SoftwareUpdater.ui.exe öffnet sich beim Start

amlughun · 21.07.2014, 09:31

Hallo,

ich habe ebenfalls das Problem, dass sich das Programm SoftwareUpdater.ui.exe bei jedem Neustart des PC´s ausführen möchte.

CCleaner wird dem Problem leider auch nicht Herr.
Kann mir da jemand weiterhelfen?

Nach dem Durchforsten des Forums habe ich gleich mal FRST.exe 64Bit nach den Vorgaben in den anderen Threads mit diesem Thema installiert und einen Scan durchgeführt.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Feanor (ATTENTION: The logged in user is not administrator) on FEANOR-PC on 21-07-2014 10:34:21
Running from I:\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Feanor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Creative Technology Ltd.) C:\Windows\V0610Mon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVAST Software) G:\Programme\avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Feanor\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Corporation) I:\Programme\PlayMemories Home\PMBVolumeWatcher.exe
(Mozilla Corporation) I:\Programme\Thunderbird\thunderbird.exe
(Mozilla Corporation) G:\Programme\firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-07-15] (VIA)
HKLM-x32\...\Run: [V0610Mon.exe] => C:\Windows\V0610Mon.exe [24576 2011-08-22] (Creative Technology Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => G:\Programme\avast\AvastUI.exe [4086432 2014-07-06] (AVAST Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] => I:\Programme\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-13] (Microsoft Corporation)
HKU\S-1-5-21-227246507-328320338-1266968098-1001\...\Run: [Amazon Cloud Player] => C:\Users\Feanor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-227246507-328320338-1266968098-1001\...\MountPoints2: {4569ba9e-2f4c-11e3-ad9e-806e6f6e6963} - J:\start.exe /checksection
Startup: C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Feanor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 0000BoxSyncFileLocked -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncNotSynced -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncProblem -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncSynced -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => G:\Programme\avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=D6151D53-E173-4FA3-B722-C1C473BB95C8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013
SearchScopes: HKCU - DefaultScope {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=D6151D53-E173-4FA3-B722-C1C473BB95C8&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=D6151D53-E173-4FA3-B722-C1C473BB95C8&ref=toolbox&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> G:\Programme\avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> G:\Programme\avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - No Name - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - No Name - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} -  No File
DPF: HKLM-x32 {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///J:/viewer/ORDcmViewCD.ocx
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Feanor\AppData\Roaming\Mozilla\Firefox\Profiles\70hxyeua.default-1396356784700
FF NewTab: www.google.de
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Feanor\AppData\Roaming\Mozilla\Firefox\Profiles\70hxyeua.default-1396356784700\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-17]
FF Extension: Adblock Plus - C:\Users\Feanor\AppData\Roaming\Mozilla\Firefox\Profiles\70hxyeua.default-1396356784700\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-03]
FF Extension: Tab Mix Plus - C:\Users\Feanor\AppData\Roaming\Mozilla\Firefox\Profiles\70hxyeua.default-1396356784700\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-05-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - G:\Programme\avast\WebRep\FF
FF Extension: avast! Online Security - G:\Programme\avast\WebRep\FF [2013-10-07]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF StartMenuInternet: FIREFOX.EXE - G:\Programme\firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; G:\Programme\avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 avast! Firewall; G:\Programme\avast\afwServ.exe [106488 2014-07-06] (AVAST Software)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [21504 2013-12-26] (Box Inc.) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 Garmin Core Update Service; I:\Programme\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PMBDeviceInfoProvider; I:\Programme\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)
R2 StarMoney 8.0 OnlineUpdate; I:\Programme\StarMoney\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; I:\Programme\StarMoney9\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2014-01-23] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-06] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 V0610Vid; C:\Windows\System32\DRIVERS\V0610Vid.sys [323136 2011-09-01] (Creative Technology Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225280 2013-07-12] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-07-12] (VIA Technologies, Inc.)
S3 Afc; SysWOW64\drivers\Afc.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 10:34 - 2014-07-21 10:34 - 00000000 ____D () C:\FRST
2014-07-21 09:52 - 2014-07-21 09:52 - 00000885 _____ () C:\Users\Feanor\AppData\Local\recently-used.xbel
2014-07-21 09:00 - 2014-04-09 13:01 - 00131072 _____ () C:\Windows\SysWOW64\javaws.exe
2014-07-21 09:00 - 2013-12-18 22:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-21 09:00 - 2013-12-18 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-21 09:00 - 2013-12-18 22:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-21 08:59 - 2014-07-21 09:00 - 00000760 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-20 14:25 - 2014-07-21 09:05 - 00002408 _____ () C:\Windows\setupact.log
2014-07-20 14:25 - 2014-07-21 09:04 - 00001538 _____ () C:\Windows\PFRO.log
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 14:41 - 2014-07-20 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2014-07-16 19:44 - 2014-07-16 19:44 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-16 11:42 - 2014-07-17 07:45 - 00000000 ____D () C:\Program Files (x86)\PcCloneEX
2014-07-16 11:42 - 2014-07-16 11:42 - 00000000 ____D () C:\ProgramData\FNET
2014-07-14 18:39 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-14 18:39 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-14 18:39 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-14 18:38 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-14 18:38 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-14 18:38 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-14 18:38 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-14 18:38 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-14 18:38 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-14 18:38 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-14 18:38 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-14 18:38 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-14 18:38 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-14 18:38 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-14 18:38 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-14 18:38 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-14 18:38 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-14 18:38 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-14 18:38 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-14 18:38 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-14 18:38 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-14 18:38 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-14 18:38 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-14 18:38 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-14 18:38 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-14 18:38 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-14 18:38 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-14 18:38 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-14 18:38 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-14 18:38 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-14 18:38 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-14 18:38 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-14 18:38 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-14 18:38 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-14 18:38 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-14 18:38 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-14 18:38 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-14 18:38 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-14 18:38 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-14 18:38 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-14 18:38 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-14 18:38 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-14 18:38 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-14 18:38 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-14 18:38 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-14 18:38 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-14 18:38 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-14 18:38 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-14 18:38 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-14 18:38 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-14 18:38 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-14 18:38 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-14 18:38 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-14 18:38 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-14 18:38 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-14 18:38 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-14 18:38 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-14 18:38 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-14 18:38 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-14 18:38 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-14 18:38 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-14 18:38 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-14 18:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-14 18:38 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-14 18:38 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-14 18:38 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-14 18:38 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-06 23:18 - 2014-07-06 23:18 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\dvdcss
2014-07-06 18:01 - 2014-07-06 18:01 - 04996210 _____ (Tim Kosse) C:\Users\Feanor\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-06 12:07 - 2014-07-06 12:07 - 00000840 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-07-06 12:06 - 2014-07-06 12:06 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-06 12:06 - 2014-07-06 12:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-04 12:35 - 2014-07-04 12:35 - 00002953 _____ () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2014-07-04 12:28 - 2014-04-25 11:06 - 14155776 _____ () C:\Users\Feanor\AppData\Roaming\Sandra.mdb
2014-06-29 09:15 - 2014-06-29 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-29 09:14 - 2014-06-29 09:14 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Garmin
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieUserList
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieSiteList
2014-06-28 19:47 - 2014-06-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2014-06-27 15:12 - 2014-07-04 12:39 - 00002453 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-06-27 15:12 - 2014-06-27 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-06-25 23:28 - 2014-06-25 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rene.E Laboratory
2014-06-25 22:49 - 2014-06-25 22:49 - 00000000 ___RD () C:\Users\USER\AppData\Roaming\Brother

==================== One Month Modified Files and Folders =======

2014-07-21 10:34 - 2014-07-21 10:34 - 00000000 ____D () C:\FRST
2014-07-21 10:28 - 2013-12-17 14:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 10:06 - 2013-11-21 22:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 09:54 - 2013-12-12 21:11 - 00000000 ____D () C:\Users\Feanor\.gimp-2.8
2014-07-21 09:52 - 2014-07-21 09:52 - 00000885 _____ () C:\Users\Feanor\AppData\Local\recently-used.xbel
2014-07-21 09:12 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 09:12 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 09:08 - 2013-10-07 14:33 - 01799360 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 09:06 - 2013-10-07 19:00 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Dropbox
2014-07-21 09:05 - 2014-07-20 14:25 - 00002408 _____ () C:\Windows\setupact.log
2014-07-21 09:05 - 2014-05-15 12:24 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\DropboxMaster
2014-07-21 09:05 - 2013-12-17 14:31 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 09:04 - 2014-07-20 14:25 - 00001538 _____ () C:\Windows\PFRO.log
2014-07-21 09:04 - 2013-10-11 14:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-21 09:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 09:00 - 2014-07-21 08:59 - 00000760 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-21 09:00 - 2013-10-24 10:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-21 09:00 - 2013-10-07 18:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 12:53 - 2014-03-26 19:06 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\DAEMON Tools Lite
2014-07-20 12:53 - 2013-11-09 12:02 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\FileZilla
2014-07-20 12:43 - 2013-12-17 13:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-20 12:41 - 2014-07-17 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2014-07-20 12:33 - 2013-12-17 14:32 - 00000563 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-20 12:33 - 2013-12-17 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-20 12:28 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-20 12:28 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-20 12:28 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 19:29 - 2013-10-07 21:24 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\vlc
2014-07-18 19:13 - 2013-10-07 18:53 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Usenet.nl
2014-07-17 07:45 - 2014-07-16 11:42 - 00000000 ____D () C:\Program Files (x86)\PcCloneEX
2014-07-16 19:44 - 2014-07-16 19:44 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-16 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-16 11:42 - 2014-07-16 11:42 - 00000000 ____D () C:\ProgramData\FNET
2014-07-15 13:05 - 2009-07-14 06:45 - 00462264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 13:03 - 2014-05-07 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-15 13:03 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 13:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-15 13:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-14 20:31 - 2013-10-08 18:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-14 20:29 - 2013-10-08 18:29 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-14 20:06 - 2013-11-19 20:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-14 20:06 - 2013-11-19 20:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 23:18 - 2014-07-06 23:18 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\dvdcss
2014-07-06 18:01 - 2014-07-06 18:01 - 04996210 _____ (Tim Kosse) C:\Users\Feanor\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-06 12:07 - 2014-07-06 12:07 - 00000840 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-07-06 12:06 - 2014-07-06 12:06 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-06 12:06 - 2014-07-06 12:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-06 12:06 - 2014-04-28 09:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-06 12:06 - 2013-12-28 20:13 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-06 12:06 - 2013-10-07 15:03 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-07-04 12:39 - 2014-06-27 15:12 - 00002453 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-07-04 12:35 - 2014-07-04 12:35 - 00002953 _____ () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2014-07-04 11:58 - 2013-11-19 10:55 - 00005632 _____ () C:\Users\Feanor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-30 04:09 - 2014-07-14 18:39 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-14 18:39 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 09:15 - 2014-06-29 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-29 09:15 - 2014-05-03 18:32 - 00001720 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-06-29 09:15 - 2014-05-03 18:32 - 00000000 ____D () C:\ProgramData\Garmin
2014-06-29 09:14 - 2014-06-29 09:14 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Garmin
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieUserList
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieSiteList
2014-06-28 19:47 - 2014-06-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2014-06-28 19:47 - 2014-02-08 10:53 - 00000811 _____ () C:\Users\Public\Desktop\XMedia Recode.lnk
2014-06-28 08:15 - 2013-12-17 14:01 - 00000000 ____D () C:\temp
2014-06-27 15:12 - 2014-06-27 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-06-25 23:28 - 2014-06-25 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rene.E Laboratory
2014-06-25 22:49 - 2014-06-25 22:49 - 00000000 ___RD () C:\Users\USER\AppData\Roaming\Brother
2014-06-25 20:56 - 2013-12-17 13:58 - 00000000 ____D () C:\Program Files (x86)\SoftwareUpdater
2014-06-22 13:37 - 2013-10-07 15:29 - 00000000 ____D () C:\Windows\Panther

