Windows 7: Anti Malwarebytes startet nicht

vafar · 02.08.2014, 16:05

Moin Trojaner-Board,
als sich Firefox sporadisch immer mal geschlossen hat und ich recherchierte, versuchte ich MBAM zu installieren, was nicht gelang.

Es gab folgende Fehlermeldung:

Verschiedene Versuche, auch mit Chameleon und OTH sind mit gleicher Fehlermeldung gescheitert.

Adwarecleaner hat etwas gefunden, was ich entfernt mit selbigen Programm entfernt habe. log:

Code:

ATTFilter

# AdwCleaner v3.302 - Bericht erstellt am 02/08/2014 um 16:08:21
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Anwender - GHOST
# Gestartet von : C:\Users\Anwender\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Update Yawtix
[#] Dienst Gelöscht : Util Yawtix
Dienst Gelöscht : {16d667ee-6782-4b21-81df-8ded8ebc3868}w64

***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Program Files (x86)\Yawtix
Ordner Gelöscht : C:\Users\Anwender\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Anwender\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Anwender\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Anwender\AppData\Local\Temp\Yawtix
Ordner Gelöscht : C:\Users\Anwender\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\ConduitCommon
Datei Gelöscht : C:\Windows\System32\sasnative64.exe
Datei Gelöscht : C:\Windows\System32\drivers\{16d667ee-6782-4b21-81df-8ded8ebc3868}w64.sys
Datei Gelöscht : C:\Users\Anwender\daemonprocess.txt
Datei Gelöscht : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Advanced System Protector
Task Gelöscht : Advanced System Protector_startup
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineCore
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineUA
Task Gelöscht : RegClean Pro_DEFAULT
Task Gelöscht : RegClean Pro_UPDATES

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Yawtix
Schlüssel Gelöscht : HKLM\Software\Yawtix
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yawtix

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v9.0.1 (de)

[ Datei : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\prefs.js ]

