-E735-455A-9CAF-73CA57767414&SSPV=
CHR StartupUrls: "hxxp://multicultipage.bplaced.net/"
CHR Extension: (Google Translate) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-05-27]
CHR Extension: (Google Docs) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Web Developer) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-05-16]
CHR Extension: (YouTube) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Telegram UNOFFICIAL) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2014-03-20]
CHR Extension: (Google-Suche) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (Button Generator) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\njphjoojdldjpogfhbncccnkldebgbnd [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S4 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1889616 2014-06-23] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-04-15] (LogMeIn, Inc.)
R2 lxda_device; C:\Windows\system32\lxdacoms.exe [537520 2007-04-26] ( )
R2 MF NTFS Monitor; C:\Users\Jona\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [457736 2014-05-30] ()
S3 Microsoft SharePoint Workspace Audit Service; F:\Programme\Microsoft Office Pack\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19701080 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-30] ()
S3 wampmysqld; U:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x86.sys [19160 2013-12-06] (Windows (R) Win 7 DDK provider)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19400 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S1 vmm; \??\C:\Windows\system32\Drivers\vmm.sys [X]
U3 wampapache; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-03 17:13 - 2014-07-03 17:16 - 00036818 _____ () C:\Users\Jona\Desktop\FRST.txt
2014-07-03 17:12 - 2014-07-03 16:52 - 01073664 _____ (Farbar) C:\Users\Jona\Desktop\FRST.exe
2014-07-03 17:00 - 2014-07-03 17:22 - 00000000 ___DC () C:\FRST
2014-07-02 22:33 - 2014-07-02 22:33 - 00000000 ____D () C:\Users\Jona\AppData\Local\Macromedia
2014-07-02 22:25 - 2014-07-02 22:25 - 00045366 _____ () C:\Users\Jona\AppData\Local\recently-used.xbel
2014-06-30 21:51 - 2014-06-30 21:51 - 00000532 _____ () C:\Users\Jona\Desktop\WampServer.lnk
2014-06-30 21:51 - 2014-06-30 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
2014-06-30 21:32 - 2014-06-30 21:32 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ___RD () C:\Program Files\Skype
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-30 20:04 - 2014-06-30 20:04 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-06-30 19:29 - 2014-06-30 19:30 - 00000000 ____D () C:\Users\Jona\.zenmap
2014-06-30 19:28 - 2014-06-30 19:28 - 00000649 _____ () C:\Users\Jona\Desktop\Nmap - Zenmap GUI.lnk
2014-06-30 19:28 - 2014-06-30 19:28 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-06-30 19:28 - 2014-06-30 19:28 - 00000000 ____D () C:\Program Files\WinPcap
2014-06-30 18:49 - 2014-06-30 18:51 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PHPTriad
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\winnt
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\phptriad
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\apache
2014-06-30 18:20 - 2014-06-30 18:20 - 00000834 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-06-30 18:20 - 2014-06-30 18:20 - 00000834 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-06-28 20:32 - 2014-06-28 20:32 - 00000684 _____ () C:\Users\Administrator.JONAPC\Desktop\Aptana Studio 3.lnk
2014-06-28 19:32 - 2014-06-28 19:32 - 00000824 _____ () C:\Users\Jona\Desktop\Microsoft Expression Web 4.lnk
2014-06-28 19:15 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-06-28 19:14 - 2014-06-28 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2014-06-28 19:14 - 2014-06-28 19:14 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-06-27 20:26 - 2014-06-27 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-27 20:26 - 2009-03-18 18:35 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-06-27 20:25 - 2014-06-27 20:26 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-06-17 15:35 - 2014-06-17 15:35 - 00000104 _____ () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Standardprogramme - Verknüpfung.lnk
2014-06-17 15:35 - 2014-06-17 15:35 - 00000000 ___RD () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geräte und Drucker - Verknüpfung
2014-06-17 15:33 - 2006-05-11 06:14 - 00073728 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdapwr.dll
2014-06-17 15:33 - 2006-04-17 19:48 - 00200704 _____ (Lexmark International, Inc.) C:\Windows\system32\lexlmpm.dll
2014-06-17 15:33 - 2006-04-17 19:42 - 00311296 _____ (Lexmark International, Inc.) C:\Windows\system32\LEXBCES.EXE
2014-06-17 15:33 - 2006-04-17 19:42 - 00198144 _____ (Lexmark International, Inc.) C:\Windows\system32\LEX2KUSB.DLL
2014-06-17 15:33 - 2006-04-17 19:41 - 00201216 _____ (Lexmark International, Inc.) C:\Windows\system32\LEXP2P32.DLL
2014-06-17 15:33 - 2006-04-17 19:41 - 00174592 _____ (Lexmark International, Inc.) C:\Windows\system32\LEXPPS.EXE
2014-06-17 15:33 - 2006-04-17 19:41 - 00147456 _____ (Lexmark International, Inc.) C:\Windows\system32\LEXBCE.DLL
2014-06-14 20:40 - 2014-06-14 20:40 - 00003584 _____ () C:\Users\Jona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-14 16:24 - 2014-06-14 16:25 - 00000000 ____D () C:\Users\Jona\AppData\Local\Adobe
2014-06-12 16:27 - 2014-06-15 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-12 16:27 - 2014-06-12 16:27 - 00000927 _____ () C:\Users\Jona\Desktop\FileZilla.lnk
2014-06-12 08:45 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 08:45 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 08:45 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 08:45 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 08:44 - 2014-05-24 03:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 08:44 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 08:44 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 08:44 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 08:44 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 08:44 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 08:44 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 08:44 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 08:44 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 08:44 - 2014-05-24 02:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-12 08:40 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 08:40 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 08:40 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 08:40 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 08:40 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 21:22 - 2014-06-10 21:22 - 00000000 ____D () C:\Program Files\MSECache
2014-06-07 22:50 - 2014-06-07 22:50 - 00000000 _____ () C:\Users\Jona\AppData\Local\{6FAECDCC-2329-4941-BF48-2AE68C725B08}
2014-06-06 21:53 - 2014-06-06 21:53 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-06 20:42 - 2014-06-06 21:25 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\tor
2014-06-06 15:02 - 2014-06-06 15:25 - 00000000 ____D () C:\Users\Jona\Documents\FIFA World
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-06-05 21:23 - 2014-06-05 21:23 - 00000000 ____D () C:\Users\Jona\Documents\Fächer Sicherheitskopie
2014-06-05 19:55 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-05 19:55 - 2014-06-05 19:55 - 00003095 _____ () C:\Users\Jona\Desktop\Microsoft PowerPoint 2010.lnk
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-06-05 19:51 - 2014-06-05 19:51 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-05 19:50 - 2014-06-12 17:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-05 19:50 - 2014-06-07 18:42 - 00000000 ____D () C:\Users\Jona\AppData\Local\Microsoft Help
2014-06-04 20:27 - 2014-07-01 16:32 - 00000000 ____D () C:\Users\Jona\AppData\Local\LogMeIn Hamachi
2014-06-04 20:27 - 2014-06-04 20:27 - 00000000 ____D () C:\Users\Jona\AppData\Local\LogMeIn
2014-06-04 20:27 - 2014-06-04 20:27 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-03 21:55 - 2014-06-03 21:55 - 04996210 _____ (Tim Kosse) C:\Users\Jona\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-06-03 16:38 - 2014-06-30 20:10 - 00297088 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-06-03 16:38 - 2014-06-03 16:38 - 00000000 ____D () C:\Users\Jona\Documents\Battlefield 3
2014-06-03 16:38 - 2014-06-03 16:38 - 00000000 ____D () C:\Users\Jona\AppData\Local\PunkBuster