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.6140.dll


Some content of TEMP:
====================
C:\Users\Feanor\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl4lrfv.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txtFRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by Feanor at 2014-07-21 10:35:01
Running from I:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

7-PDF Printer 10.0.0.1840 (HKLM\...\7-PDF Printer_is1) (Version: 10.0.0.1840 - 7-PDF, Germany - Th. Hodes)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AppsHat Mobile Apps (HKCU\...\AppsHat Mobile Apps) (Version: 1.0.0.0 - Somoto Ltd.) <==== ATTENTION
ArcSoft MediaImpression HD Edition (HKLM-x32\...\{53AB4AF2-C55B-4986-B975-34B71E03716B}) (Version: 3.5.255.985 - ArcSoft)
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Box Sync (HKLM\...\{E984C7AC-7EA2-4CC2-BCE6-8A1C934C3A6C}) (Version: 4.0.4884.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.3956.0 - Box Inc.) Hidden
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
ClearView (HKLM-x32\...\{A95AF23D-1875-41E7-B684-ECA583126755}) (Version: 5.3.4 - SVKSystems)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
Creative Live! Cam Socialize HD (VF0610) (1.03.05.00) (HKLM\...\Creative VF0610) (Version:  - Creative Technology Ltd.)
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.00.15 - Creative Technology Ltd)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Disketch CD-Beschriftungssoftware (HKCU\...\Disketch) (Version: 3.12 - NCH Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elevated Installer (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Express Burn (HKCU\...\ExpressBurn) (Version: 4.69 - NCH Software)
Express Rip (HKCU\...\ExpressRip) (Version: 1.94 - NCH Software)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Foxtab (HKLM-x32\...\foxtab) (Version:  - FoxTab) <==== ATTENTION
Free Pdf Perfect Prereq (HKLM-x32\...\{4bbaea8b-16b8-4122-91b2-ce1696543a81}) (Version: 1.0.0.0 - Covus Freemium GmbH)
Free Pdf Perfect Prereq (x32 Version: 1.0.0.0 - Covus Freemium GmbH) Hidden
FreeCommander XE (HKCU\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
Freemium Free PDF Perfect (HKLM-x32\...\{88265079-D6F4-4292-86BE-D2053E80BFE4}) (Version: 1.0 - Freemium)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 2 Runtime Environment, SE v1.4.1_02 (HKLM-x32\...\{EFCE5837-FC21-11D6-9D24-00010240CE95}) (Version:  - )
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java Web Start (HKLM-x32\...\Java Web Start) (Version:  - )
Joulemeter (HKLM-x32\...\{E043568C-1745-4C69-9D52-43F6E79EB03B}) (Version: 1.2.0 - Microsoft Research)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.4016.1 - Creative Technology Ltd)
LoiLoScope Herunterladen (HKLM-x32\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc)
MAGIX Foto Manager 9 (HKLM-x32\...\MAGIX Foto Manager 9 D) (Version: 7.0.3.118 - MAGIX AG)
MAGIX Online Druck Service (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\{F31C9A68-7F07-4B96-AC58-F71D5DF3DA89}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed 2 (MSI) (HKLM-x32\...\{7FA32C2E-E218-4A04-966D-DECCB0B9C81E}) (Version: 6.0.1.4 - MAGIX AG)
MAGIX Video deluxe 16 Plus Sonderedition (HKLM-x32\...\MAGIX_MSI_Videodeluxe16_plus) (Version: 9.0.5.10 - MAGIX AG)
MAGIX Video deluxe 16 Plus Sonderedition (x32 Version: 9.0.5.10 - MAGIX AG) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.0.4000 - Maxthon International Limited)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 22.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 de)) (Version: 22.0 - Mozilla)
Mozilla Firefox 30.0 (x86 de) (HKCU\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
Mozilla Thunderbird 24.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.0 (x86 de)) (Version: 24.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKCU\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netscape (7.1) (HKLM-x32\...\Netscape (7.1)) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 21.0.1432.67 (HKCU\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.2 - pdfforge)
PEARL PrintProfi Etiketten (HKLM-x32\...\{E7B54F8B-FC06-4F01-AB11-CE37F1D93B81}) (Version:  - )
PHOTOfunSTUDIO 9.1 PE (HKLM-x32\...\{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}) (Version: 9.01.709 - Panasonic Corporation)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PlayMemories Home (HKLM-x32\...\{7EA1A4E8-A5CE-4626-87DC-6DEF99BAE931}) (Version: 3.1.11.04230 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renee Undeleter 2014.5.23.00 (HKLM-x32\...\{EE1F41BE-6DBD-44AE-9F97-4D7F9227329D}_is1) (Version: 2014.5.23.00 - Rene.E Laboratory)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14024.11 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14024.11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.4 - Seagate Technology)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney 8.0  (HKLM-x32\...\{019E4AE0-D532-47EA-B0BB-12833E29C84F}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0  (HKLM-x32\...\{CBF2BF56-4692-4B95-AB01-AB3416694CE7}) (Version: 9.0 - Star Finanz GmbH)
The One Ring 3D Screensaver 1.0 (HKLM-x32\...\The One Ring 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version:  - )
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VideoConverter (HKLM-x32\...\VideoConverter) (Version: ${VERSION} - )
VideoPad Video-Editor (HKCU\...\VideoPad) (Version: 3.25 - NCH Software)
Viewpoint Media Player (Remove Only) (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WavePad Audio-Editor (HKCU\...\WavePad) (Version: 5.58 - NCH Software)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version:  - )
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
XMedia Recode Version 3.1.9.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.0 - XMedia Recode)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () I:\Programme\FileZilla2\FileZilla FTP Client\fzshellext_64.dll
2014-02-08 10:33 - 2014-03-07 22:39 - 03168576 _____ () C:\Users\Feanor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-10-11 14:04 - 2009-05-07 10:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-10-11 14:04 - 2009-05-07 10:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-10-11 14:04 - 2008-01-18 08:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-10-11 14:04 - 2009-07-10 04:48 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Biet-O-Matic.lnk => C:\Windows\pss\Biet-O-Matic.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 9.1 PE.lnk => C:\Windows\pss\PHOTOfunSTUDIO 9.1 PE.lnk.CommonStartup
MSCONFIG\startupreg: BoxSync => "c:\Program Files\Box\Box Sync\BoxSync.exe" -m
MSCONFIG\startupreg: KiesAirMessage => I:\Programme\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesTrayAgent => I:\Programme\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Live! Central 3 => "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
MSCONFIG\startupreg: PDFPrint => I:\Programme\PDF24\pdf24.exe
MSCONFIG\startupreg: PMBVolumeWatcher => I:\Programme\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: TrayServer => I:\PROGRA~2\TrayServer.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\Winampa.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 09:02:54 AM) (Source: MsiInstaller) (EventID: 10005) (User: Feanor-PC)
Description: Produkt: Java 7 Update 65 -- Fehler 25025.Eine frühere Java-Deinstallation wurde niemals abgeschlossen. Sie müssen Ihren Rechner neu starten, bevor Sie Java installieren.

Error: (07/20/2014 01:34:05 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (07/20/2014 00:40:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ebc

Startzeit: 01cfa403f31296f0

Endzeit: 7188

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 2c47474a-0ffa-11e4-b8ba-001966fc5d1c

Error: (07/19/2014 00:50:02 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (07/19/2014 00:31:26 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (07/18/2014 03:41:17 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (07/18/2014 03:22:17 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (07/17/2014 02:40:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/17/2014 02:39:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/17/2014 02:39:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/21/2014 09:04:09 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/21/2014 08:51:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/21/2014 08:51:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (07/21/2014 08:50:19 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/20/2014 02:25:25 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (07/20/2014 00:42:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.

Error: (07/20/2014 00:42:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.

Error: (07/20/2014 00:42:48 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.

Error: (07/20/2014 00:42:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.

Error: (07/20/2014 00:42:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.


Microsoft Office Sessions:
=========================
Error: (07/21/2014 09:02:54 AM) (Source: MsiInstaller) (EventID: 10005) (User: Feanor-PC)
Description: Produkt: Java 7 Update 65 -- Fehler 25025.Eine frühere Java-Deinstallation wurde niemals abgeschlossen. Sie müssen Ihren Rechner neu starten, bevor Sie Java installieren.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2014 01:34:05 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (07/20/2014 00:40:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567ebc01cfa403f31296f07188C:\Windows\Explorer.EXE2c47474a-0ffa-11e4-b8ba-001966fc5d1c

Error: (07/19/2014 00:50:02 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (07/19/2014 00:31:26 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (07/18/2014 03:41:17 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (07/18/2014 03:22:17 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (07/17/2014 02:40:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestI:\Downloads\SoftonicDownloader_fuer_the-one-ring-3d-screensaver.exe

Error: (07/17/2014 02:39:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestI:\Downloads\SoftonicDownloader_fuer_the-one-ring-3d-screensaver.exe

Error: (07/17/2014 02:39:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestI:\Downloads\SoftonicDownloader_fuer_the-one-ring-3d-screensaver.exe


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8191.27 MB
Available physical RAM: 5394.69 MB
Total Pagefile: 16380.72 MB
Available Pagefile: 13451.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:38.26 GB) NTFS
Drive d: (Win7-Backup) (Fixed) (Total:48.83 GB) (Free:11.47 GB) NTFS
Drive e: (Megastore) (Fixed) (Total:1862.89 GB) (Free:1029.24 GB) NTFS
Drive f: (Userdaten) (Fixed) (Total:48.83 GB) (Free:6.69 GB) NTFS
Drive g: (Allgemein) (Fixed) (Total:171.88 GB) (Free:93.67 GB) NTFS
Drive h: (Pictures) (Fixed) (Total:196.23 GB) (Free:27.13 GB) NTFS
Drive i: (BigSpace) (Fixed) (Total:368.1 GB) (Free:100.9 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

--- --- ---

Vielen Dank schon mal im Voraus!

amlughun

schrauber · 21.07.2014, 10:29

hi,

Unsere Tools brauchen immer Adminrechte!