Zeile gelöscht : user_pref("CT2613550..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2613550.CTID", "CT2613550");
Zeile gelöscht : user_pref("CT2613550.CurrentServerDate", "18-11-2011");
Zeile gelöscht : user_pref("CT2613550.DSInstall", false);
Zeile gelöscht : user_pref("CT2613550.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2613550.DialogsGetterLastCheckTime", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2613550.EMailNotifierPollDate", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FirstServerDate", "18-11-2011");
Zeile gelöscht : user_pref("CT2613550.FirstTime", true);
Zeile gelöscht : user_pref("CT2613550.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2613550.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2613550.HPInstall", false);
Zeile gelöscht : user_pref("CT2613550.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2613550.Initialize", true);
Zeile gelöscht : user_pref("CT2613550.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2613550.InstallationAndCookieDataSentCount", 1);
Zeile gelöscht : user_pref("CT2613550.InstallationId", "CT2613550_ZoneAlarm-Sicherheit.exe");
Zeile gelöscht : user_pref("CT2613550.InstalledDate", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2613550.IsGrouping", false);
Zeile gelöscht : user_pref("CT2613550.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2613550.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2613550.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2613550.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2613550.LanguagePackLastCheckTime", "Fri Nov 18 2011 12:48:56 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2613550.LastLogin_3.8.0.8", "Fri Nov 18 2011 12:48:56 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.LatestVersion", "3.8.0.8");
Zeile gelöscht : user_pref("CT2613550.Locale", "de-de");
Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipShow", false);
Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2613550.MyStuffEnabledAtInstallation", false);
Zeile gelöscht : user_pref("CT2613550.OriginalFirstVersion", "3.8.0.8");
Zeile gelöscht : user_pref("CT2613550.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2613550.RadioLastCheckTime", "Fri Nov 18 2011 12:49:47 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2613550.RadioLastUpdateServer", "0");
Zeile gelöscht : user_pref("CT2613550.RadioMediaID", "8544");
Zeile gelöscht : user_pref("CT2613550.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT2613550_RECENT8544");
Zeile gelöscht : user_pref("CT2613550.RadioShrinked", "expanded");
Zeile gelöscht : user_pref("CT2613550.RadioShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2613550.RadioStationName", "Ostseewelle%20Hit%20Radio");
Zeile gelöscht : user_pref("CT2613550.RadioStationURL", "hxxp://62.26.161.89/ostseewelle$livestream.wma");
Zeile gelöscht : user_pref("CT2613550.SearchBoxWidth", 168);
Zeile gelöscht : user_pref("CT2613550.SearchCaption", "ZoneAlarm-Sicherheit Customized Web Search");
Zeile gelöscht : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2613550.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2613550.SearchInNewTabLastCheckTime", "Fri Nov 18 2011 12:48:56 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.SearchProtectorToolbarDisabled", true);
Zeile gelöscht : user_pref("CT2613550.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2613550.ServiceMapLastCheckTime", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.SettingsLastCheckTime", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.SettingsLastUpdate", "1319568605");
Zeile gelöscht : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255344657");
Zeile gelöscht : user_pref("CT2613550.ToolbarDisabled", true);
Zeile gelöscht : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2613550.UserID", "UN62552267333393920");
Zeile gelöscht : user_pref("CT2613550.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2613550.alertChannelId", "1006347");
Zeile gelöscht : user_pref("CT2613550.approveUntrustedApps", true);
Zeile gelöscht : user_pref("CT2613550.components.1000082", true);
Zeile gelöscht : user_pref("CT2613550.globalFirstTimeInfoLastCheckTime", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2613550.initDone", true);
Zeile gelöscht : user_pref("CT2613550.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2613550.isFirstRadioInstallation", false);
Zeile gelöscht : user_pref("CT2613550.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2613550.revertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2613550.testingCtid", "");
Zeile gelöscht : user_pref("CT2613550.toolbarAppMetaDataLastCheckTime", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.toolbarContextMenuLastCheckTime", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.usagesFlag", 2);
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2613550");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "1e7cd1f3-68a2-47b0-a72f-6b8a921b3345");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Nov 18 2011 12:48:57 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Nov 18 2011 12:49:05 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Nov 18 2011 12:48:55 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "2590d7d6-a81e-4820-95a9-6ad2fb3eb3c8");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://news.google.de/nwshp?hl=de&tab=nn");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("extensions.adapter@babylontc.com.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.ocr@babylon.com.install-event-fired", true);

-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [18376 octets] - [09/01/2014 00:38:26]
AdwCleaner[R1].txt - [836 octets] - [09/01/2014 00:41:31]
AdwCleaner[R2].txt - [1783 octets] - [10/01/2014 17:16:32]
AdwCleaner[R3].txt - [1050 octets] - [11/01/2014 18:45:45]
AdwCleaner[R4].txt - [12998 octets] - [02/08/2014 16:07:20]
AdwCleaner[S0].txt - [15401 octets] - [09/01/2014 00:38:56]
AdwCleaner[S1].txt - [1592 octets] - [10/01/2014 17:20:34]
AdwCleaner[S2].txt - [12584 octets] - [02/08/2014 16:08:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [12645 octets] ##########