==================== One Month Modified Files and Folders =======

2014-07-03 17:42 - 2014-05-19 13:57 - 00000000 ____D () C:\Users\Administrator.JONAPC
2014-07-03 17:42 - 2014-04-24 18:33 - 00000000 ____D () C:\Users\Jona\AppData\Local\gtk-2.0
2014-07-03 17:42 - 2014-03-21 16:44 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-03 17:42 - 2014-03-14 19:22 - 00000000 ____D () C:\Users\Jona
2014-07-03 17:42 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-03 17:42 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-07-03 17:22 - 2014-07-03 17:00 - 00000000 ___DC () C:\FRST
2014-07-03 17:17 - 2014-05-18 21:47 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {F3F1A344-69ED-4689-8031-D686065E4419}.job
2014-07-03 17:16 - 2014-07-03 17:13 - 00036818 _____ () C:\Users\Jona\Desktop\FRST.txt
2014-07-03 17:11 - 2014-04-29 18:11 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {C06124DF-5D94-4C79-93A7-767545A5F03F}.job
2014-07-03 16:56 - 2014-04-30 17:26 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {6BC52A8A-733A-4149-9DB0-F70E345BFB75}.job
2014-07-03 16:55 - 2014-04-30 17:25 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {591BDE40-27C6-4EF4-8260-58470B08B36A}.job
2014-07-03 16:52 - 2014-07-03 17:12 - 01073664 _____ (Farbar) C:\Users\Jona\Desktop\FRST.exe
2014-07-03 16:51 - 2014-03-20 20:24 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 16:51 - 2009-07-14 06:34 - 00020304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 16:51 - 2009-07-14 06:34 - 00020304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 16:49 - 2014-03-14 19:54 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-03 16:48 - 2014-03-14 19:11 - 01360208 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 16:44 - 2009-07-14 06:39 - 00059870 _____ () C:\Windows\setupact.log
2014-07-03 16:43 - 2014-03-20 20:24 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 16:43 - 2014-03-14 19:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-03 16:43 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 22:33 - 2014-07-02 22:33 - 00000000 ____D () C:\Users\Jona\AppData\Local\Macromedia
2014-07-02 22:25 - 2014-07-02 22:25 - 00045366 _____ () C:\Users\Jona\AppData\Local\recently-used.xbel
2014-07-02 22:25 - 2014-04-19 14:52 - 00000000 ____D () C:\Users\Jona\.gimp-2.8
2014-07-01 17:59 - 2014-03-20 20:39 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Skype
2014-07-01 16:32 - 2014-06-04 20:27 - 00000000 ____D () C:\Users\Jona\AppData\Local\LogMeIn Hamachi
2014-06-30 21:51 - 2014-06-30 21:51 - 00000532 _____ () C:\Users\Jona\Desktop\WampServer.lnk
2014-06-30 21:51 - 2014-06-30 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
2014-06-30 21:32 - 2014-06-30 21:32 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ___RD () C:\Program Files\Skype
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-30 21:32 - 2014-03-20 20:39 - 00000000 ____D () C:\ProgramData\Skype
2014-06-30 21:00 - 2014-04-19 14:45 - 00000000 ____D () C:\ProgramData\Origin
2014-06-30 20:10 - 2014-06-03 16:38 - 00297088 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-06-30 20:10 - 2014-06-02 20:35 - 00140520 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-06-30 20:10 - 2014-06-02 20:34 - 00297088 _____ () C:\Windows\system32\PnkBstrB.exe
2014-06-30 20:10 - 2014-06-02 20:34 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-30 20:05 - 2014-06-02 20:34 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-06-30 20:04 - 2014-06-30 20:04 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-06-30 19:30 - 2014-06-30 19:29 - 00000000 ____D () C:\Users\Jona\.zenmap
2014-06-30 19:28 - 2014-06-30 19:28 - 00000649 _____ () C:\Users\Jona\Desktop\Nmap - Zenmap GUI.lnk
2014-06-30 19:28 - 2014-06-30 19:28 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-06-30 19:28 - 2014-06-30 19:28 - 00000000 ____D () C:\Program Files\WinPcap
2014-06-30 18:51 - 2014-06-30 18:49 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PHPTriad
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\winnt
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\phptriad
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\apache
2014-06-30 18:38 - 2014-05-20 15:26 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\FileZilla
2014-06-30 18:20 - 2014-06-30 18:20 - 00000834 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-06-30 18:20 - 2014-06-30 18:20 - 00000834 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-06-30 17:56 - 2014-03-20 20:22 - 00163576 _____ () C:\Users\Jona\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 17:19 - 2009-07-14 06:33 - 02470208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-30 17:18 - 2010-11-20 23:48 - 00274312 _____ () C:\Windows\PFRO.log
2014-06-30 15:17 - 2014-05-20 19:01 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2014-06-30 15:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-30 15:12 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-30 15:08 - 2014-03-21 21:23 - 00000000 ____D () C:\Fraps
2014-06-30 14:58 - 2014-03-21 20:21 - 00000000 ____D () C:\Program Files\Steam
2014-06-30 13:56 - 2014-03-21 15:37 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-06-28 20:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-28 20:32 - 2014-06-28 20:32 - 00000684 _____ () C:\Users\Administrator.JONAPC\Desktop\Aptana Studio 3.lnk
2014-06-28 20:32 - 2014-05-18 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aptana
2014-06-28 19:32 - 2014-06-28 19:32 - 00000824 _____ () C:\Users\Jona\Desktop\Microsoft Expression Web 4.lnk
2014-06-28 19:14 - 2014-06-28 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2014-06-28 19:14 - 2014-06-28 19:14 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-06-28 11:56 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 20:26 - 2014-06-27 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-27 20:26 - 2014-06-27 20:25 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-06-17 21:02 - 2014-05-23 13:10 - 00000000 ____D () C:\Users\Jona\.freemind
2014-06-17 15:35 - 2014-06-17 15:35 - 00000104 _____ () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Standardprogramme - Verknüpfung.lnk
2014-06-17 15:35 - 2014-06-17 15:35 - 00000000 ___RD () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geräte und Drucker - Verknüpfung
2014-06-16 14:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-15 18:19 - 2014-06-12 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-14 20:40 - 2014-06-14 20:40 - 00003584 _____ () C:\Users\Jona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-14 16:25 - 2014-06-14 16:24 - 00000000 ____D () C:\Users\Jona\AppData\Local\Adobe
2014-06-14 13:00 - 2014-04-19 15:52 - 00000000 ____D () C:\Users\Jona\Documents\FIFA 13
2014-06-13 15:15 - 2014-03-21 17:02 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Sony
2014-06-12 20:58 - 2014-03-20 20:26 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 19:22 - 2014-05-06 17:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 17:43 - 2014-06-05 19:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 17:42 - 2014-03-25 21:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 17:39 - 2014-03-25 21:37 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 16:27 - 2014-06-12 16:27 - 00000927 _____ () C:\Users\Jona\Desktop\FileZilla.lnk
2014-06-12 16:26 - 2014-03-22 11:48 - 00000000 ____D () C:\Program Files\Sony
2014-06-10 21:22 - 2014-06-10 21:22 - 00000000 ____D () C:\Program Files\MSECache
2014-06-08 11:37 - 2014-05-06 17:03 - 00000000 ___HD () C:\Users\Jona\.mediafire
2014-06-08 10:48 - 2014-06-12 08:40 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 08:40 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-08 10:35 - 2014-03-14 19:26 - 00007592 _____ () C:\Users\Jona\AppData\Local\Resmon.ResmonCfg
2014-06-07 22:50 - 2014-06-07 22:50 - 00000000 _____ () C:\Users\Jona\AppData\Local\{6FAECDCC-2329-4941-BF48-2AE68C725B08}
2014-06-07 18:42 - 2014-06-05 19:50 - 00000000 ____D () C:\Users\Jona\AppData\Local\Microsoft Help
2014-06-07 18:13 - 2014-03-23 17:50 - 00000237 _____ () C:\Windows\LEXSTAT.INI
2014-06-06 21:53 - 2014-06-06 21:53 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-06 21:25 - 2014-06-06 20:42 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\tor
2014-06-06 20:36 - 2014-04-19 15:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-06 20:36 - 2014-04-19 15:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-06 15:25 - 2014-06-06 15:02 - 00000000 ____D () C:\Users\Jona\Documents\FIFA World
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-06-05 21:23 - 2014-06-05 21:23 - 00000000 ____D () C:\Users\Jona\Documents\Fächer Sicherheitskopie
2014-06-05 19:58 - 2014-06-05 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-05 19:55 - 2014-06-05 19:55 - 00003095 _____ () C:\Users\Jona\Desktop\Microsoft PowerPoint 2010.lnk
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-06-05 19:54 - 2014-03-20 23:05 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-06-05 19:51 - 2014-06-05 19:51 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-05 19:51 - 2011-04-12 03:39 - 00000000 ____D () C:\Windows\ShellNew
2014-06-04 20:27 - 2014-06-04 20:27 - 00000000 ____D () C:\Users\Jona\AppData\Local\LogMeIn
2014-06-04 20:27 - 2014-06-04 20:27 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-03 21:55 - 2014-06-03 21:55 - 04996210 _____ (Tim Kosse) C:\Users\Jona\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-06-03 16:38 - 2014-06-03 16:38 - 00000000 ____D () C:\Users\Jona\Documents\Battlefield 3
2014-06-03 16:38 - 2014-06-03 16:38 - 00000000 ____D () C:\Users\Jona\AppData\Local\PunkBuster