Adware & Co. deinstallieren

Lade Dir bitte von hier Revo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:

diesen Zusatz haben:
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

amlughun · 22.07.2014, 09:52

Hallo Schrauber,

erst mal danke für deine schnelle Antwort.

Schritt 1 :

Bundled Software Uninstaller und
FoxTab deinstalliert.
AppsHat Mobile Apps (HKCU\ nicht gefunden

Zu Schritt 2
Nach dem Ausführen von Combofix ist zwar das Problem gelöst,
allerdings sind meine kompletten FirefoxBrowser, Desktop und E-Maileinstellung weg!

Daher habe ich das System wiederhergestellt. Und da ist das Ursprüngliche Problem auch wieder!

Ist der Effekt unabänderlich!? Ich wollte den SoftwareUpdater.ui.exe löschen, nicht alle meine persönlichen Einstellungen! ;-)

Grüße

Amlughun

Hier noch die Combofixlog
Combofix Logfile:

Code:

ATTFilter

ComboFix 14-07-21.01 - USER 22.07.2014   9:56.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.5738 [GMT 2:00]
ausgeführt von:: c:\users\Feanor\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Feanor\AppData\Local\Minibar
c:\users\Feanor\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Feanor\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Feanor\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Feanor\AppData\Local\Minibar\chrome\includes\content_menu.js
c:\users\Feanor\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Feanor\AppData\Local\Minibar\chrome\includes\content_pageutils.js
c:\users\Feanor\AppData\Local\Minibar\chrome\includes\content_popup.js
c:\users\Feanor\AppData\Local\Minibar\chrome\includes\content_toolbar.js
c:\users\Feanor\AppData\Local\Minibar\chrome\includes\content_toolbar_customfixes.js
c:\users\Feanor\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango-ui\toolbar.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Feanor\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Feanor\AppData\Local\Minibar\chrome\main.js
c:\users\Feanor\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Feanor\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Feanor\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Feanor\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Feanor\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Feanor\AppData\Local\Minibar\chrome\MinibarPlugin.dll
c:\users\Feanor\AppData\Local\Minibar\chrome\popup.js
c:\users\Feanor\AppData\Local\Minibar\chrome\tab.js
c:\users\Feanor\AppData\Local\Minibar\chrome_installer.js
c:\users\Feanor\AppData\Local\Minibar\common.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome.manifest
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\console.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\io.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\main.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js
c:\users\Feanor\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js
c:\users\Feanor\AppData\Local\Minibar\firefox\plugins\npMinibarPlugin.dll
c:\users\Feanor\AppData\Local\Minibar\firefox_installer.js
c:\users\Feanor\AppData\Local\Minibar\ie_installer.js
c:\users\Feanor\AppData\Local\Minibar\SettingsHelper.exe
c:\users\Feanor\AppData\Local\Minibar\Uninstall.exe
c:\users\Public\AlexaNSISPlugin.6140.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-22 bis 2014-07-22  ))))))))))))))))))))))))))))))
.
.
2014-07-22 08:02 . 2014-07-22 08:02	--------	d-----w-	c:\users\wangzhisong\AppData\Local\temp
2014-07-22 08:02 . 2014-07-22 08:02	--------	d-----w-	c:\users\USER\AppData\Local\temp
2014-07-22 08:02 . 2014-07-22 08:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-22 07:08 . 2014-07-22 07:08	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F4EF5A6-D250-4BFD-A952-88BF7179D4C9}\offreg.dll
2014-07-22 07:01 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F4EF5A6-D250-4BFD-A952-88BF7179D4C9}\mpengine.dll
2014-07-21 08:34 . 2014-07-22 07:14	--------	d-----w-	C:\FRST
2014-07-21 07:00 . 2014-07-21 07:00	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-07-21 07:00 . 2013-12-18 20:09	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-16 09:42 . 2014-07-16 09:42	--------	d-----w-	c:\programdata\FNET
2014-07-16 09:42 . 2014-07-17 05:45	--------	d-----w-	c:\program files (x86)\PcCloneEX
2014-07-14 16:39 . 2014-06-03 10:02	1719296	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2014-07-14 16:39 . 2014-06-03 10:02	1389568	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2014-07-14 16:39 . 2014-06-03 10:02	1380864	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2014-07-14 16:39 . 2014-06-03 10:02	1354240	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-14 16:39 . 2014-06-03 09:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-14 16:39 . 2014-06-30 02:09	519168	----a-w-	c:\windows\system32\aepdu.dll
2014-07-14 16:39 . 2014-06-30 02:04	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-07-14 16:39 . 2014-06-18 02:19	1247232	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-14 16:39 . 2014-06-18 01:10	3157504	----a-w-	c:\windows\system32\win32k.sys
2014-07-06 21:18 . 2014-07-06 21:18	--------	d-----w-	c:\users\Feanor\AppData\Roaming\dvdcss
2014-07-06 10:06 . 2014-07-06 10:06	43152	----a-w-	c:\windows\avastSS.scr
2014-07-06 10:06 . 2014-07-06 10:06	448400	----a-w-	c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-04 10:37 . 2014-07-04 10:37	--------	d-----w-	c:\users\USER\AppData\Local\Microsoft Research
2014-06-29 07:14 . 2014-06-29 07:14	--------	d-----w-	c:\users\Feanor\AppData\Roaming\Garmin
2014-06-29 07:11 . 2014-06-29 07:11	--------	d-sh--w-	c:\users\Feanor\AppData\Local\EmieUserList
2014-06-29 07:11 . 2014-06-29 07:11	--------	d-sh--w-	c:\users\Feanor\AppData\Local\EmieSiteList
2014-06-27 13:11 . 2014-06-27 13:11	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2014-06-25 20:49 . 2014-06-25 20:49	--------	d-----r-	c:\users\USER\AppData\Roaming\Brother
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-14 18:29 . 2013-10-08 16:29	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-07-14 18:06 . 2013-11-19 18:34	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-14 18:06 . 2013-11-19 18:34	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-06 10:06 . 2013-10-07 13:03	427360	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-07-06 10:06 . 2014-04-28 07:39	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-07-06 10:06 . 2013-12-28 18:13	92008	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-07-06 10:06 . 2013-10-07 13:03	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-07-06 10:06 . 2013-10-07 13:03	224896	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-07-06 10:06 . 2013-10-07 13:03	1041168	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-07-06 10:06 . 2013-10-07 13:03	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-07-06 10:06 . 2013-10-07 13:03	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-07-06 10:06 . 2013-10-07 13:03	307344	----a-w-	c:\windows\system32\aswBoot.exe
2014-07-06 10:06 . 2013-10-07 13:03	28184	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2014-04-25 02:34 . 2014-06-15 12:22	801280	----a-w-	c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-15 12:22	626688	----a-w-	c:\windows\SysWow64\usp10.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="i:\programme\Garmin\Garmin\Express Tray\ExpressTray.exe" [2014-06-09 122200]
"CCleaner Monitoring"="i:\programme\CCleaner64.exe" [2014-06-24 6262552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 2245120]
"V0610Mon.exe"="c:\windows\V0610Mon.exe" [2011-08-22 24576]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AvastUI.exe"="g:\programme\avast\AvastUI.exe" [2014-07-06 4086432]
"PMBVolumeWatcher"="i:\programme\PlayMemories Home\PMBVolumeWatcher.exe" [2014-04-23 2548248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;g:\programme\avast\afwServ.exe;g:\programme\avast\afwServ.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;i:\programme\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;i:\programme\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;i:\programme\PlayMemories Home\PMBDeviceInfoProvider.exe;i:\programme\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;i:\programme\StarMoney\ouservice\StarMoneyOnlineUpdate.exe;i:\programme\StarMoney\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;i:\programme\StarMoney9\ouservice\StarMoneyOnlineUpdate.exe;i:\programme\StarMoney9\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 V0610Vid;Creative Live! Cam Socialize HD Driver;c:\windows\system32\DRIVERS\V0610Vid.sys;c:\windows\SYSNATIVE\DRIVERS\V0610Vid.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-19 18:06]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17 12:31]
.
2014-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17 12:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}"
[HKEY_CLASSES_ROOT\CLSID\{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{e22ccf16-2db6-3de8-9a2c-acb66b571b69}"
[HKEY_CLASSES_ROOT\CLSID\{e22ccf16-2db6-3de8-9a2c-acb66b571b69}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}"
[HKEY_CLASSES_ROOT\CLSID\{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{01fcd170-7f0a-3b6a-b992-66a7a20289b5}"
[HKEY_CLASSES_ROOT\CLSID\{01fcd170-7f0a-3b6a-b992-66a7a20289b5}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-06 10:06	634872	----a-w-	g:\programme\avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2010-11-20 296960]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013
TCP: DhcpNameServer = 192.168.178.1
DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} - file:///J:/viewer/ORDcmViewCD.ocx
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\qegt7qzu.default\
FF - user.js: extensions.irspeeddial.aflt - fxtb103
FF - user.js: extensions.irspeeddial.instlRef - 
FF - user.js: extensions.irspeeddial.cr - 254093279
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtCzyyCyC0F0CyD0DtC0C0AyEtDtBtN0D0Tzu0SyByCzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu1G2Z1S
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-227246507-328320338-1266968098-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-227246507-328320338-1266968098-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_USERS\S-1-5-21-227246507-328320338-1266968098-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-227246507-328320338-1266968098-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-227246507-328320338-1266968098-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-227246507-328320338-1266968098-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-22  10:04:57
ComboFix-quarantined-files.txt  2014-07-22 08:04
ComboFix2.txt  2014-07-22 07:33
.
Vor Suchlauf: 13 Verzeichnis(se), 41.145.540.608 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 40.482.508.800 Bytes frei
.
- - End Of File - - 5EF04DF268818DDC4DAB9280AA473157

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 23.07.2014, 08:14

Hm, ich sehe nicht dass da was gelöscht wurde.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

amlughun · 23.07.2014, 09:12

Danke Schrauber,

Wie es scheint ist das Problem nun gelöst.
(Und meine persönlichen Einstellungen noch alle da! ;-))

Anbei die Logdateien:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 23.07.2014
Suchlauf-Zeit: 09:19:59
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.23.02
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: USER