Hier sind die Logs aus der Anleitung:
defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:17 on 02/08/2014 (Anwender)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Frst:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Anwender (administrator) on GHOST on 02-08-2014 16:19:49
Running from C:\Users\Anwender\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) D:\Hardware\Kies\Kies.exe
(Samsung) D:\Hardware\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Spotify Ltd) C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Nullsoft, Inc.) D:\Programme\Software\Winamp\winampa.exe
(Samsung Electronics Co., Ltd.) D:\Hardware\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) D:\Programme\Software\Firefox 4.0\firefox.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Snappy Fax Printer virtual printer agent] => D:\Programme\Software\Snappy Fax Version 5\sfpagent.exe [116224 2009-10-05] ()
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [{1606DC18-9578-4cbd-8312-8E9868F06A1D}] => \cmdinstall.exe -cmdfile
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-15] (VIA)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9936512 2010-07-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [WinampAgent] => D:\Programme\Software\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Hardware\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-1197555270-2701532614-4018344089-1000\...\Run: [KiesPreload] => D:\Hardware\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-1197555270-2701532614-4018344089-1000\...\Run: [] => D:\Hardware\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-1197555270-2701532614-4018344089-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1197555270-2701532614-4018344089-1000\...\Run: [Spotify Web Helper] => C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-20] (Spotify Ltd)
HKU\S-1-5-21-1197555270-2701532614-4018344089-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-1197555270-2701532614-4018344089-1000\...\MountPoints2: {5493edee-7a17-11e3-9ec0-20cf30e44452} - H:\autorun.exe
HKU\S-1-5-21-1197555270-2701532614-4018344089-1000\...\MountPoints2: {d04536b3-40ce-11e0-b2f6-20cf30e44452} - M:\LaunchU3.exe -a
IFEO\AcroRd32.exe: [Debugger] "D:\Programme\Software\Tuneup2012\TUAutoReactivator64.exe"
IFEO\bingdesktop.exe: [Debugger] "D:\Programme\Software\Tuneup2012\TUAutoReactivator64.exe"
IFEO\sf5.exe: [Debugger] "D:\Programme\Software\Tuneup2012\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "D:\Programme\Software\Tuneup2012\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCDF23CE930AFCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://news.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> D:\Programme\Software\Adobe CS3\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> D:\Programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Software\Adobe CS3\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default
FF NewTab: about:blank
FF Homepage: https://news.google.de/nwshp?hl=de&tab=wn&ei=lAzQUtrZCITHsQah_oFg&ved=0CAsQqS4oCA
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.99 -> C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Anwender\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - D:\Programme\Software\Amazon Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\searchplugins\privatelee-https.xml
FF Extension: Avira Browser Safety - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\Extensions\abs@avira.com [2014-07-28]
FF Extension: WOT - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: FireGestures - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\Extensions\firegestures@xuldev.org.xpi [2011-10-29]
FF Extension: HommkHelper - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\Extensions\hommk_helper@hommk.com.xpi [2013-01-29]
FF Extension: DuckDuckGo Plus - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-05-22]
FF Extension: Tile Tabs - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\Extensions\tiletabs@DW-dev.xpi [2011-11-18]
FF Extension: Image Zoom - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2011-05-15]
FF Extension: Adblock Plus - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-23]
FF Extension: Greasemonkey - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-29]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]
CHR Extension: (Google Drive) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]
CHR Extension: (TV) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-01-09]
CHR Extension: (YouTube) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]
CHR Extension: (Google-Suche) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR Extension: (Google Mail) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]