Some content of TEMP:
====================
C:\Users\Administrator.JONAPC\AppData\Local\Temp\avgnt.exe
C:\Users\Jona\AppData\Local\Temp\avgnt.exe
C:\Users\Jona\AppData\Local\Temp\uninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-10 09:55

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-07-2014
Ran by Jona at 2014-07-03 17:02:56
Running from I:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe After Effects CS4 (HKLM\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (HKLM\...\Adobe_5aab5a491a3a52ae624fd639f6aaa95) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Aptana Studio 3 (HKLM\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
DeshakerIF 2.01 (HKLM\...\{C39CDB78-924E-4DEE-94E8-97B77F1A6080}_is1) (Version:  - )
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
ffdshow v1.3.4530 [2014-02-09] (HKLM\...\ffdshow_is1) (Version: 1.3.4530.0 - )
FileZilla Client 3.8.1 (HKLM\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Free YouTube Download version 3.2.33.424 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.33.424 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version:  - Lexmark International, Inc.)
LibreOffice 4.2.2.1 (HKLM\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.214 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.214 - LogMeIn, Inc.) Hidden
MAGIX Content und Soundpools (HKLM\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM\...\MAGIX_{B03055E4-8381-4834-8CD6-602141C8D702}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 (HKLM\...\MX.{CC87429C-BC87-4D90-9D5F-C6D9721A6663}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Premium Sonderedition (HKLM\...\MAGIX_{9ADAE3A4-87DD-4091-B5E0-24F4B6F08F3A}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Premium Sonderedition (Version: 11.0.5.0 - MAGIX AG) Hidden
MediaFire Desktop (HKLM\...\MediaFire Desktop 0.10.36.9353) (Version: 0.10.52.9493 - MediaFire)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{30640168-E261-4261-B8FF-7FA5E0F6A2F1}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft WebMatrix 3 (HKLM\...\{F3A4C164-245F-4548-AE80-BB766E16B637}) (Version: 2.0.1932 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nmap 6.46 (HKLM\...\Nmap) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shark007 Standard Codecs (HKLM\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 2.0.1 - Shark007)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SRWare Iron Version SRWare Iron 34.0.1850.0 (HKLM\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 34.0.1850.0 - SRWare)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 9.0 (HKLM\...\{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}) (Version: 9.0.1147 - Sony)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WampServer 2.5 (HKLM\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Wisdom-soft AutoScreenRecorder 3.1 Free (HKLM\...\Wisdom-soft AutoScreenRecorder 3.1 Free) (Version:  - Wisdom Software Inc.)
XMedia Recode Version 3.1.8.6 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.8.6 - XMedia Recode)

==================== Restore Points  =========================

30-06-2014 13:09:32 Removed Windows Phone Emulator - ENU
30-06-2014 13:10:04 Removed Skype™ 6.16
30-06-2014 13:10:41 Removed Adobe Media Player
30-06-2014 13:14:04 Removed LibreOffice 4.2.2.1
30-06-2014 13:15:42 Microsoft PowerPoint Viewer wird entfernt
30-06-2014 13:16:46 Removed Windows Phone SDK 7.1 Assemblies
01-07-2014 14:31:08 Windows Update
01-07-2014 16:00:22 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E257772-C26E-4575-9FF7-C7FAA8FA7788} - System32\Tasks\{E9CEFB17-FAE6-4E28-962B-25A6D267E625} => C:\Users\Jona\Downloads\x264_r2431\x264-10b-r2431-ac76440.exe
Task: {333504A7-07DA-492D-817D-31BFD0C0CA4D} - System32\Tasks\FF Watcher {F3F1A344-69ED-4689-8031-D686065E4419} => C:\Program Files\V-bates\PrefHelper.exe
Task: {4E95A93D-867E-4687-8A52-47FE0FBC77B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {6D852DBB-4C08-408B-9B40-A9B8B3AE73CB} - System32\Tasks\FF Watcher {C06124DF-5D94-4C79-93A7-767545A5F03F} => C:\Program Files\V-bates\PrefHelper.exe
Task: {7E8E187B-0253-4266-826D-7E1324726C68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {8A5D1D9B-4996-4172-ADCF-FD0D4867516A} - System32\Tasks\FF Watcher {6BC52A8A-733A-4149-9DB0-F70E345BFB75} => C:\Program Files\V-bates\PrefHelper.exe
Task: {E3792A5C-EDB0-4BB6-8DFA-EDF4EE997FC3} - System32\Tasks\FF Watcher {591BDE40-27C6-4EF4-8260-58470B08B36A} => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FF Watcher {591BDE40-27C6-4EF4-8260-58470B08B36A}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FF Watcher {6BC52A8A-733A-4149-9DB0-F70E345BFB75}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FF Watcher {C06124DF-5D94-4C79-93A7-767545A5F03F}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\FF Watcher {F3F1A344-69ED-4689-8031-D686065E4419}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-14 19:38 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-01 11:08 - 2014-06-01 11:08 - 00035328 _____ () F:\Programme\filezilla\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () F:\Programme\filezilla\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () F:\Programme\filezilla\FileZilla FTP Client\libstdc++-6.dll
2014-05-06 16:57 - 2014-05-30 01:04 - 00457736 _____ () C:\Users\Jona\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
2014-06-02 20:34 - 2014-06-30 20:10 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-12 20:57 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 20:57 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 20:57 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 20:58 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 20:57 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MediaFire Tray => C:\Users\Jona\AppData\Local\MediaFire Desktop\mf_watch.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Registry Helper => "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: TrayServer => F:\Programme\Magix\Videodeluxe\Programm\TrayServer_de.exe
MSCONFIG\startupreg: V-bates => C:\Program Files\V-bates\notifier.exe

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: Virtual Machine Monitor
Description: Virtual Machine Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: vmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2014 04:45:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 04:43:58 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (07/02/2014 10:30:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2014 06:22:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 06:04:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 05:02:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 04:45:01 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


For more information, see Help and Support Center at hxxp://www.mysql.com.

Error: (07/01/2014 04:45:01 PM) (Source: MySQL) (EventID: 100) (User: )
Description: wampmysqld: unknown option '--skip-locking'

For more information, see Help and Support Center at hxxp://www.mysql.com.

Error: (07/01/2014 04:26:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 09:55:18 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


For more information, see Help and Support Center at hxxp://www.mysql.com.


System errors:
=============
Error: (07/03/2014 04:44:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/03/2014 04:43:34 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/02/2014 10:29:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/02/2014 10:28:17 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/02/2014 06:21:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/02/2014 06:20:46 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/01/2014 06:03:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/01/2014 06:02:09 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/01/2014 05:01:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/01/2014 05:00:48 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.


Microsoft Office Sessions:
=========================
Error: (07/03/2014 04:45:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 04:43:58 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (07/02/2014 10:30:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2014 06:22:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 06:04:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 05:02:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 04:45:01 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting

Error: (07/01/2014 04:45:01 PM) (Source: MySQL) (EventID: 100) (User: )
Description: wampmysqld: unknown option '--skip-locking'

Error: (07/01/2014 04:26:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 09:55:18 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3327.3 MB
Available physical RAM: 2085.4 MB
Total Pagefile: 5372.59 MB
Available Pagefile: 3727.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.63 GB) (Free:2.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DatenGrab) (Fixed) (Total:117.24 GB) (Free:103.88 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:92.88 GB) (Free:63.41 GB) NTFS
Drive i: (Downloads) (Fixed) (Total:9.76 GB) (Free:6.63 GB) NTFS
Drive u: (PHP) (Fixed) (Total:13 GB) (Free:12.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 77 GB) (Disk ID: 2E2E2E2E)
Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: F9335D9E)
Partition 1: (Active) - (Size=117 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=93 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=OF Extended)

==================== End Of Log ============================
--- --- ---


So, mehr gibt es wirklich nicht!


Alt 03.07.2014, 16:54   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


OK...

Schritt 1

Bitte deinstalliere folgende Programme:

Java 7 Update 51


Versuche es bei Windows 7 über Systemsteuerung/Programme deinstallieren.