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 350044
Verstrichene Zeit: 7 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 30
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [dc12960c1b605dd9f86cbda155adda26],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [dc12960c1b605dd9f86cbda155adda26],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [836b30721863cf671cdfe0b536ccaa56],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [836b30721863cf671cdfe0b536ccaa56],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [836b30721863cf671cdfe0b536ccaa56],
PUP.Optional.Iminent.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}, In Quarantäne, [c02e732ff28983b30d01b1a861a15ca4],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [7777fca6fa8174c27e4af59d847ead53],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [eb0300a284f737ff9930078ba062b749],
PUP.Optional.Somoto.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AppsHat Mobile Apps, In Quarantäne, [fbf30b972457fe3877c60c167a86916f],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [3ab42979b0cb69cd50482cc3b64c37c9],
PUP.Optional.MiniBar.A, HKLM\SOFTWARE\WOW6432NODE\MINIBAR, In Quarantäne, [dd114e545427be7808fc0107b05435cb],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [6c824f530675dd592e6fad58da2ac13f],
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, In Quarantäne, [fbf3dbc7c6b5db5b67a22bbffd05e719],
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.6, In Quarantäne, [539bc7dbc7b43105b838f4ed6e9416ea],
PUP.Optional.Iminent.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [dc12aef439429a9c851416d97a88aa56],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ca24980a4a31f93d917c70a957ad4bb5],
PUP.Optional.Feven.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, In Quarantäne, [4ca2aef4295282b468a1707a0002dc24],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.6, In Quarantäne, [c12d168ceb9066d0609028b909f943bd],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-3.8, In Quarantäne, [de10acf6027947efa54b9d44f60cf40c],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.6, In Quarantäne, [4ba3fca6e59648ee23cdf3ee6b97ab55],
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI, In Quarantäne, [d01e7230453646f0210cfe0cbc48ca36],
PUP.Optional.Softonic.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [19d56a3818630a2c03b8825b5fa3f20e],
PUP.Optional.Somoto.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP, In Quarantäne, [49a50c964d2e0f27aeb2f316f0146b95],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.6, In Quarantäne, [9d51089aafccd5619d53ac354fb339c7],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.6, In Quarantäne, [98564161a4d7a4925997f1f048ba4db3],
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, In Quarantäne, [6787ced4c9b2e25430071af15ca80cf4],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [f4faced485f60432049fe30b04fec43c],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [c22c0d9584f7989ed4de9f658c787e82],
PUP.Optional.Softonic.A, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [b935e7bbb5c61620f5c6f6e7f50d7789],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [915d9a08daa152e4cdcf1aebe123c63a],

Registrierungswerte: 6
PUP.Optional.MiniBar.A, HKLM\SOFTWARE\WOW6432NODE\MINIBAR|NoDns, true, In Quarantäne, [dd114e545427be7808fc0107b05435cb]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 1590555977471492095, In Quarantäne, [6c824f530675dd592e6fad58da2ac13f]
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, In Quarantäne, [d01e7230453646f0210cfe0cbc48ca36]
PUP.Optional.Somoto.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP|affid, schriftartenfontsde, In Quarantäne, [49a50c964d2e0f27aeb2f316f0146b95]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0J1L2U1C1H1Q0R2X1L1R1P0B1P, In Quarantäne, [c22c0d9584f7989ed4de9f658c787e82]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1590555977471492095, In Quarantäne, [915d9a08daa152e4cdcf1aebe123c63a]

Registrierungsdaten: 10
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013),Ersetzt,[86681a884c2f162034a70c9829db5ca4]
PUP.Optional.Snapdo, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013),Ersetzt,[b33bf9a99fdc033385bcf8b6f80cff01]
PUP.Optional.Iminent.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, Start Search, Gut: (Google), Schlecht: (Start Search,[a14dd8ca7803b97dfa44f1be1de78c74]
PUP.Optional.Snapdo, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013),Ersetzt,[4aa44f535a219d99e15f406e6a9a0bf5]
PUP.Optional.Snapdo, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013),Ersetzt,[ce20bde55724979f12311f8f39cb17e9]
PUP.Optional.Snapdo, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013),Ersetzt,[30bef1b1c8b30f275fe587276f95b14f]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-227246507-328320338-1266968098-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013),Ersetzt,[5d918a1848336dc905d72a7a36ce758b]
PUP.Optional.Snapdo, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013),Ersetzt,[4f9f4b572c4f280e5ae91f8f788c926e]
PUP.Optional.Snapdo, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013),Ersetzt,[faf4dac88dee25119da7981611f3fb05]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-227246507-328320338-1266968098-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=0736d132-aa32-679a-0ab1-468ed72b8b1a&searchtype=ds&q={searchTerms}&installDate=18/11/2013),Ersetzt,[0be3c0e25a21c07626b6a7fde71d4bb5]

Ordner: 12
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\icons, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\minibar, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.Iminent.A, C:\Users\Feanor\AppData\Roaming\Iminent\Mediator, In Quarantäne, [8b637f2347347bbb504152539d656f91],
PUP.Optional.Iminent.A, C:\Users\Feanor\AppData\Roaming\Iminent\Mediator\Datas, In Quarantäne, [8b637f2347347bbb504152539d656f91],
PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, In Quarantäne, [f1fd208209721f1718a50b9a58aaf010],
PUP.Optional.PlusHD.A, C:\Users\Feanor\AppData\LocalLow\Plus-HD-4.6, In Quarantäne, [727c970b3e3d6cca7f18b6f6d62ce51b],
PUP.Optional.Appshat.A, C:\Users\Feanor\AppData\Local\AppsHat Mobile Apps, In Quarantäne, [ed01c2e0cbb072c4f86a388749b93ec2],

Dateien: 56
PUP.Optional.Somoto.A, C:\Users\Feanor\AppData\Local\AppsHat Mobile Apps\Uninstall.exe, In Quarantäne, [fbf30b972457fe3877c60c167a86916f],
PUP.Optional.AdLyrics, C:\Users\Feanor\AppData\Local\DownloadGuide\best-markit_2040-5390.exe, In Quarantäne, [27c78d15d2a9d6603b59fb5f659cb34d],
PUP.Optional.ScramblePacker.A, C:\Users\Feanor\AppData\Local\DownloadGuide\plus-hd-3-8.exe, In Quarantäne, [e905534f1b6051e590d6691b30d1f808],
PUP.Optional.Conduit.A, C:\Users\Feanor\AppData\Local\DownloadGuide\sp-downloader.exe, In Quarantäne, [c12dbee47dfec96d4ab6d64fd22fdd23],
PUP.Optional.CrossRider, C:\Users\Feanor\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe, In Quarantäne, [a6487d25a4d70234f1b21a102cd547b9],
PUP.Optional.Conduit.A, C:\Users\USER\AppData\Local\DownloadGuide\mconduitinstaller.exe, In Quarantäne, [15d9ebb75922b2844ea922fcbf41817f],
PUP.Optional.CrossRider, C:\Users\USER\AppData\Local\DownloadGuide\plus-hd-3-8.exe, In Quarantäne, [be30257d3249cc6a4360ca60679ac838],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\initial_config.json, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\config.xml, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\extension_info.json, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\main.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\Minibar.dll, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\icons\icon128.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\icons\icon16.ico, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\icons\icon19.ico, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\icons\icon19.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\icons\icon32.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\icons\icon48.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\browser.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\console.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\event_listener.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\initialize.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\io.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\json.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\jsonstorage.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\kango.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\lang.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\md5.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\messaging.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\storage.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\userscript_engine.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\utils.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango\xhr.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\commandbar_button.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\toolbar.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\toolbar_stub.html, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\ui.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\bottom-left.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\bottom-middle.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\bottom-right.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\middle-left.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\middle-right.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-bottom.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-left.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-right.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-top.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\top-left.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\top-middle.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\top-right.png, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\minibar\actions.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\minibar\cachedxhr.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\minibar\config.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\minibar\macros.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.MiniBar.A, C:\Program Files (x86)\Minibar\minibar\minibar.js, In Quarantäne, [ca244e54cead93a311f2ed1b9b6922de],
PUP.Optional.Iminent.A, C:\Users\Feanor\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat, In Quarantäne, [8b637f2347347bbb504152539d656f91],
PUP.Optional.Iminent.A, C:\Users\Feanor\AppData\Roaming\Iminent\Mediator\Datas\user.dat, In Quarantäne, [8b637f2347347bbb504152539d656f91],

Physische Sektoren: 0
(No malicious items detected)

(end)AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.216 - Bericht erstellt am 23/07/2014 um 09:43:05
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : USER - FEANOR-PC
# Gestartet von : C:\Users\Feanor\Desktop\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateveberGreat_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateveberGreat_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_arcsoft-mediaimpression-3d_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_arcsoft-mediaimpression-3d_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\covus freemium gmbh
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\Software\Minibar
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v22.0 (de)

[ Datei : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\qegt7qzu.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : mbegnhpbhfjiaelealfpieodkembdgbj

*************************

AdwCleaner[R0].txt - [17621 octets] - [23/07/2014 09:40:21]
AdwCleaner[R1].txt - [15849 octets] - [23/07/2014 09:42:07]
AdwCleaner[S0].txt - [1994 octets] - [23/07/2014 09:41:30]
AdwCleaner[S1].txt - [15077 octets] - [23/07/2014 09:43:05]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [15138 octets] ##########

--- --- ---JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by USER on 23.07.2014 at  9:52:46,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2014 at  9:59:39,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by USER (administrator) on FEANOR-PC on 23-07-2014 10:07:56
Running from C:\Users\Feanor\Desktop\ANTI-Malware
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AVAST Software) G:\Programme\avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) G:\Programme\avast\afwServ.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Feanor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd.) C:\Windows\V0610Mon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVAST Software) G:\Programme\avast\AvastUI.exe
(Sony Corporation) I:\Programme\PlayMemories Home\PMBVolumeWatcher.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Sony Corporation) I:\Programme\PlayMemories Home\PMBDeviceInfoProvider.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) I:\Programme\StarMoney\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) I:\Programme\StarMoney9\ouservice\StarMoneyOnlineUpdate.exe
(Mozilla Corporation) G:\Programme\firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-07-15] (VIA)
HKLM-x32\...\Run: [V0610Mon.exe] => C:\Windows\V0610Mon.exe [24576 2011-08-22] (Creative Technology Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => G:\Programme\avast\AvastUI.exe [4086432 2014-07-06] (AVAST Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] => I:\Programme\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-21-227246507-328320338-1266968098-1001\...\Run: [Amazon Cloud Player] => C:\Users\Feanor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-227246507-328320338-1266968098-1001\...\MountPoints2: {4569ba9e-2f4c-11e3-ad9e-806e6f6e6963} - J:\start.exe /checksection
HKU\S-1-5-21-227246507-328320338-1266968098-1004\...\Run: [GarminExpressTrayApp] => I:\Programme\Garmin\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-227246507-328320338-1266968098-1004\...\Run: [CCleaner Monitoring] => I:\Programme\CCleaner64.exe [6262552 2014-06-24] (Piriform Ltd)
ShellIconOverlayIdentifiers: 0000BoxSyncFileLocked -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncNotSynced -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncProblem -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncSynced -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => G:\Programme\avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> G:\Programme\avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> G:\Programme\avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} -  No File
DPF: HKLM-x32 {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///J:/viewer/ORDcmViewCD.ocx
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\qegt7qzu.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\qegt7qzu.default\Extensions\staged [2013-12-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - G:\Programme\avast\WebRep\FF
FF Extension: avast! Online Security - G:\Programme\avast\WebRep\FF [2013-10-07]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF StartMenuInternet: FIREFOX.EXE - G:\Programme\firefox\firefox.exe