CHR Extension: (Managera) - C:\Users\Anwender\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-01-10]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-01-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; D:\Programme\Software\SSE 2012\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] () [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-01-12] (Macrovision Europe Ltd.) [File not signed]
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-10] (SurfRight B.V.)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-02-02] (NOS Microsystems Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-24] (DT Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-09] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-04-10] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-16] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 networx; C:\Windows\System32\drivers\networx.sys [43512 2013-10-21] (NetFilterSDK.com)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2014-01-09] (Windows (R) Win 7 DDK provider)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; D:\Programme\DVD\PowerDVD\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
S3 cpuz130; \??\C:\Users\Anwender\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 16:19 - 2014-08-02 16:20 - 00026210 _____ () C:\Users\Anwender\Desktop\FRST.txt
2014-08-02 16:19 - 2014-08-02 16:20 - 00000000 ____D () C:\FRST
2014-08-02 16:18 - 2014-08-02 16:18 - 02094080 _____ (Farbar) C:\Users\Anwender\Desktop\FRST64.exe
2014-08-02 16:17 - 2014-08-02 16:17 - 00050477 _____ () C:\Users\Anwender\Desktop\Defogger.exe
2014-08-02 16:17 - 2014-08-02 16:17 - 00000478 _____ () C:\Users\Anwender\Desktop\defogger_disable.log
2014-08-02 16:17 - 2014-08-02 16:17 - 00000000 _____ () C:\Users\Anwender\defogger_reenable
2014-08-02 16:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-02 16:06 - 2014-08-02 16:06 - 01361309 _____ () C:\Users\Anwender\Desktop\adwcleaner_3.302.exe
2014-08-02 16:01 - 2014-08-02 16:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Anwender\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-02 15:56 - 2014-08-02 15:56 - 00259584 _____ (OldTimer Tools) C:\Users\Anwender\Desktop\OTH.scr
2014-08-02 15:53 - 2014-08-02 15:53 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-02 15:53 - 2014-06-03 15:08 - 00000000 ____D () C:\Users\Anwender\Desktop\Chameleon
2014-08-02 15:52 - 2014-08-02 15:52 - 04872677 _____ () C:\Users\Anwender\Desktop\mbam-chameleon-3.1.4.0.zip
2014-08-02 14:48 - 2014-08-02 14:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-08-02 14:27 - 2014-08-02 14:37 - 00002384 _____ () C:\Users\Anwender\Desktop\user.cfg
2014-08-02 14:14 - 2014-08-02 14:18 - 00212662 _____ () C:\Windows\DPINST.LOG
2014-08-02 14:14 - 2014-08-02 14:14 - 00002102 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-08-02 14:14 - 2014-08-02 14:14 - 00000000 ____D () C:\ProgramData\Sony
2014-08-02 14:14 - 2014-08-02 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-08-02 14:06 - 2014-08-02 16:08 - 00000000 ____D () C:\Program Files (x86)\Yawtix
2014-08-02 14:06 - 2014-08-02 14:06 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-08-02 14:06 - 2014-08-02 14:06 - 00000891 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-02 14:06 - 2014-08-02 14:06 - 00000000 ____D () C:\Users\Anwender\.android
2014-08-02 14:06 - 2014-08-02 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-02 14:04 - 2014-08-02 14:04 - 07217384 _____ () C:\Users\Anwender\Desktop\MyPhoneExplorer_Setup_1.8.5.exe
2014-07-30 18:08 - 2014-07-02 22:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-30 18:08 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-07-30 18:08 - 2014-07-02 22:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-30 17:29 - 2014-07-25 15:50 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-30 17:29 - 2014-07-25 15:50 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 14:07 - 2014-07-25 14:08 - 00000000 ____D () C:\Users\Anwender\Desktop\DVD Cover und Label
2014-07-22 19:06 - 2014-07-22 19:06 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-10 20:41 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 20:41 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 20:41 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 20:41 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 20:41 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 20:41 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 20:41 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 20:41 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 20:41 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 20:41 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 20:41 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 20:41 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 20:41 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 20:41 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 20:41 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 20:41 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 20:41 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 20:41 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 20:41 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 20:41 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 20:41 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 20:41 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 20:41 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 20:41 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 20:41 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-03 18:09 - 2014-07-03 18:09 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 16:20 - 2014-08-02 16:19 - 00026210 _____ () C:\Users\Anwender\Desktop\FRST.txt