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3
Downloade Dir HitmanProauf Deinen Desktop:

32 Bit Version
64 Bit Version
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.
__________________
--> TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe

Alt 03.07.2014, 19:07   #7
hannover96xd
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


Danke, das werde ich morgen machen, habe heute keine Zeit mehr....:

Alt 03.07.2014, 19:14   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


OK...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.07.2014, 20:52   #9
hannover96xd
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


Hier schoneinmal die erste .txt Datei, habe doch noch Zeit

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.214 - Bericht erstellt am 03/07/2014 um 21:40:03
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Jona - JONAPC
# Gestartet von : C:\Users\Jona\Desktop\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Users\Jona\AppData\Roaming\NCH Software
Datei Gelöscht : C:\Windows\system32\RegistryHelperLM.ocx
Datei Gelöscht : C:\Users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\ut86ydbj.default\searchplugins\conduit-search.xml
Datei Gelöscht : C:\Users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\ut86ydbj.default\user.js
Datei Gelöscht : C:\Windows\Tasks\FF Watcher {591BDE40-27C6-4EF4-8260-58470B08B36A}.job
Datei Gelöscht : C:\Windows\System32\Tasks\FF Watcher {591BDE40-27C6-4EF4-8260-58470B08B36A}
Datei Gelöscht : C:\Windows\Tasks\FF Watcher {6BC52A8A-733A-4149-9DB0-F70E345BFB75}.job
Datei Gelöscht : C:\Windows\System32\Tasks\FF Watcher {6BC52A8A-733A-4149-9DB0-F70E345BFB75}
Datei Gelöscht : C:\Windows\Tasks\FF Watcher {C06124DF-5D94-4C79-93A7-767545A5F03F}.job
Datei Gelöscht : C:\Windows\System32\Tasks\FF Watcher {C06124DF-5D94-4C79-93A7-767545A5F03F}
Datei Gelöscht : C:\Windows\Tasks\FF Watcher {F3F1A344-69ED-4689-8031-D686065E4419}.job
Datei Gelöscht : C:\Windows\System32\Tasks\FF Watcher {F3F1A344-69ED-4689-8031-D686065E4419}

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3792A5C-EDB0-4BB6-8DFA-EDF4EE997FC3}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3792A5C-EDB0-4BB6-8DFA-EDF4EE997FC3}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A5D1D9B-4996-4172-ADCF-FD0D4867516A}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A5D1D9B-4996-4172-ADCF-FD0D4867516A}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D852DBB-4C08-408B-9B40-A9B8B3AE73CB}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D852DBB-4C08-408B-9B40-A9B8B3AE73CB}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{333504A7-07DA-492D-817D-31BFD0C0CA4D}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{333504A7-07DA-492D-817D-31BFD0C0CA4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Registry Helper

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16921

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\ut86ydbj.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MF544B194-ECFB-4DFD-A2B0-5AE82508B40F&SearchSource=55&CUI=&UM=5&UP=SPDEAE4214-E735-455A[...]

-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=18556
Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MF544B194-ECFB-4DFD-A2B0-5AE82508B40F&SearchSource=58&CUI=&UM=5&UP=SPDEAE4214-E735-455A-9CAF-73CA57767414&q={searchTerms}&SSPV=
Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
Gelöscht [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MF544B194-ECFB-4DFD-A2B0-5AE82508B40F&SearchSource=55&CUI=&UM=5&UP=SPDEAE4214-E735-455A-9CAF-73CA57767414&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [5066 octets] - [03/07/2014 21:36:58]
AdwCleaner[S0].txt - [4844 octets] - [03/07/2014 21:40:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4904 octets] ##########
--- --- ---


Hitman scannt noch


EDIT///////


Code:
ATTFilter
HitmanPro 3.7.9.220
www.hitmanpro.com

   Computer name . . . . : JONAPC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : JONAPC\Jona
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-07-03 21:50:05
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 49s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 12

   Objects scanned . . . : 1.141.086
   Files scanned . . . . : 26.729
   Remnants scanned  . . : 303.812 files / 810.545 keys

Malware _____________________________________________________________________

   C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0MJ9ECU\setup[1].exe
      Size . . . . . . . : 208.352 bytes
      Age  . . . . . . . : 64.2 days (2014-04-30 17:25:43)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : E0FBC58D93C04968F7D3118301ECAB680D3039CA297F14C68CEEAC609D0CA051
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxp://d3ja5whctlmz30.cloudfront.net/installers/bi_downloader/1386682275013/setup.exe
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Mazel.f
      Fuzzy  . . . . . . : 107.0

   C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7E0H0C1\setup[2].exe
      Size . . . . . . . : 208.352 bytes
      Age  . . . . . . . : 64.2 days (2014-04-30 17:24:37)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : E0FBC58D93C04968F7D3118301ECAB680D3039CA297F14C68CEEAC609D0CA051
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxp://d2k80l4eucc1ve.cloudfront.net/installers/bi_downloader/1386682275013/setup.exe
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Mazel.f
      Fuzzy  . . . . . . : 107.0


Suspicious files ____________________________________________________________

   C:\Users\Jona\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 30.2 days (2014-06-03 16:43:11)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Jona\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 3.1 days (2014-06-30 20:10:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -0.4s C:\Users\Jona\AppData\Local\PunkBuster\BF3\pb\htm\wc002342.htm
          0.0s C:\Users\Jona\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll

   C:\Users\Jona\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 0.1 days (2014-07-03 20:18:19)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Jona\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 30.2 days (2014-06-03 16:38:42)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Jona\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 140.520 bytes
      Age  . . . . . . . : 30.2 days (2014-06-03 16:38:54)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A02F21CE0AAE716212DD2593B8392A7674D8CE932B3B133B3A33152809E7307C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Jona\Desktop\FRST.exe
      Size . . . . . . . : 1.073.664 bytes
      Age  . . . . . . . : 0.2 days (2014-07-03 17:12:58)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 3D7FFC4816AA3622DFAB37B102FFC36C2B1096DCDBA6E98183655778A1E4DFB7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Jona\Desktop\FRST.exe
          5.8s C:\$Recycle.Bin\S-1-5-21-17610030-839998563-2177145587-1000\$RHH8R3H.txt
          5.8s C:\Users\Jona\Desktop\FRST.txt

   C:\Windows\system32\drivers\PnkBstrK.sys
      Size . . . . . . . : 140.520 bytes
      Age  . . . . . . . : 31.1 days (2014-06-02 20:35:05)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A02F21CE0AAE716212DD2593B8392A7674D8CE932B3B133B3A33152809E7307C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 26.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.


Potential Unwanted Programs _________________________________________________

   HKLM\SYSTEM\ControlSet001\services\eventlog\Application\Registry Helper Service\ (RegistryHelper)
   HKLM\SYSTEM\ControlSet002\services\eventlog\Application\Registry Helper Service\ (RegistryHelper)
   HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Registry Helper Service\ (RegistryHelper)
Diesesmal dürfte es vollständig sein
Geändert von hannover96xd (03.07.2014 um 20:58 Uhr)

Alt 04.07.2014, 16:28   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


OK...

Schritt 1

Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.07.2014, 20:04   #11
hannover96xd
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


Das erste Protokoll:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.07.2014
Suchlauf-Zeit: 20:33:07
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.04.09
Rootkit Datenbank: v2014.07.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Jona

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 326821
Verstrichene Zeit: 21 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 2
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [44deddbe3f3c7bbb20be3d14f80a8e72], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [44deddbe3f3c7bbb20be3d14f80a8e72]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Eset-Scann mache ich gleich

Alt 04.07.2014, 20:07   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


OK...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.07.2014, 20:33   #13
hannover96xd
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Icon23

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


Ist es normal, dass der ESET-Scann so lange braucht?
Der scannt schon seit 15 min und ist erst bei 8%!?!?!?!?!