Chrome: 
=======
CHR HomePage: 
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - G:\Programme\avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; G:\Programme\avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 avast! Firewall; G:\Programme\avast\afwServ.exe [106488 2014-07-06] (AVAST Software)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [21504 2013-12-26] (Box Inc.) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S2 Garmin Core Update Service; I:\Programme\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PMBDeviceInfoProvider; I:\Programme\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)
R2 StarMoney 8.0 OnlineUpdate; I:\Programme\StarMoney\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; I:\Programme\StarMoney9\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2014-01-23] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-06] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 V0610Vid; C:\Windows\System32\DRIVERS\V0610Vid.sys [323136 2011-09-01] (Creative Technology Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225280 2013-07-12] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-07-12] (VIA Technologies, Inc.)
S3 Afc; SysWOW64\drivers\Afc.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 09:59 - 2014-07-23 09:59 - 00000624 _____ () C:\Users\USER\Desktop\JRT.txt
2014-07-23 09:52 - 2014-07-23 09:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 09:51 - 2014-07-23 09:51 - 00000965 _____ () C:\Users\Feanor\Desktop\AdwCleaner[S1] - Verknüpfung.lnk
2014-07-23 09:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-23 09:40 - 2014-07-23 09:52 - 00000000 ____D () C:\AdwCleaner
2014-07-23 09:39 - 2014-07-23 09:39 - 00022671 _____ () C:\Users\Feanor\Desktop\mbam.txt
2014-07-23 09:36 - 2014-07-23 09:36 - 00022671 _____ () C:\Users\USER\Desktop\mbam.txt
2014-07-23 09:19 - 2014-07-23 09:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 09:19 - 2014-07-23 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 09:19 - 2014-07-23 09:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 09:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-23 09:19 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-23 09:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-22 16:26 - 2014-07-23 10:07 - 00000000 ____D () C:\Users\Feanor\Desktop\ANTI-Malware
2014-07-22 10:22 - 2014-07-22 10:22 - 00004072 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1381857983
2014-07-22 10:04 - 2014-07-22 10:04 - 00028799 _____ () C:\ComboFix.txt
2014-07-22 09:55 - 2014-07-22 10:05 - 00000000 ____D () C:\ComboFix
2014-07-22 09:23 - 2014-07-22 10:07 - 00000000 ____D () C:\Qoobox
2014-07-22 09:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-22 09:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-22 09:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-22 09:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-22 09:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-22 09:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-22 09:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-22 09:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-22 09:22 - 2014-07-22 10:07 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 09:02 - 2014-07-22 09:02 - 00000732 _____ () C:\Users\USER\Desktop\Revo Uninstaller.lnk
2014-07-21 10:52 - 2014-07-21 10:43 - 00050477 _____ () C:\Users\Feanor\Desktop\Defogger.exe
2014-07-21 10:34 - 2014-07-23 10:07 - 00000000 ____D () C:\FRST
2014-07-21 09:52 - 2014-07-21 09:52 - 00000885 _____ () C:\Users\Feanor\AppData\Local\recently-used.xbel
2014-07-21 09:00 - 2014-04-09 13:01 - 00131072 _____ () C:\Windows\SysWOW64\javaws.exe
2014-07-21 09:00 - 2013-12-18 22:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-21 09:00 - 2013-12-18 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-21 09:00 - 2013-12-18 22:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-21 08:59 - 2014-07-21 09:00 - 00000760 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-20 14:25 - 2014-07-23 10:06 - 00009072 _____ () C:\Windows\setupact.log
2014-07-20 14:25 - 2014-07-23 09:44 - 00018584 _____ () C:\Windows\PFRO.log
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 14:41 - 2014-07-20 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2014-07-17 14:40 - 2014-07-17 14:40 - 02255074 _____ (3Planesoft ) C:\Users\USER\Desktop\the_one_ring.exe
2014-07-16 19:44 - 2014-07-16 19:44 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-16 11:42 - 2014-07-17 07:45 - 00000000 ____D () C:\Program Files (x86)\PcCloneEX
2014-07-16 11:42 - 2014-07-16 11:42 - 00000000 ____D () C:\ProgramData\FNET
2014-07-14 18:39 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-14 18:39 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-14 18:39 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-14 18:38 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-14 18:38 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-14 18:38 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-14 18:38 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-14 18:38 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-14 18:38 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-14 18:38 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-14 18:38 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-14 18:38 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-14 18:38 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-14 18:38 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-14 18:38 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-14 18:38 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-14 18:38 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-14 18:38 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-14 18:38 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-14 18:38 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-14 18:38 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-14 18:38 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-14 18:38 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-14 18:38 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-14 18:38 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-14 18:38 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-14 18:38 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-14 18:38 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-14 18:38 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-14 18:38 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-14 18:38 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-14 18:38 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-14 18:38 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-14 18:38 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-14 18:38 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-14 18:38 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-14 18:38 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-14 18:38 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-14 18:38 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-14 18:38 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-14 18:38 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-14 18:38 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-14 18:38 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-14 18:38 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-14 18:38 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-14 18:38 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-14 18:38 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-14 18:38 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-14 18:38 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-14 18:38 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-14 18:38 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-14 18:38 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-14 18:38 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-14 18:38 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-14 18:38 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-14 18:38 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-14 18:38 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-14 18:38 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-14 18:38 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-14 18:38 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-14 18:38 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-14 18:38 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-14 18:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-14 18:38 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-14 18:38 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-14 18:38 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-14 18:38 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-06 23:18 - 2014-07-06 23:18 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\dvdcss
2014-07-06 18:01 - 2014-07-06 18:01 - 04996210 _____ (Tim Kosse) C:\Users\Feanor\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-06 12:06 - 2014-07-06 12:06 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-06 12:06 - 2014-07-06 12:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-04 12:37 - 2014-07-04 12:37 - 00000000 ____D () C:\Users\USER\AppData\Local\Microsoft Research
2014-07-04 12:35 - 2014-07-04 12:35 - 00002953 _____ () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2014-07-04 12:28 - 2014-04-25 11:06 - 14155776 _____ () C:\Users\Feanor\AppData\Roaming\Sandra.mdb
2014-06-29 09:15 - 2014-06-29 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-29 09:14 - 2014-06-29 09:14 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Garmin
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieUserList
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieSiteList
2014-06-28 19:47 - 2014-06-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2014-06-27 15:12 - 2014-07-04 12:39 - 00002453 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-06-27 15:12 - 2014-06-27 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-06-25 23:28 - 2014-06-25 23:28 - 00000575 _____ () C:\Users\USER\Desktop\Renee Undeleter.lnk
2014-06-25 23:28 - 2014-06-25 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rene.E Laboratory
2014-06-25 22:49 - 2014-06-25 22:49 - 00000000 ___RD () C:\Users\USER\AppData\Roaming\Brother
2014-06-25 21:39 - 2014-06-25 21:39 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recuva
2014-06-25 21:38 - 2014-06-25 21:38 - 04210920 _____ (Piriform Ltd) C:\Users\USER\Downloads\rcsetup151_CB-DL-Manager [1].exe
2014-06-25 21:38 - 2014-06-25 21:38 - 00788832 _____ ( ) C:\Users\USER\Downloads\rcsetup151_CB-DL-Manager.exe
2014-06-25 21:32 - 2014-06-25 21:32 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2014-06-25 21:30 - 2014-06-25 21:30 - 03462033 _____ () C:\Users\USER\Downloads\pci_filerecovery.exe
2014-06-25 21:24 - 2014-06-25 21:24 - 12171304 _____ (Rene.E Laboratory ) C:\Users\USER\Downloads\ReneeUndeleter_2014.exe
2014-06-25 21:06 - 2014-06-25 21:06 - 05930480 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\USER\Downloads\StellarPhoenixWindowsDataRecovery-Professional.exe