2014-08-02 16:20 - 2014-08-02 16:19 - 00000000 ____D () C:\FRST
2014-08-02 16:18 - 2014-08-02 16:18 - 02094080 _____ (Farbar) C:\Users\Anwender\Desktop\FRST64.exe
2014-08-02 16:17 - 2014-08-02 16:17 - 00050477 _____ () C:\Users\Anwender\Desktop\Defogger.exe
2014-08-02 16:17 - 2014-08-02 16:17 - 00000478 _____ () C:\Users\Anwender\Desktop\defogger_disable.log
2014-08-02 16:17 - 2014-08-02 16:17 - 00000000 _____ () C:\Users\Anwender\defogger_reenable
2014-08-02 16:17 - 2011-01-08 18:28 - 00000000 ____D () C:\Users\Anwender
2014-08-02 16:17 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-02 16:17 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 16:16 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-08-02 16:16 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-08-02 16:16 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-02 16:13 - 2012-06-22 12:22 - 01665427 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 16:10 - 2014-04-09 18:33 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-02 16:10 - 2014-01-09 00:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 16:10 - 2014-01-09 00:40 - 00288991 _____ () C:\Windows\setupact.log
2014-08-02 16:10 - 2014-01-09 00:39 - 00250832 _____ () C:\Windows\PFRO.log
2014-08-02 16:10 - 2013-07-28 16:51 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-08-02 16:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 16:09 - 2014-01-09 00:38 - 00000000 ____D () C:\AdwCleaner
2014-08-02 16:08 - 2014-08-02 14:06 - 00000000 ____D () C:\Program Files (x86)\Yawtix
2014-08-02 16:08 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-08-02 16:06 - 2014-08-02 16:06 - 01361309 _____ () C:\Users\Anwender\Desktop\adwcleaner_3.302.exe
2014-08-02 16:02 - 2014-08-02 16:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Anwender\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-02 15:56 - 2014-08-02 15:56 - 00259584 _____ (OldTimer Tools) C:\Users\Anwender\Desktop\OTH.scr
2014-08-02 15:53 - 2014-08-02 15:53 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-02 15:52 - 2014-08-02 15:52 - 04872677 _____ () C:\Users\Anwender\Desktop\mbam-chameleon-3.1.4.0.zip
2014-08-02 15:42 - 2012-07-06 18:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-02 14:48 - 2014-08-02 14:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-08-02 14:37 - 2014-08-02 14:27 - 00002384 _____ () C:\Users\Anwender\Desktop\user.cfg
2014-08-02 14:25 - 2014-01-09 00:52 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 14:18 - 2014-08-02 14:14 - 00212662 _____ () C:\Windows\DPINST.LOG
2014-08-02 14:14 - 2014-08-02 14:14 - 00002102 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-08-02 14:14 - 2014-08-02 14:14 - 00000000 ____D () C:\ProgramData\Sony
2014-08-02 14:14 - 2014-08-02 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-08-02 14:14 - 2011-06-12 13:28 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-08-02 14:14 - 2011-01-08 18:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-02 14:06 - 2014-08-02 14:06 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-08-02 14:06 - 2014-08-02 14:06 - 00000891 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-02 14:06 - 2014-08-02 14:06 - 00000000 ____D () C:\Users\Anwender\.android
2014-08-02 14:06 - 2014-08-02 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-02 14:04 - 2014-08-02 14:04 - 07217384 _____ () C:\Users\Anwender\Desktop\MyPhoneExplorer_Setup_1.8.5.exe
2014-08-01 20:14 - 2012-02-11 12:05 - 00000000 ____D () C:\ProgramData\Zoom Player
2014-08-01 19:04 - 2011-01-09 17:09 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Winamp
2014-08-01 19:01 - 2011-12-15 20:36 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\HandBrake
2014-07-30 18:09 - 2013-11-15 19:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-30 18:09 - 2013-11-15 19:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-30 18:09 - 2012-05-18 10:44 - 00000000 ____D () C:\Temp
2014-07-30 18:08 - 2013-11-29 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-30 18:08 - 2011-01-08 16:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 17:29 - 2013-12-18 18:55 - 00000000 ____D () C:\Users\Anwender\AppData\Local\NVIDIA Corporation