Muss morgen nämlich früh aus dem Haus! ^^

Alt 04.07.2014, 20:39   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe



Ja, der braucht lange, würde ihn über Nacht laufen lassen wenn das geht. Oder Du machst ihn halt wenn Du mehr Zeit hast...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 05.07.2014, 12:50   #15
hannover96xd
 
TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Standard

TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


So, nach 4 Stunden und 45 min ist er endlich fertig

Nun der Code von Scann Ergebniss:

Code:
ATTFilter
#ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=e4cdce5d43203f48a8cbfb5c7b132aa3
# engine=19028
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-04 07:52:12
# local_time=2014-07-04 09:52:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 5347 11182268 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 16285 156134723 0 0
# scanned=5960
# found=0
# cleaned=0
# scan_time=2017
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=e4cdce5d43203f48a8cbfb5c7b132aa3
# engine=19031
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-05 11:28:41
# local_time=2014-07-05 01:28:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 17942 11238457 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 55498 156190912 0 0
# scanned=201362
# found=6
# cleaned=0
# scan_time=17130
sh=6D8DEB6A0C5052D5C2DE108B4DD18103F8561432 ft=1 fh=d429baf8742ea515 vn="Win32/Somoto.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CSV7VNTC\BiTool[1].dll"
sh=A5EECED5D0A893334F8B79F5A6FD7BFA01005860 ft=1 fh=16ed0088e5a650a1 vn="Win32/Somoto.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0MJ9ECU\setup[1].exe"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7BD412W\SPSetup[1].exe"
sh=9FAE98C3ABEA706F0A40BF64A01113EC91A606A5 ft=1 fh=076524552ae7c00f vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7BD412W\v-bates[1].exe"
sh=4A010B2267995464DB3439C8A498D374A3225806 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7E0H0C1\gsp[1].zip"
sh=A5EECED5D0A893334F8B79F5A6FD7BFA01005860 ft=1 fh=16ed0088e5a650a1 vn="Win32/Somoto.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7E0H0C1\setup[2].exe"
Der FRST Scann kommt gleich


EDIT///

Er ist da!
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014
Ran by Jona (administrator) on JONAPC on 05-07-2014 14:01:04
Running from C:\Users\Jona\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
( ) C:\Windows\System32\lxdacoms.exe
() C:\Users\Jona\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft WebMatrix\WebMatrix.exe
(Microsoft Corporation) C:\Program Files\IIS Express\iisexpress.exe
(Microsoft Corporation) C:\Program Files\IIS Express\iisexpresstray.exe
(FileZilla Project) F:\Programme\filezilla\FileZilla FTP Client\filezilla.exe
(Spencer Kimball, Peter Mattis and the GIMP Development Team) F:\Programme\gimp\GIMP 2\bin\gimp-2.8.exe
(Spencer Kimball, Peter Mattis and the GIMP Development Team) F:\Programme\gimp\GIMP 2\lib\gimp\2.0\plug-ins\script-fu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BCSSync] => F:\Programme\Microsoft Office Pack\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-17610030-839998563-2177145587-1000\...\Run: [MediaFire Tray] => [X]
ShellIconOverlayIdentifiers: 1MediaFireIconError -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files\MediaFire Desktop\MediaFireIcon3_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 1MediaFireIconSynched -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files\MediaFire Desktop\MediaFireIcon_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: 1MediaFireIconSyncing -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files\MediaFire Desktop\MediaFireIcon2_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: MediaFireIconLock -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files\MediaFire Desktop\MediaFireIcon4_edc86.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: MediaFireIconReadOnly -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files\MediaFire Desktop\MediaFireIcon5_edc86.dll (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE5154D72AA3FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office Pack\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office Pack\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Jona\AppData\Roaming\Mozilla\Firefox\Profiles\ut86ydbj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.4.0 - C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://multicultipage.bplaced.net/"
CHR Extension: (Google Translate) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-05-27]
CHR Extension: (Google Docs) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Web Developer) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-05-16]
CHR Extension: (YouTube) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Telegram UNOFFICIAL) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2014-03-20]
CHR Extension: (Google-Suche) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (Button Generator) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\njphjoojdldjpogfhbncccnkldebgbnd [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Jona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S4 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1889616 2014-06-23] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-04-15] (LogMeIn, Inc.)
R2 lxda_device; C:\Windows\system32\lxdacoms.exe [537520 2007-04-26] ( )
R2 MF NTFS Monitor; C:\Users\Jona\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [457736 2014-05-30] ()
S3 Microsoft SharePoint Workspace Audit Service; F:\Programme\Microsoft Office Pack\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19701080 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-06-30] ()
S3 wampmysqld; U:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x86.sys [19160 2013-12-06] (Windows (R) Win 7 DDK provider)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19400 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S1 vmm; \??\C:\Windows\system32\Drivers\vmm.sys [X]
U3 wampapache; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-05 14:01 - 2014-07-05 14:01 - 00013136 _____ () C:\Users\Jona\Desktop\FRST.txt
2014-07-05 12:46 - 2014-07-05 12:46 - 00049225 _____ () C:\Users\Jona\AppData\Local\recently-used.xbel
2014-07-04 22:03 - 2014-07-04 22:03 - 00000000 ____D () C:\Users\Jona\Prezi
2014-07-04 20:31 - 2014-07-04 21:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 20:31 - 2014-07-04 20:31 - 00001056 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 20:31 - 2014-07-04 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-04 20:31 - 2014-07-04 20:31 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-04 20:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-04 20:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 20:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 20:27 - 2014-07-04 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 21:49 - 2014-07-03 21:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-03 21:49 - 2014-07-03 21:48 - 10278752 _____ (SurfRight B.V.) C:\Users\Jona\Desktop\HitmanPro.exe
2014-07-03 21:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 21:36 - 2014-07-03 21:42 - 00000000 ___DC () C:\AdwCleaner
2014-07-03 21:36 - 2014-07-03 21:35 - 01346519 _____ () C:\Users\Jona\Desktop\adwcleaner_3.214.exe
2014-07-03 17:12 - 2014-07-05 13:52 - 01074688 ____C (Farbar) C:\Users\Jona\Desktop\FRST.exe
2014-07-03 17:00 - 2014-07-05 14:01 - 00000000 ___DC () C:\FRST
2014-07-02 22:33 - 2014-07-02 22:33 - 00000000 ____D () C:\Users\Jona\AppData\Local\Macromedia
2014-06-30 21:51 - 2014-06-30 21:51 - 00000532 _____ () C:\Users\Jona\Desktop\WampServer.lnk
2014-06-30 21:51 - 2014-06-30 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
2014-06-30 21:32 - 2014-06-30 21:32 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ___RD () C:\Program Files\Skype
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-30 20:04 - 2014-06-30 20:04 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-06-30 19:29 - 2014-06-30 19:30 - 00000000 ____D () C:\Users\Jona\.zenmap
2014-06-30 19:28 - 2014-06-30 19:28 - 00000649 _____ () C:\Users\Jona\Desktop\Nmap - Zenmap GUI.lnk
2014-06-30 19:28 - 2014-06-30 19:28 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-06-30 19:28 - 2014-06-30 19:28 - 00000000 ____D () C:\Program Files\WinPcap
2014-06-30 18:49 - 2014-06-30 18:51 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PHPTriad
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\winnt
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\phptriad
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\apache
2014-06-30 18:20 - 2014-06-30 18:20 - 00000834 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-06-30 18:20 - 2014-06-30 18:20 - 00000834 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-06-28 20:32 - 2014-06-28 20:32 - 00000684 _____ () C:\Users\Administrator.JONAPC\Desktop\Aptana Studio 3.lnk
2014-06-28 19:32 - 2014-06-28 19:32 - 00000824 _____ () C:\Users\Jona\Desktop\Microsoft Expression Web 4.lnk
2014-06-28 19:15 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-06-28 19:14 - 2014-06-28 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2014-06-28 19:14 - 2014-06-28 19:14 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-06-27 20:26 - 2014-06-27 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-27 20:26 - 2009-03-18 18:35 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-06-27 20:25 - 2014-06-27 20:26 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-06-17 15:35 - 2014-06-17 15:35 - 00000104 _____ () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Standardprogramme - Verknüpfung.lnk
2014-06-17 15:35 - 2014-06-17 15:35 - 00000000 ___RD () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geräte und Drucker - Verknüpfung
2014-06-17 15:33 - 2006-05-11 06:14 - 00073728 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdapwr.dll
2014-06-17 15:33 - 2006-04-17 19:48 - 00200704 _____ (Lexmark International, Inc.) C:\Windows\system32\lexlmpm.dll
2014-06-17 15:33 - 2006-04-17 19:42 - 00311296 _____ (Lexmark International, Inc.) C:\Windows\system32\LEXBCES.EXE
2014-06-17 15:33 - 2006-04-17 19:42 - 00198144 _____ (Lexmark International, Inc.) C:\Windows\system32\LEX2KUSB.DLL
2014-06-17 15:33 - 2006-04-17 19:41 - 00201216 _____ (Lexmark International, Inc.) C:\Windows\system32\LEXP2P32.DLL
2014-06-17 15:33 - 2006-04-17 19:41 - 00174592 _____ (Lexmark International, Inc.) C:\Windows\system32\LEXPPS.EXE
2014-06-17 15:33 - 2006-04-17 19:41 - 00147456 _____ (Lexmark International, Inc.) C:\Windows\system32\LEXBCE.DLL
2014-06-14 20:40 - 2014-06-14 20:40 - 00003584 _____ () C:\Users\Jona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-14 16:24 - 2014-06-14 16:25 - 00000000 ____D () C:\Users\Jona\AppData\Local\Adobe
2014-06-12 16:27 - 2014-06-15 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-12 16:27 - 2014-06-12 16:27 - 00000927 _____ () C:\Users\Jona\Desktop\FileZilla.lnk
2014-06-12 08:45 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 08:45 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 08:45 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 08:45 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 08:44 - 2014-05-24 03:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 08:44 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 08:44 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 08:44 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 08:44 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 08:44 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 08:44 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 08:44 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 08:44 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 08:44 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 08:44 - 2014-05-24 02:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-12 08:40 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 08:40 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 08:40 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 08:40 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 08:40 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 21:22 - 2014-06-10 21:22 - 00000000 ____D () C:\Program Files\MSECache
2014-06-07 22:50 - 2014-06-07 22:50 - 00000000 _____ () C:\Users\Jona\AppData\Local\{6FAECDCC-2329-4941-BF48-2AE68C725B08}
2014-06-06 21:53 - 2014-06-06 21:53 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-06 20:42 - 2014-06-06 21:25 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\tor
2014-06-06 15:02 - 2014-06-06 15:25 - 00000000 ____D () C:\Users\Jona\Documents\FIFA World
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-06-05 21:23 - 2014-06-05 21:23 - 00000000 ____D () C:\Users\Jona\Documents\Fächer Sicherheitskopie
2014-06-05 19:55 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-05 19:55 - 2014-06-05 19:55 - 00003095 _____ () C:\Users\Jona\Desktop\Microsoft PowerPoint 2010.lnk
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-06-05 19:51 - 2014-06-05 19:51 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-05 19:50 - 2014-06-12 17:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-05 19:50 - 2014-06-07 18:42 - 00000000 ____D () C:\Users\Jona\AppData\Local\Microsoft Help