==================== One Month Modified Files and Folders =======

2014-07-23 10:07 - 2014-07-22 16:26 - 00000000 ____D () C:\Users\Feanor\Desktop\ANTI-Malware
2014-07-23 10:07 - 2014-07-21 10:34 - 00000000 ____D () C:\FRST
2014-07-23 10:06 - 2014-07-20 14:25 - 00009072 _____ () C:\Windows\setupact.log
2014-07-23 10:06 - 2013-11-21 22:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-23 10:05 - 2013-12-17 14:31 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 10:05 - 2013-10-11 14:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-23 10:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 10:04 - 2013-10-07 14:33 - 01885809 _____ () C:\Windows\WindowsUpdate.log
2014-07-23 09:59 - 2014-07-23 09:59 - 00000624 _____ () C:\Users\USER\Desktop\JRT.txt
2014-07-23 09:52 - 2014-07-23 09:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 09:52 - 2014-07-23 09:40 - 00000000 ____D () C:\AdwCleaner
2014-07-23 09:52 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 09:52 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-23 09:51 - 2014-07-23 09:51 - 00000965 _____ () C:\Users\Feanor\Desktop\AdwCleaner[S1] - Verknüpfung.lnk
2014-07-23 09:44 - 2014-07-20 14:25 - 00018584 _____ () C:\Windows\PFRO.log
2014-07-23 09:39 - 2014-07-23 09:39 - 00022671 _____ () C:\Users\Feanor\Desktop\mbam.txt
2014-07-23 09:38 - 2014-07-23 09:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 09:36 - 2014-07-23 09:36 - 00022671 _____ () C:\Users\USER\Desktop\mbam.txt
2014-07-23 09:29 - 2013-12-17 14:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 09:27 - 2013-12-17 13:55 - 00000000 ____D () C:\Users\Feanor\AppData\Local\DownloadGuide
2014-07-23 09:27 - 2013-11-18 20:12 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Iminent
2014-07-23 09:19 - 2014-07-23 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 09:19 - 2014-07-23 09:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 09:17 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-23 09:17 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-23 09:17 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 10:22 - 2014-07-22 10:22 - 00004072 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1381857983
2014-07-22 10:11 - 2013-10-07 14:40 - 00000000 ____D () C:\Users\Feanor
2014-07-22 10:07 - 2014-07-22 09:23 - 00000000 ____D () C:\Qoobox
2014-07-22 10:07 - 2014-07-22 09:22 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 10:07 - 2013-10-07 15:08 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Thunderbird
2014-07-22 10:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-22 10:05 - 2014-07-22 09:55 - 00000000 ____D () C:\ComboFix
2014-07-22 10:04 - 2014-07-22 10:04 - 00028799 _____ () C:\ComboFix.txt
2014-07-22 09:44 - 2014-05-15 12:24 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\DropboxMaster
2014-07-22 09:42 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-22 09:31 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-22 09:02 - 2014-07-22 09:02 - 00000732 _____ () C:\Users\USER\Desktop\Revo Uninstaller.lnk
2014-07-22 08:59 - 2013-10-07 19:00 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Dropbox
2014-07-21 10:43 - 2014-07-21 10:52 - 00050477 _____ () C:\Users\Feanor\Desktop\Defogger.exe
2014-07-21 09:54 - 2013-12-12 21:11 - 00000000 ____D () C:\Users\Feanor\.gimp-2.8
2014-07-21 09:52 - 2014-07-21 09:52 - 00000885 _____ () C:\Users\Feanor\AppData\Local\recently-used.xbel
2014-07-21 09:00 - 2014-07-21 08:59 - 00000760 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-21 09:00 - 2013-10-24 10:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-21 09:00 - 2013-10-07 18:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-21 08:51 - 2013-10-07 15:03 - 00004144 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 12:53 - 2014-03-26 19:06 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\DAEMON Tools Lite
2014-07-20 12:53 - 2013-11-09 12:02 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\FileZilla
2014-07-20 12:43 - 2013-12-17 13:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-20 12:41 - 2014-07-17 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2014-07-20 12:33 - 2013-12-17 14:32 - 00000563 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-20 12:33 - 2013-12-17 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-18 19:29 - 2013-10-07 21:24 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\vlc
2014-07-18 19:13 - 2013-10-07 18:53 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Usenet.nl
2014-07-17 14:40 - 2014-07-17 14:40 - 02255074 _____ (3Planesoft ) C:\Users\USER\Desktop\the_one_ring.exe
2014-07-17 07:45 - 2014-07-16 11:42 - 00000000 ____D () C:\Program Files (x86)\PcCloneEX
2014-07-16 19:44 - 2014-07-16 19:44 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-16 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-16 11:42 - 2014-07-16 11:42 - 00000000 ____D () C:\ProgramData\FNET
2014-07-15 13:05 - 2009-07-14 06:45 - 00462264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 13:03 - 2014-05-07 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-15 13:03 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 13:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-15 13:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-14 20:31 - 2013-10-08 18:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-14 20:29 - 2013-10-08 18:29 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-14 20:06 - 2013-11-21 22:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-14 20:06 - 2013-11-19 20:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-14 20:06 - 2013-11-19 20:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 23:18 - 2014-07-06 23:18 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\dvdcss
2014-07-06 18:01 - 2014-07-06 18:01 - 04996210 _____ (Tim Kosse) C:\Users\Feanor\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-06 12:06 - 2014-07-06 12:06 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-06 12:06 - 2014-07-06 12:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-06 12:06 - 2014-04-28 09:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-06 12:06 - 2013-12-28 20:13 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-06 12:06 - 2013-10-07 15:03 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-07-04 12:39 - 2014-06-27 15:12 - 00002453 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-07-04 12:37 - 2014-07-04 12:37 - 00000000 ____D () C:\Users\USER\AppData\Local\Microsoft Research
2014-07-04 12:35 - 2014-07-04 12:35 - 00002953 _____ () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2014-07-04 11:58 - 2013-11-19 10:55 - 00005632 _____ () C:\Users\Feanor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-30 04:09 - 2014-07-14 18:39 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-14 18:39 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 09:15 - 2014-06-29 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-29 09:15 - 2014-05-03 18:32 - 00003550 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-06-29 09:15 - 2014-05-03 18:32 - 00001720 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-06-29 09:15 - 2014-05-03 18:32 - 00000000 ____D () C:\ProgramData\Garmin
2014-06-29 09:14 - 2014-06-29 09:14 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Garmin
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieUserList
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieSiteList
2014-06-28 19:47 - 2014-06-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2014-06-28 19:47 - 2014-02-08 10:53 - 00000811 _____ () C:\Users\Public\Desktop\XMedia Recode.lnk
2014-06-28 08:15 - 2013-12-17 14:01 - 00000000 ____D () C:\temp
2014-06-27 15:12 - 2014-06-27 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-06-25 23:28 - 2014-06-25 23:28 - 00000575 _____ () C:\Users\USER\Desktop\Renee Undeleter.lnk
2014-06-25 23:28 - 2014-06-25 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rene.E Laboratory
2014-06-25 22:49 - 2014-06-25 22:49 - 00000000 ___RD () C:\Users\USER\AppData\Roaming\Brother
2014-06-25 21:39 - 2014-06-25 21:39 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recuva
2014-06-25 21:38 - 2014-06-25 21:38 - 04210920 _____ (Piriform Ltd) C:\Users\USER\Downloads\rcsetup151_CB-DL-Manager [1].exe
2014-06-25 21:38 - 2014-06-25 21:38 - 00788832 _____ ( ) C:\Users\USER\Downloads\rcsetup151_CB-DL-Manager.exe
2014-06-25 21:32 - 2014-06-25 21:32 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2014-06-25 21:30 - 2014-06-25 21:30 - 03462033 _____ () C:\Users\USER\Downloads\pci_filerecovery.exe
2014-06-25 21:24 - 2014-06-25 21:24 - 12171304 _____ (Rene.E Laboratory ) C:\Users\USER\Downloads\ReneeUndeleter_2014.exe
2014-06-25 21:06 - 2014-06-25 21:06 - 05930480 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\USER\Downloads\StellarPhoenixWindowsDataRecovery-Professional.exe
2014-06-25 19:23 - 2013-12-17 14:31 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 19:22 - 2013-12-17 14:31 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Feanor\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjnw1gf.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 15:22

==================== End Of Log ============================

--- --- ---

schrauber · 23.07.2014, 15:50

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

amlughun · 27.07.2014, 17:53

PANIK!!!

Wie da wurden 51 Bedrohungen gefunden!?!?

Ok, anbei die Files!
Und danke für deine Hilfe und die schnelle Antwort!

Die LOG.Txt
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ede2c7b6e4d3304a8dc9df32c9f38e6e
# engine=19367
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-27 03:24:54
# local_time=2014-07-27 05:24:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 97 1833366 170895184 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 19597 158104544 0 0
# scanned=574166
# found=51
# cleaned=0
# scan_time=18806
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoConverter\VideoConverter.exe.vir"
sh=59553FA3E79BFCCB9D9C9A63BA29F17BB5532E18 ft=1 fh=43584af7f7cf7eb5 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\USERs\USER\AppData\Local\DownloadGuide\veberGreat_cs.exe.vir"
sh=0C100F3FFFBA8C399D093B9120716B2769976250 ft=1 fh=322087382cbac1b5 vn="MSIL/DownloadGuide.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\USERs\USER\AppData\Local\Software Updater\Downloads\DLG_free-driver-scout_update_de-DE.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\USERs\USER\AppData\Roaming\1H1Q\Video Converter Packages\uninstaller.exe.vir"
sh=C898F8850BEAC73351DCAEA12D55C37CCCC7BD8E ft=1 fh=dfbe915d753736a1 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Feanor\Downloads\Biet O Matic - CHIP-Downloader.exe"
sh=E4BE688869AA9621C62170C16E8D86AD63B0A47C ft=1 fh=6b76f9cdf5365e20 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Feanor\Downloads\PDFCreator-1_9_2-setup-beta.exe"
sh=99B5BAF87F25B0B6F6D4316BF29ABD577831BE3B ft=1 fh=9c2f47f32a1ed9f0 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Feanor\Downloads\smoney8.0.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\USER\Desktop\PDFCreator-1_7_1_setup.exe"
sh=3C8401D15A28BE8B82EB90A62028CD95ACE78437 ft=1 fh=26d539756649cab0 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\USER\Downloads\rcsetup151_CB-DL-Manager.exe"
sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
sh=F017DAD4BA3C5E3433955888B9FF74ADF484320A ft=0 fh=0000000000000000 vn="Win32/Packed.ScrambleWrapper.D evtl. unerwünschte Anwendung" ac=I fn="D:\FEANOR-PC\Backup Set 2014-01-19 211403\Backup Files 2014-01-19 211403\Backup files 2.zip"
sh=4529CCD103DADFF3996BB8D661CA94ECADCA18CD ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\FEANOR-PC\Backup Set 2014-01-19 211403\Backup Files 2014-01-19 211403\Backup files 5.zip"
sh=1567B0C9F41BED8DCFECC33CB7B288310026C986 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="D:\FEANOR-PC\Backup Set 2014-01-19 211403\Backup Files 2014-01-19 211403\Backup files 6.zip"
sh=8EFB65A4F6D4D2D52F9B7850E252B6E2D14239EE ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\FEANOR-PC\Backup Set 2014-01-26 190001\Backup Files 2014-02-03 192536\Backup files 2.zip"
sh=25CCBB5E877357AB2B4FCC5FCAEA1FB96ED4EC18 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\FEANOR-PC\Backup Set 2014-01-26 190001\Backup Files 2014-02-03 192536\Backup files 5.zip"
sh=724839E1423CD4A93D29F23E5F8445504249ED0B ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\FEANOR-PC\Backup Set 2014-01-26 190001\Backup Files 2014-02-03 192536\Backup files 6.zip"
sh=66975F10E7E5F330CF9AAAE956BC5AF8143480F8 ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="D:\FEANOR-PC\Backup Set 2014-06-16 103540\Backup Files 2014-06-16 103540\Backup files 10.zip"
sh=E301FFB4295F62263B90F7A07807F1BE5D99D48F ft=0 fh=0000000000000000 vn="MSIL/DownloadGuide.C evtl. unerwünschte Anwendung" ac=I fn="D:\FEANOR-PC\Backup Set 2014-06-16 103540\Backup Files 2014-06-16 103540\Backup files 11.zip"
sh=4F2B3E94A20D7FC516F4691F49F1B879FF77BA13 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\FEANOR-PC\Backup Set 2014-06-16 103540\Backup Files 2014-06-16 103540\Backup files 6.zip"
sh=32237867B01FE388CD05502C8B594D82FF6BED78 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\FEANOR-PC\Backup Set 2014-06-16 103540\Backup Files 2014-06-16 103540\Backup files 9.zip"
sh=925A74C16B9AEC42B09C6C08BD2F54E10198D418 ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="D:\FEANOR-PC\Backup Set 2014-06-16 103540\Backup Files 2014-06-29 190002\Backup files 6.zip"
sh=3A6339CBEB4244C8AF6A72AA1DA7C48ECF5C62F4 ft=1 fh=c5e3824d7d2f56d4 vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="G:\games\Gamepatch\SUM2\daemon408-x86.exe"
sh=2C28087F5D62A1942F58188062C248FBB3770167 ft=1 fh=3069d6eb96c48913 vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="G:\Network\daemon408-139-x86.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="I:\Downloads\DTLite4491-0356.exe"
sh=5D80455B0C4BD0B8AE90E09871F6F25F5B2DAAA5 ft=1 fh=2472df82c9920302 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="I:\Downloads\PC Inspector File Recovery - CHIP-Installer.exe"
sh=FB768C8901C7045799FE63B27BC528720BBC6701 ft=1 fh=ec1f96a0043124a5 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="I:\Downloads\SoftonicDownloader_fuer_the-one-ring-3d-screensaver.exe"
sh=9DB076AC740116E5B735475ACC418CE73A79BF65 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-07-05 091020\Backup Files 2011-07-05 091020\Backup files 1.zip"
sh=9428870E7C6589142CDEA5ED48C26A9DD2776CDF ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-07-05 091020\Backup Files 2011-07-05 091020\Backup files 11.zip"
sh=7CCF09200CDC67D3A5B99E79B30790B54573B05D ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-07-05 091020\Backup Files 2011-07-05 091020\Backup files 5.zip"
sh=80EB76DEC35AC0D86602CB504247C20A68E74798 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-07-05 091020\Backup Files 2011-08-29 173709\Backup files 2.zip"
sh=DD5B3F028914DB33ABC490A62E21FAC1F2732284 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-07-05 091020\Backup Files 2011-09-26 200444\Backup files 1.zip"
sh=9C90B9CC19B4D625F31AA0F4D24B36E4DD7F6DA4 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-10-24 100213\Backup Files 2011-10-24 100213\Backup files 1.zip"
sh=A8604FA08DAF3C709C13BD39D779A1F2E4D3ADAB ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-10-24 100213\Backup Files 2011-10-24 100213\Backup files 2.zip"
sh=0870C60B4BB131C1EA9F055E67B36E9B07590678 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-10-24 100213\Backup Files 2011-10-24 100213\Backup files 3.zip"
sh=D5874D4E23589C0C511869221BD849EF8DEAB604 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-10-24 100213\Backup Files 2011-11-01 131458\Backup files 14.zip"
sh=3F2E414F4C4958B1C7B4C985F54E42CD09208897 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-10-24 100213\Backup Files 2011-11-01 131458\Backup files 3.zip"
sh=F823F97A9A1C31DEED8E8AE8F26365F2789F7626 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-10-24 100213\Backup Files 2011-11-20 190001\Backup files 1.zip"
sh=D5F11EE9160E5521A28A4CAB1BBE036A181FABB3 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-11-28 094841\Backup Files 2011-11-28 094841\Backup files 1.zip"
sh=55ECAD31C0F2FE9A9C49A7252A23F692BE657B82 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-11-28 094841\Backup Files 2011-11-28 094841\Backup files 2.zip"
sh=7BBCAA62988F561A1D02E8974DCE0BAECB2678B2 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-11-28 094841\Backup Files 2011-11-28 094841\Backup files 3.zip"
sh=2414890CC6E32CE8F4D33FBE856575FE97E75A61 ft=0 fh=0000000000000000 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-11-28 094841\Backup Files 2011-12-30 165406\Backup files 1.zip"
sh=48192D032D93AF08219FC4C3220E512798C0AC7C ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2011-11-28 094841\Backup Files 2012-01-23 155125\Backup files 1.zip"
sh=E29C3A86AE8B9DE366505BDC8C8BC02632D0AE8A ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2012-12-03 150743\Backup Files 2012-12-03 150743\Backup files 1.zip"
sh=9CAE19D53ED5FF514ECB982F9C0AA4706ACFEBA8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2012-12-03 150743\Backup Files 2012-12-03 150743\Backup files 2.zip"
sh=1F10A0EC9AA47D0173CA4E59B56A0251C8DBEFCA ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="I:\FEANOR\Backup Set 2012-12-03 150743\Backup Files 2013-03-06 094104\Backup files 1.zip"
sh=6E706C4B186DB66BA080247EFBB555DB4550DD6C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2012-12-03 150743\Backup Files 2013-10-05 115833\Backup files 1.zip"
sh=FB8DEB983EB1F2942407FE0FF9954727A2E0A66E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="I:\FEANOR\Backup Set 2012-12-03 150743\Backup Files 2013-10-06 190002\Backup files 1.zip"
sh=12FA695DB943DA00E41AF4D578377F8E9BC05B28 ft=1 fh=ecdb963aa89c21f4 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="I:\Programme\VideoToMp3.exe"
sh=84559976486CAF7DF1E11214F1F393DBD67B79B3 ft=1 fh=58c4453ce19b48d6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Programme\Babylon\Utils\MyBabylonIE.exe"
sh=F7F255F6736190153C999B68B4C272C5574D98D3 ft=1 fh=5a2de4eedef7fc74 vn="Variante von Win32/InstallCore.E evtl. unerwünschte Anwendung" ac=I fn="I:\Programme\uninstall\Uninstall.exe"