==================== One Month Modified Files and Folders =======

2014-07-05 14:01 - 2014-07-05 14:01 - 00013136 _____ () C:\Users\Jona\Desktop\FRST.txt
2014-07-05 14:01 - 2014-07-03 17:00 - 00000000 ___DC () C:\FRST
2014-07-05 13:57 - 2014-05-24 23:02 - 00000000 ____D () C:\Users\Jona\Desktop\Mein USB Stick
2014-07-05 13:52 - 2014-07-03 17:12 - 01074688 ____C (Farbar) C:\Users\Jona\Desktop\FRST.exe
2014-07-05 13:51 - 2014-03-20 20:24 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-05 13:14 - 2014-05-20 15:26 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\FileZilla
2014-07-05 12:46 - 2014-07-05 12:46 - 00049225 _____ () C:\Users\Jona\AppData\Local\recently-used.xbel
2014-07-05 12:46 - 2014-04-24 18:33 - 00000000 ____D () C:\Users\Jona\AppData\Local\gtk-2.0
2014-07-05 11:53 - 2014-04-19 14:52 - 00000000 ____D () C:\Users\Jona\.gimp-2.8
2014-07-05 09:25 - 2009-07-14 06:34 - 00020304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-05 09:25 - 2009-07-14 06:34 - 00020304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-05 09:21 - 2014-03-14 19:11 - 01448561 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 08:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-05 08:23 - 2014-03-20 20:24 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-05 08:23 - 2014-03-14 19:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-05 08:23 - 2010-11-20 23:48 - 00274968 _____ () C:\Windows\PFRO.log
2014-07-05 08:23 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-05 08:23 - 2009-07-14 06:39 - 00060710 _____ () C:\Windows\setupact.log
2014-07-04 22:03 - 2014-07-04 22:03 - 00000000 ____D () C:\Users\Jona\Prezi
2014-07-04 22:03 - 2014-03-14 19:22 - 00000000 ____D () C:\Users\Jona
2014-07-04 21:11 - 2014-03-14 19:26 - 00007592 _____ () C:\Users\Jona\AppData\Local\Resmon.ResmonCfg
2014-07-04 21:01 - 2014-07-04 20:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 20:31 - 2014-07-04 20:31 - 00001056 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 20:31 - 2014-07-04 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-04 20:31 - 2014-07-04 20:31 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-04 20:27 - 2014-07-04 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 17:49 - 2014-04-19 14:45 - 00000000 ____D () C:\ProgramData\Origin
2014-07-04 17:27 - 2014-06-03 16:38 - 00297088 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-07-04 17:27 - 2014-06-02 20:35 - 00140520 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-07-04 17:27 - 2014-06-02 20:34 - 00297088 _____ () C:\Windows\system32\PnkBstrB.exe
2014-07-04 17:27 - 2014-06-02 20:34 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-07-04 17:25 - 2014-03-21 20:21 - 00000000 ____D () C:\Program Files\Steam
2014-07-04 17:20 - 2014-03-21 15:37 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-03 21:56 - 2014-07-03 21:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-03 21:48 - 2014-07-03 21:49 - 10278752 _____ (SurfRight B.V.) C:\Users\Jona\Desktop\HitmanPro.exe
2014-07-03 21:42 - 2014-07-03 21:36 - 00000000 ___DC () C:\AdwCleaner
2014-07-03 21:35 - 2014-07-03 21:36 - 01346519 _____ () C:\Users\Jona\Desktop\adwcleaner_3.214.exe
2014-07-03 17:42 - 2014-05-19 13:57 - 00000000 ____D () C:\Users\Administrator.JONAPC
2014-07-03 17:42 - 2014-03-21 16:44 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-03 17:42 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-03 17:42 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-07-03 16:49 - 2014-03-14 19:54 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-02 22:33 - 2014-07-02 22:33 - 00000000 ____D () C:\Users\Jona\AppData\Local\Macromedia
2014-07-01 17:59 - 2014-03-20 20:39 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Skype
2014-07-01 16:32 - 2014-06-04 20:27 - 00000000 ____D () C:\Users\Jona\AppData\Local\LogMeIn Hamachi
2014-06-30 21:51 - 2014-06-30 21:51 - 00000532 _____ () C:\Users\Jona\Desktop\WampServer.lnk
2014-06-30 21:51 - 2014-06-30 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
2014-06-30 21:32 - 2014-06-30 21:32 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ___RD () C:\Program Files\Skype
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-30 21:32 - 2014-06-30 21:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-30 21:32 - 2014-03-20 20:39 - 00000000 ____D () C:\ProgramData\Skype
2014-06-30 20:10 - 2014-06-02 20:34 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-30 20:04 - 2014-06-30 20:04 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-06-30 19:30 - 2014-06-30 19:29 - 00000000 ____D () C:\Users\Jona\.zenmap
2014-06-30 19:28 - 2014-06-30 19:28 - 00000649 _____ () C:\Users\Jona\Desktop\Nmap - Zenmap GUI.lnk
2014-06-30 19:28 - 2014-06-30 19:28 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-06-30 19:28 - 2014-06-30 19:28 - 00000000 ____D () C:\Program Files\WinPcap
2014-06-30 18:51 - 2014-06-30 18:49 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PHPTriad
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\winnt
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\phptriad
2014-06-30 18:49 - 2014-06-30 18:49 - 00000000 ___DC () C:\apache
2014-06-30 18:20 - 2014-06-30 18:20 - 00000834 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-06-30 18:20 - 2014-06-30 18:20 - 00000834 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-06-30 17:56 - 2014-03-20 20:22 - 00163576 _____ () C:\Users\Jona\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 17:19 - 2009-07-14 06:33 - 02470208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-30 15:17 - 2014-05-20 19:01 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2014-06-30 15:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-30 15:12 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-28 20:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-28 20:32 - 2014-06-28 20:32 - 00000684 _____ () C:\Users\Administrator.JONAPC\Desktop\Aptana Studio 3.lnk
2014-06-28 20:32 - 2014-05-18 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aptana
2014-06-28 19:32 - 2014-06-28 19:32 - 00000824 _____ () C:\Users\Jona\Desktop\Microsoft Expression Web 4.lnk
2014-06-28 19:14 - 2014-06-28 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2014-06-28 19:14 - 2014-06-28 19:14 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-06-28 11:56 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 20:26 - 2014-06-27 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-27 20:26 - 2014-06-27 20:25 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-06-17 21:02 - 2014-05-23 13:10 - 00000000 ____D () C:\Users\Jona\.freemind
2014-06-17 15:35 - 2014-06-17 15:35 - 00000104 _____ () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Standardprogramme - Verknüpfung.lnk
2014-06-17 15:35 - 2014-06-17 15:35 - 00000000 ___RD () C:\Users\Jona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geräte und Drucker - Verknüpfung
2014-06-15 18:19 - 2014-06-12 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-14 20:40 - 2014-06-14 20:40 - 00003584 _____ () C:\Users\Jona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-14 16:25 - 2014-06-14 16:24 - 00000000 ____D () C:\Users\Jona\AppData\Local\Adobe
2014-06-14 13:00 - 2014-04-19 15:52 - 00000000 ____D () C:\Users\Jona\Documents\FIFA 13
2014-06-13 15:15 - 2014-03-21 17:02 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\Sony
2014-06-12 20:58 - 2014-03-20 20:26 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 19:22 - 2014-05-06 17:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 17:43 - 2014-06-05 19:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 17:42 - 2014-03-25 21:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 17:39 - 2014-03-25 21:37 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 16:27 - 2014-06-12 16:27 - 00000927 _____ () C:\Users\Jona\Desktop\FileZilla.lnk
2014-06-12 16:26 - 2014-03-22 11:48 - 00000000 ____D () C:\Program Files\Sony
2014-06-10 21:22 - 2014-06-10 21:22 - 00000000 ____D () C:\Program Files\MSECache
2014-06-08 11:37 - 2014-05-06 17:03 - 00000000 ___HD () C:\Users\Jona\.mediafire
2014-06-08 10:48 - 2014-06-12 08:40 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 08:40 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 22:50 - 2014-06-07 22:50 - 00000000 _____ () C:\Users\Jona\AppData\Local\{6FAECDCC-2329-4941-BF48-2AE68C725B08}
2014-06-07 18:42 - 2014-06-05 19:50 - 00000000 ____D () C:\Users\Jona\AppData\Local\Microsoft Help
2014-06-07 18:13 - 2014-03-23 17:50 - 00000237 _____ () C:\Windows\LEXSTAT.INI
2014-06-06 21:53 - 2014-06-06 21:53 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-06 21:25 - 2014-06-06 20:42 - 00000000 ____D () C:\Users\Jona\AppData\Roaming\tor
2014-06-06 20:36 - 2014-04-19 15:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-06 20:36 - 2014-04-19 15:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-06 15:25 - 2014-06-06 15:02 - 00000000 ____D () C:\Users\Jona\Documents\FIFA World
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-06-05 21:23 - 2014-06-05 21:23 - 00000000 ____D () C:\Users\Jona\Documents\Fächer Sicherheitskopie
2014-06-05 19:58 - 2014-06-05 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-05 19:55 - 2014-06-05 19:55 - 00003095 _____ () C:\Users\Jona\Desktop\Microsoft PowerPoint 2010.lnk
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-06-05 19:54 - 2014-06-05 19:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-06-05 19:54 - 2014-03-20 23:05 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-06-05 19:51 - 2014-06-05 19:51 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-05 19:51 - 2011-04-12 03:39 - 00000000 ____D () C:\Windows\ShellNew