Die CheckupFile
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 2 Runtime Environment, SE v1.4.1_02
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox 22.0 Firefox out of Date!
Mozilla Thunderbird (24.0.)
````````Process Check: objlist.exe by Laurent````````
StarMoney ouservice StarMoneyOnlineUpdate.exe
StarMoney9 ouservice StarMoneyOnlineUpdate.exe
avast AvastSvc.exe
avast afwServ.exe
avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Und ein frisches FIRST
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by USER (administrator) on FEANOR-PC on 27-07-2014 18:47:30
Running from C:\Users\Feanor\Desktop\ANTI-Malware
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) G:\Programme\avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) G:\Programme\avast\afwServ.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Garmin Ltd or its subsidiaries) I:\Programme\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) I:\Programme\PlayMemories Home\PMBDeviceInfoProvider.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) I:\Programme\StarMoney\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) I:\Programme\StarMoney9\ouservice\StarMoneyOnlineUpdate.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Feanor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Creative Technology Ltd.) C:\Windows\V0610Mon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVAST Software) G:\Programme\avast\AvastUI.exe
(Sony Corporation) I:\Programme\PlayMemories Home\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Mozilla Corporation) G:\Programme\firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-07-15] (VIA)
HKLM-x32\...\Run: [V0610Mon.exe] => C:\Windows\V0610Mon.exe [24576 2011-08-22] (Creative Technology Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => G:\Programme\avast\AvastUI.exe [4086432 2014-07-06] (AVAST Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] => I:\Programme\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => I:\Programme\Garmin\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-227246507-328320338-1266968098-1001\...\Run: [Amazon Cloud Player] => C:\Users\Feanor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-227246507-328320338-1266968098-1001\...\MountPoints2: {4569ba9e-2f4c-11e3-ad9e-806e6f6e6963} - J:\start.exe /checksection
HKU\S-1-5-21-227246507-328320338-1266968098-1004\...\Run: [GarminExpressTrayApp] => I:\Programme\Garmin\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-227246507-328320338-1266968098-1004\...\Run: [CCleaner Monitoring] => I:\Programme\CCleaner64.exe [6262552 2014-06-24] (Piriform Ltd)
HKU\S-1-5-21-227246507-328320338-1266968098-1004\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S2].txt  [1238 2014-07-23] ()
ShellIconOverlayIdentifiers: 0000BoxSyncFileLocked -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncNotSynced -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncProblem -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncSynced -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => G:\Programme\avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> G:\Programme\avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> G:\Programme\avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} -  No File
DPF: HKLM-x32 {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///J:/viewer/ORDcmViewCD.ocx
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\qegt7qzu.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - I:\Programme\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\qegt7qzu.default\Extensions\staged [2013-12-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - G:\Programme\avast\WebRep\FF
FF Extension: avast! Online Security - G:\Programme\avast\WebRep\FF [2013-10-07]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF StartMenuInternet: FIREFOX.EXE - G:\Programme\firefox\firefox.exe

Chrome: 
=======
CHR HomePage: 
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - G:\Programme\avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; G:\Programme\avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 avast! Firewall; G:\Programme\avast\afwServ.exe [106488 2014-07-06] (AVAST Software)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [21504 2013-12-26] (Box Inc.) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 Garmin Core Update Service; I:\Programme\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PMBDeviceInfoProvider; I:\Programme\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)
R2 StarMoney 8.0 OnlineUpdate; I:\Programme\StarMoney\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; I:\Programme\StarMoney9\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2014-01-23] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-06] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 V0610Vid; C:\Windows\System32\DRIVERS\V0610Vid.sys [323136 2011-09-01] (Creative Technology Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225280 2013-07-12] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-07-12] (VIA Technologies, Inc.)
S3 Afc; SysWOW64\drivers\Afc.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 17:59 - 2014-07-27 17:59 - 00854390 _____ () C:\Users\Feanor\Desktop\SecurityCheck.exe
2014-07-27 12:08 - 2014-07-27 12:08 - 02347384 _____ (ESET) C:\Users\Feanor\Desktop\esetsmartinstaller_deu.exe
2014-07-25 12:26 - 2014-07-25 12:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-07-25 12:26 - 2014-07-25 12:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-07-25 12:26 - 2014-07-25 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-23 09:59 - 2014-07-23 09:59 - 00000624 _____ () C:\Users\USER\Desktop\JRT.txt
2014-07-23 09:52 - 2014-07-23 09:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 09:51 - 2014-07-23 09:51 - 00000965 _____ () C:\Users\Feanor\Desktop\AdwCleaner[S1] - Verknüpfung.lnk
2014-07-23 09:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-23 09:40 - 2014-07-23 10:19 - 00000000 ____D () C:\AdwCleaner
2014-07-23 09:39 - 2014-07-23 09:39 - 00022671 _____ () C:\Users\Feanor\Desktop\mbam.txt
2014-07-23 09:36 - 2014-07-23 09:36 - 00022671 _____ () C:\Users\USER\Desktop\mbam.txt
2014-07-23 09:19 - 2014-07-23 09:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 09:19 - 2014-07-23 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 09:19 - 2014-07-23 09:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 09:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-23 09:19 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-23 09:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-22 16:26 - 2014-07-27 18:47 - 00000000 ____D () C:\Users\Feanor\Desktop\ANTI-Malware
2014-07-22 10:22 - 2014-07-22 10:22 - 00004072 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1381857983
2014-07-22 10:04 - 2014-07-22 10:04 - 00028799 _____ () C:\ComboFix.txt
2014-07-22 09:55 - 2014-07-22 10:05 - 00000000 ____D () C:\ComboFix
2014-07-22 09:23 - 2014-07-22 10:07 - 00000000 ____D () C:\Qoobox
2014-07-22 09:23 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-22 09:23 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-22 09:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-22 09:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-22 09:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-22 09:23 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-22 09:23 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-22 09:23 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-22 09:22 - 2014-07-22 10:07 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 09:02 - 2014-07-22 09:02 - 00000732 _____ () C:\Users\USER\Desktop\Revo Uninstaller.lnk
2014-07-21 10:52 - 2014-07-21 10:43 - 00050477 _____ () C:\Users\Feanor\Desktop\Defogger.exe
2014-07-21 10:34 - 2014-07-27 18:47 - 00000000 ____D () C:\FRST
2014-07-21 09:52 - 2014-07-21 09:52 - 00000885 _____ () C:\Users\Feanor\AppData\Local\recently-used.xbel
2014-07-21 09:00 - 2014-04-09 13:01 - 00131072 _____ () C:\Windows\SysWOW64\javaws.exe
2014-07-21 09:00 - 2013-12-18 22:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-21 09:00 - 2013-12-18 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-21 09:00 - 2013-12-18 22:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-21 08:59 - 2014-07-21 09:00 - 00000760 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-20 14:25 - 2014-07-27 11:48 - 00012264 _____ () C:\Windows\setupact.log
2014-07-20 14:25 - 2014-07-23 10:22 - 00018898 _____ () C:\Windows\PFRO.log
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 14:41 - 2014-07-20 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2014-07-17 14:40 - 2014-07-17 14:40 - 02255074 _____ (3Planesoft ) C:\Users\USER\Desktop\the_one_ring.exe
2014-07-16 19:44 - 2014-07-16 19:44 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-16 11:42 - 2014-07-17 07:45 - 00000000 ____D () C:\Program Files (x86)\PcCloneEX
2014-07-16 11:42 - 2014-07-16 11:42 - 00000000 ____D () C:\ProgramData\FNET
2014-07-14 18:39 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-14 18:39 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-14 18:39 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-14 18:38 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-14 18:38 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-14 18:38 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-14 18:38 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-14 18:38 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-14 18:38 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-14 18:38 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-14 18:38 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-14 18:38 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-14 18:38 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-14 18:38 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-14 18:38 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-14 18:38 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-14 18:38 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-14 18:38 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-14 18:38 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-14 18:38 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-14 18:38 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-14 18:38 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-14 18:38 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-14 18:38 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-14 18:38 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-14 18:38 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-14 18:38 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-14 18:38 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-14 18:38 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-14 18:38 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-14 18:38 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-14 18:38 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-14 18:38 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-14 18:38 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-14 18:38 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-14 18:38 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-14 18:38 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-14 18:38 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-14 18:38 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-14 18:38 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-14 18:38 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-14 18:38 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-14 18:38 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-14 18:38 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-14 18:38 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-14 18:38 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-14 18:38 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-14 18:38 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-14 18:38 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-14 18:38 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-14 18:38 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-14 18:38 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-14 18:38 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-14 18:38 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-14 18:38 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-14 18:38 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-14 18:38 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-14 18:38 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-14 18:38 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-14 18:38 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-14 18:38 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-14 18:38 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-14 18:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-14 18:38 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-14 18:38 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-14 18:38 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-14 18:38 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-14 18:38 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-14 18:38 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-06 23:18 - 2014-07-06 23:18 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\dvdcss
2014-07-06 18:01 - 2014-07-06 18:01 - 04996210 _____ (Tim Kosse) C:\Users\Feanor\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-06 12:06 - 2014-07-06 12:06 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-06 12:06 - 2014-07-06 12:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-04 12:37 - 2014-07-04 12:37 - 00000000 ____D () C:\Users\USER\AppData\Local\Microsoft Research
2014-07-04 12:35 - 2014-07-04 12:35 - 00002953 _____ () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2014-07-04 12:28 - 2014-04-25 11:06 - 14155776 _____ () C:\Users\Feanor\AppData\Roaming\Sandra.mdb
2014-06-29 09:14 - 2014-06-29 09:14 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Garmin
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieUserList
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieSiteList
2014-06-28 19:47 - 2014-06-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2014-06-27 15:12 - 2014-07-04 12:39 - 00002453 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-06-27 15:12 - 2014-06-27 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 18:47 - 2014-07-22 16:26 - 00000000 ____D () C:\Users\Feanor\Desktop\ANTI-Malware
2014-07-27 18:47 - 2014-07-21 10:34 - 00000000 ____D () C:\FRST
2014-07-27 18:28 - 2013-12-17 14:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-27 18:06 - 2013-11-21 22:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-27 17:59 - 2014-07-27 17:59 - 00854390 _____ () C:\Users\Feanor\Desktop\SecurityCheck.exe
2014-07-27 12:08 - 2014-07-27 12:08 - 02347384 _____ (ESET) C:\Users\Feanor\Desktop\esetsmartinstaller_deu.exe
2014-07-27 11:55 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-27 11:55 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 11:51 - 2013-10-07 14:33 - 01966132 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 11:48 - 2014-07-20 14:25 - 00012264 _____ () C:\Windows\setupact.log
2014-07-27 11:47 - 2013-12-17 14:31 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-27 11:47 - 2013-10-11 14:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-27 11:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 21:08 - 2013-10-07 19:36 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Skype
2014-07-25 19:06 - 2014-01-18 21:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 19:06 - 2014-01-18 21:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 12:41 - 2014-01-18 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 12:27 - 2013-12-17 13:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-25 12:26 - 2014-07-25 12:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-07-25 12:26 - 2014-07-25 12:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-07-25 12:26 - 2014-07-25 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-25 12:26 - 2014-05-03 18:32 - 00003550 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-07-25 12:26 - 2014-05-03 18:32 - 00001720 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-25 12:26 - 2014-05-03 18:32 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-23 10:22 - 2014-07-20 14:25 - 00018898 _____ () C:\Windows\PFRO.log
2014-07-23 10:19 - 2014-07-23 09:40 - 00000000 ____D () C:\AdwCleaner
2014-07-23 09:59 - 2014-07-23 09:59 - 00000624 _____ () C:\Users\USER\Desktop\JRT.txt
2014-07-23 09:52 - 2014-07-23 09:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-23 09:51 - 2014-07-23 09:51 - 00000965 _____ () C:\Users\Feanor\Desktop\AdwCleaner[S1] - Verknüpfung.lnk
2014-07-23 09:39 - 2014-07-23 09:39 - 00022671 _____ () C:\Users\Feanor\Desktop\mbam.txt
2014-07-23 09:38 - 2014-07-23 09:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 09:36 - 2014-07-23 09:36 - 00022671 _____ () C:\Users\USER\Desktop\mbam.txt
2014-07-23 09:27 - 2013-12-17 13:55 - 00000000 ____D () C:\Users\Feanor\AppData\Local\DownloadGuide
2014-07-23 09:27 - 2013-11-18 20:12 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Iminent
2014-07-23 09:19 - 2014-07-23 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-23 09:19 - 2014-07-23 09:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 09:17 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-23 09:17 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-23 09:17 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 10:22 - 2014-07-22 10:22 - 00004072 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1381857983
2014-07-22 10:11 - 2013-10-07 14:40 - 00000000 ____D () C:\Users\Feanor
2014-07-22 10:07 - 2014-07-22 09:23 - 00000000 ____D () C:\Qoobox
2014-07-22 10:07 - 2014-07-22 09:22 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 10:07 - 2013-10-07 15:08 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Thunderbird
2014-07-22 10:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-22 10:05 - 2014-07-22 09:55 - 00000000 ____D () C:\ComboFix
2014-07-22 10:04 - 2014-07-22 10:04 - 00028799 _____ () C:\ComboFix.txt
2014-07-22 09:44 - 2014-05-15 12:24 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\DropboxMaster
2014-07-22 09:42 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-22 09:31 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-22 09:02 - 2014-07-22 09:02 - 00000732 _____ () C:\Users\USER\Desktop\Revo Uninstaller.lnk
2014-07-22 08:59 - 2013-10-07 19:00 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Dropbox
2014-07-21 10:43 - 2014-07-21 10:52 - 00050477 _____ () C:\Users\Feanor\Desktop\Defogger.exe
2014-07-21 09:54 - 2013-12-12 21:11 - 00000000 ____D () C:\Users\Feanor\.gimp-2.8
2014-07-21 09:52 - 2014-07-21 09:52 - 00000885 _____ () C:\Users\Feanor\AppData\Local\recently-used.xbel
2014-07-21 09:00 - 2014-07-21 08:59 - 00000760 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-21 09:00 - 2013-10-24 10:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-21 09:00 - 2013-10-07 18:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-21 08:51 - 2013-10-07 15:03 - 00004144 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 12:53 - 2014-03-26 19:06 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\DAEMON Tools Lite
2014-07-20 12:53 - 2013-11-09 12:02 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\FileZilla
2014-07-20 12:41 - 2014-07-17 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2014-07-20 12:33 - 2013-12-17 14:32 - 00000563 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-20 12:33 - 2013-12-17 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-18 19:29 - 2013-10-07 21:24 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\vlc
2014-07-18 19:13 - 2013-10-07 18:53 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Usenet.nl
2014-07-17 14:40 - 2014-07-17 14:40 - 02255074 _____ (3Planesoft ) C:\Users\USER\Desktop\the_one_ring.exe
2014-07-17 07:45 - 2014-07-16 11:42 - 00000000 ____D () C:\Program Files (x86)\PcCloneEX
2014-07-16 19:44 - 2014-07-16 19:44 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-16 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-16 11:42 - 2014-07-16 11:42 - 00000000 ____D () C:\ProgramData\FNET
2014-07-15 13:05 - 2009-07-14 06:45 - 00462264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 13:03 - 2014-05-07 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-15 13:03 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 13:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-15 13:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-14 20:31 - 2013-10-08 18:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-14 20:29 - 2013-10-08 18:29 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-14 20:06 - 2013-11-21 22:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-14 20:06 - 2013-11-19 20:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-14 20:06 - 2013-11-19 20:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 23:18 - 2014-07-06 23:18 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\dvdcss
2014-07-06 18:01 - 2014-07-06 18:01 - 04996210 _____ (Tim Kosse) C:\Users\Feanor\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-06 12:06 - 2014-07-06 12:06 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-06 12:06 - 2014-07-06 12:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-06 12:06 - 2014-04-28 09:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-06 12:06 - 2013-12-28 20:13 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-06 12:06 - 2013-10-07 15:03 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-06 12:06 - 2013-10-07 15:03 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-07-04 12:39 - 2014-06-27 15:12 - 00002453 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-07-04 12:37 - 2014-07-04 12:37 - 00000000 ____D () C:\Users\USER\AppData\Local\Microsoft Research
2014-07-04 12:35 - 2014-07-04 12:35 - 00002953 _____ () C:\Users\Feanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2014-07-04 11:58 - 2013-11-19 10:55 - 00005632 _____ () C:\Users\Feanor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-30 04:09 - 2014-07-14 18:39 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-14 18:39 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 09:14 - 2014-06-29 09:14 - 00000000 ____D () C:\Users\Feanor\AppData\Roaming\Garmin
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieUserList
2014-06-29 09:11 - 2014-06-29 09:11 - 00000000 __SHD () C:\Users\Feanor\AppData\Local\EmieSiteList
2014-06-28 19:47 - 2014-06-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2014-06-28 19:47 - 2014-02-08 10:53 - 00000811 _____ () C:\Users\Public\Desktop\XMedia Recode.lnk
2014-06-28 08:15 - 2013-12-17 14:01 - 00000000 ____D () C:\temp
2014-06-27 15:12 - 2014-06-27 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate

Some content of TEMP:
====================
C:\Users\Feanor\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjnw1gf.dll
C:\Users\USER\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 15:22

==================== End Of Log ============================

--- --- ---
Danke!

schrauber · 27.07.2014, 20:33

Java und Firefox updaten.

Was ist Laufwerk D und I?

27.07.2014, 20:33	#8
schrauber /// the machine /// TB-Ausbilder	SoftwareUpdater.ui.exe öffnet sich beim Start Java und Firefox updaten. Was ist Laufwerk D und I? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

SoftwareUpdater.ui.exe öffnet sich beim Start

Log-Analyse und Auswertung: SoftwareUpdater.ui.exe öffnet sich beim Start