Some content of TEMP:
====================
C:\Users\Administrator.JONAPC\AppData\Local\Temp\avgnt.exe
C:\Users\Jona\AppData\Local\Temp\avgnt.exe
C:\Users\Jona\AppData\Local\Temp\Quarantine.exe
C:\Users\Jona\AppData\Local\Temp\uninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-10 09:55

==================== End Of Log ============================
--- --- ---

EDIT////


fast vergessen.....

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014
Ran by Jona at 2014-07-05 14:01:46
Running from C:\Users\Jona\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe After Effects CS4 (HKLM\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (HKLM\...\Adobe_5aab5a491a3a52ae624fd639f6aaa95) (Version: 9 - Adobe Systems Incorporated)
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Aptana Studio 3 (HKLM\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
DeshakerIF 2.01 (HKLM\...\{C39CDB78-924E-4DEE-94E8-97B77F1A6080}_is1) (Version:  - )
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
ffdshow v1.3.4530 [2014-02-09] (HKLM\...\ffdshow_is1) (Version: 1.3.4530.0 - )
FileZilla Client 3.8.1 (HKLM\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Free YouTube Download version 3.2.33.424 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.33.424 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version:  - Lexmark International, Inc.)
LibreOffice 4.2.2.1 (HKLM\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.214 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.214 - LogMeIn, Inc.) Hidden
MAGIX Content und Soundpools (HKLM\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM\...\MAGIX_{B03055E4-8381-4834-8CD6-602141C8D702}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 (HKLM\...\MX.{CC87429C-BC87-4D90-9D5F-C6D9721A6663}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Premium Sonderedition (HKLM\...\MAGIX_{9ADAE3A4-87DD-4091-B5E0-24F4B6F08F3A}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Premium Sonderedition (Version: 11.0.5.0 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaFire Desktop (HKLM\...\MediaFire Desktop 0.10.36.9353) (Version: 0.10.52.9493 - MediaFire)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{30640168-E261-4261-B8FF-7FA5E0F6A2F1}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft WebMatrix 3 (HKLM\...\{F3A4C164-245F-4548-AE80-BB766E16B637}) (Version: 2.0.1932 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nmap 6.46 (HKLM\...\Nmap) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shark007 Standard Codecs (HKLM\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 2.0.1 - Shark007)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SRWare Iron Version SRWare Iron 34.0.1850.0 (HKLM\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 34.0.1850.0 - SRWare)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 9.0 (HKLM\...\{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}) (Version: 9.0.1147 - Sony)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WampServer 2.5 (HKLM\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Wisdom-soft AutoScreenRecorder 3.1 Free (HKLM\...\Wisdom-soft AutoScreenRecorder 3.1 Free) (Version:  - Wisdom Software Inc.)
XMedia Recode Version 3.1.8.6 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.8.6 - XMedia Recode)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E257772-C26E-4575-9FF7-C7FAA8FA7788} - System32\Tasks\{E9CEFB17-FAE6-4E28-962B-25A6D267E625} => C:\Users\Jona\Downloads\x264_r2431\x264-10b-r2431-ac76440.exe
Task: {4E95A93D-867E-4687-8A52-47FE0FBC77B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {7E8E187B-0253-4266-826D-7E1324726C68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-14 19:38 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-01 11:08 - 2014-06-01 11:08 - 00035328 _____ () F:\Programme\filezilla\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () F:\Programme\filezilla\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () F:\Programme\filezilla\FileZilla FTP Client\libstdc++-6.dll
2014-05-06 16:57 - 2014-05-30 01:04 - 00457736 _____ () C:\Users\Jona\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
2014-06-02 20:34 - 2014-06-30 20:10 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-12 20:57 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 20:57 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 20:57 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 20:58 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 20:57 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-05-20 19:03 - 2014-05-20 19:03 - 01975808 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\RibbonContr6f994294#\44985f5f900e3d2e94a7ca2da9a24602\RibbonControlsLibrary.ni.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00030920 _____ () F:\Programme\gimp\GIMP 2\bin\libgimpmodule-2.0-0.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00090448 _____ () F:\Programme\gimp\GIMP 2\bin\libgimpbase-2.0-0.dll
2014-06-30 18:18 - 2013-11-27 02:35 - 00117730 _____ () F:\Programme\gimp\GIMP 2\bin\libgcc_s_sjlj-1.dll
2014-06-30 18:18 - 2013-11-26 23:43 - 00052640 _____ () F:\Programme\gimp\GIMP 2\bin\libffi-6.dll
2014-06-30 18:20 - 2013-11-26 23:39 - 00106234 _____ () F:\Programme\gimp\GIMP 2\bin\zlib1.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00048000 _____ () F:\Programme\gimp\GIMP 2\bin\libgimpthumb-2.0-0.dll
2014-06-30 18:19 - 2013-11-27 00:11 - 00279279 _____ () F:\Programme\gimp\GIMP 2\bin\libjasper-1.dll
2014-06-30 18:19 - 2013-11-27 00:06 - 00218650 _____ () F:\Programme\gimp\GIMP 2\bin\libjpeg-8.dll
2014-06-30 18:19 - 2013-11-26 23:50 - 00174135 _____ () F:\Programme\gimp\GIMP 2\bin\libpng15-15.dll
2014-06-30 18:19 - 2013-11-27 00:29 - 00442271 _____ () F:\Programme\gimp\GIMP 2\bin\libtiff-5.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 01218408 _____ () F:\Programme\gimp\GIMP 2\bin\libgimpwidgets-2.0-0.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00061392 _____ () F:\Programme\gimp\GIMP 2\bin\libgimpcolor-2.0-0.dll
2014-06-30 18:18 - 2013-11-27 02:56 - 00648818 _____ () F:\Programme\gimp\GIMP 2\bin\libcairo-2.dll
2014-06-30 18:18 - 2013-11-26 23:54 - 00241850 _____ () F:\Programme\gimp\GIMP 2\bin\libfontconfig-1.dll
2014-06-30 18:18 - 2013-11-26 23:49 - 00501844 _____ () F:\Programme\gimp\GIMP 2\bin\libfreetype-6.dll
2014-06-30 18:19 - 2013-11-26 23:47 - 01171945 _____ () F:\Programme\gimp\GIMP 2\bin\libxml2-2.dll
2014-06-30 18:19 - 2013-11-26 23:52 - 00629673 _____ () F:\Programme\gimp\GIMP 2\bin\libpixman-1-0.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00073248 _____ () F:\Programme\gimp\GIMP 2\bin\libgimpconfig-2.0-0.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00033096 _____ () F:\Programme\gimp\GIMP 2\bin\libgimpmath-2.0-0.dll
2014-06-30 18:19 - 2013-11-27 03:08 - 00304239 _____ () F:\Programme\gimp\GIMP 2\bin\libharfbuzz-0.dll
2014-06-30 18:18 - 2013-11-27 03:59 - 00143089 _____ () F:\Programme\gimp\GIMP 2\bin\libbabl-0.1-0.dll
2014-06-30 18:19 - 2013-11-27 20:10 - 00408312 _____ () F:\Programme\gimp\GIMP 2\bin\libgegl-0.2-0.dll
2014-06-30 18:20 - 2013-11-27 03:26 - 00088056 _____ () F:\Programme\gimp\GIMP 2\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00032256 _____ () F:\Programme\gimp\GIMP 2\lib\gimp\2.0\modules\libdisplay-filter-lcms.dll
2014-06-30 18:19 - 2013-11-27 01:11 - 00291927 _____ () F:\Programme\gimp\GIMP 2\bin\liblcms2-2.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00029368 _____ () F:\Programme\gimp\GIMP 2\lib\gimp\2.0\modules\libcolor-selector-cmyk.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00030712 _____ () F:\Programme\gimp\GIMP 2\lib\gimp\2.0\modules\libcolor-selector-water.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00045768 _____ () F:\Programme\gimp\GIMP 2\lib\gimp\2.0\modules\libcolor-selector-wheel.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00138232 _____ () F:\Programme\gimp\GIMP 2\bin\libgimpui-2.0-0.dll
2014-06-30 18:18 - 2013-11-30 18:09 - 00221048 _____ () F:\Programme\gimp\GIMP 2\bin\libgimp-2.0-0.dll
2014-06-12 20:57 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MediaFire Tray => C:\Users\Jona\AppData\Local\MediaFire Desktop\mf_watch.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Registry Helper => "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: TrayServer => F:\Programme\Magix\Videodeluxe\Programm\TrayServer_de.exe
MSCONFIG\startupreg: V-bates => C:\Program Files\V-bates\notifier.exe

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: Virtual Machine Monitor
Description: Virtual Machine Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: vmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2014 08:25:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 09:01:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 08:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xd74
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (07/04/2014 08:48:16 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


For more information, see Help and Support Center at hxxp://www.mysql.com.

Error: (07/04/2014 08:48:16 PM) (Source: MySQL) (EventID: 100) (User: )
Description: wampmysqld: unknown option '--skip-locking'

For more information, see Help and Support Center at hxxp://www.mysql.com.

Error: (07/04/2014 08:17:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 05:24:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Origin.exe, Version 9.4.11.2806 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d2c

Startzeit: 01cf978de8cf5f45

Endzeit: 0

Anwendungspfad: F:\Programme\Origin Games\Origin\Origin.exe

Berichts-ID: 44e44492-038f-11e4-bcf4-00138fd854a2

Error: (07/04/2014 00:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 09:45:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 09:43:04 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


System errors:
=============
Error: (07/05/2014 01:25:05 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/05/2014 08:24:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/05/2014 08:23:09 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/04/2014 09:00:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/04/2014 08:59:28 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/04/2014 08:48:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "wampmysqld" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/04/2014 08:16:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vmm

Error: (07/04/2014 08:16:01 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/04/2014 05:16:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.

Error: (07/04/2014 04:18:34 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.


Microsoft Office Sessions:
=========================
Error: (07/05/2014 08:25:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 09:01:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 08:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd7401cf97b638b086eeC:\Program Files\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dllf27effa8-03ac-11e4-bb1a-00138fd854a2

Error: (07/04/2014 08:48:16 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting

Error: (07/04/2014 08:48:16 PM) (Source: MySQL) (EventID: 100) (User: )
Description: wampmysqld: unknown option '--skip-locking'

Error: (07/04/2014 08:17:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 05:24:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Origin.exe9.4.11.2806d2c01cf978de8cf5f450F:\Programme\Origin Games\Origin\Origin.exe44e44492-038f-11e4-bcf4-00138fd854a2

Error: (07/04/2014 00:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 09:45:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 09:43:04 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


==================== Memory info =========================== 

Percentage of memory in use: 65%
Total physical RAM: 3327.3 MB
Available physical RAM: 1137.07 MB
Total Pagefile: 5372.59 MB
Available Pagefile: 2734.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.63 GB) (Free:4.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DatenGrab) (Fixed) (Total:117.24 GB) (Free:103.88 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:92.88 GB) (Free:63.41 GB) NTFS
Drive h: (JONAS-USB) (Removable) (Total:29.86 GB) (Free:27.29 GB) FAT32
Drive i: (Downloads) (Fixed) (Total:9.76 GB) (Free:6.6 GB) NTFS
Drive u: (PHP) (Fixed) (Total:13 GB) (Free:12.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 77 GB) (Disk ID: 2E2E2E2E)
Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: F9335D9E)
Partition 1: (Active) - (Size=117 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=93 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================
--- --- ---
Geändert von hannover96xd (05.07.2014 um 13:04 Uhr)

Antwort
Seite 1 von 2 1 2

Themen zu TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe
browser, conduit-search, conduit-search entfernen, conduit.search, conduit.search entfernen, dvdvideosoft ltd., google, homepage, mozilla, nvbackend, programm, pup.optional.vbates, registry, server, services.exe, svchost.exe, taskmanager, tr/dropper.gen, win32/conduit.searchprotect.q, win32/somoto.b, win32/somoto.m, win32/toolbar.bitcocktail.b, win32/toolbar.conduit.r, windows


« Facebook-Virus? | Ich kenne mich null mit Viren etc. aus »


Ähnliche Themen: TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. TR/Dropper/A.15627 in C:\Users\XXX\AppData\Local\Temp\
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  3. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  4. TR/Dropper.Gen in c:\Users\Andreas\AppData?Local\Temp\installerp.exe
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (5)
  5. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  6. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  7. BKA Trojaner | C:\Users\~Name\AppData\Local\Temp\g7i0ol_kaz.exe
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (5)
  8. TR.Dropper.gen in C:\Users\Christina\AppData\Local\Temp, Trojan/Zaccess, Trojan.Agent, ...
    Log-Analyse und Auswertung - 19.06.2012 (29)
  9. TR/Sirefef.P.308 in C:\Users\*\AppData\Local\Temp\msimg32.dll
    Log-Analyse und Auswertung - 15.06.2012 (12)
  10. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  11. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  12. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  13. Trojan.Dropper in C:\Users\*****\AppData\Local\Temp\0.7247057717775541.exe
    Plagegeister aller Art und deren Bekämpfung - 14.01.2011 (12)
  14. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  15. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  16. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe - Hallo, ich habe nach Aviras Meinung ein Virus, bzw. Trojaner (oder was es auch immer ist) auf meinem PC! Die Datei wurde in die Quarantäne verschoben, wurde aber schon am - TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe...
Archiv
Du betrachtest: TR/Dropper.Gen in C:\Users\MeinName\Appdata\Local\Temp\OCS\ocs_v71b.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55