2014-07-30 17:27 - 2013-01-27 23:10 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Audible
2014-07-26 19:49 - 2011-01-09 15:45 - 00000125 ___SH () C:\ProgramData\.zreglib
2014-07-25 15:50 - 2014-07-30 17:29 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-25 15:50 - 2014-07-30 17:29 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 15:50 - 2013-11-29 14:54 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-07-25 15:50 - 2013-11-29 14:54 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-25 14:08 - 2014-07-25 14:07 - 00000000 ____D () C:\Users\Anwender\Desktop\DVD Cover und Label
2014-07-25 13:14 - 2011-01-12 15:56 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-07-25 12:56 - 2014-06-20 17:18 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Adobe
2014-07-25 12:50 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-25 10:22 - 2012-03-03 17:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 10:22 - 2012-03-03 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 17:09 - 2012-03-03 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 16:58 - 2014-03-13 17:55 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-22 19:06 - 2014-07-22 19:06 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-22 19:06 - 2013-10-17 23:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 19:06 - 2013-10-17 23:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-11 03:02 - 2013-10-17 23:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2013-10-17 23:16 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2013-10-17 23:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2013-10-17 23:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 21:41 - 2009-07-14 06:45 - 02483040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 21:40 - 2014-05-08 18:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 21:40 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 21:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 21:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 21:02 - 2013-08-13 21:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 21:00 - 2011-01-08 11:48 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 21:00 - 2013-03-08 23:09 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-08 20:42 - 2012-07-06 18:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 20:42 - 2012-03-30 11:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:42 - 2011-05-13 12:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-03 18:09 - 2014-07-03 18:09 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-03 17:57 - 2014-03-05 20:09 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Anwender\AppData\Local\Temp\avgnt.exe
C:\Users\Anwender\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anwender\AppData\Local\Temp\drm_dyndata_7260007.dll
C:\Users\Anwender\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Anwender\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Anwender\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Anwender\AppData\Local\Temp\nsi324B.exe
C:\Users\Anwender\AppData\Local\Temp\nsn3095.exe
C:\Users\Anwender\AppData\Local\Temp\nsn33F1.exe
C:\Users\Anwender\AppData\Local\Temp\nsn4946.exe
C:\Users\Anwender\AppData\Local\Temp\nst4AED.exe
C:\Users\Anwender\AppData\Local\Temp\nsy4C93.exe
C:\Users\Anwender\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Anwender\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Anwender\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Anwender\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Anwender\AppData\Local\Temp\nvStInst.exe
C:\Users\Anwender\AppData\Local\Temp\Quarantine.exe
C:\Users\Anwender\AppData\Local\Temp\SIntf16.dll
C:\Users\Anwender\AppData\Local\Temp\SIntf32.dll
C:\Users\Anwender\AppData\Local\Temp\SIntfNT.dll
C:\Users\Anwender\AppData\Local\Temp\SRLDetectionLibrary8361258186663640695.dll
C:\Users\Anwender\AppData\Local\Temp\tmp958A.tmp.exe
C:\Users\Anwender\AppData\Local\Temp\ubi84DC.tmp.exe
C:\Users\Anwender\AppData\Local\Temp\utt5FC6.tmp.exe
C:\Users\Anwender\AppData\Local\Temp\uttE448.tmp.exe
C:\Users\Anwender\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Anwender\AppData\Local\Temp\_is2FC.exe
C:\Users\Anwender\AppData\Local\Temp\_is3092.exe
C:\Users\Anwender\AppData\Local\Temp\_isD318.exe
C:\Users\Anwender\AppData\Local\Temp\_isD6C0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 20:40

==================== End Of Log ============================

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Anwender at 2014-08-02 16:20:32
Running from C:\Users\Anwender\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.3.1 - Adobe Systems) Hidden
Adobe Acrobat 8.3.1 - CPSID_83708 (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch_831) (Version:  - Adobe Systems Incorporated)
Adobe After Effects CS3 (x32 Version: 8 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS3 Presets (x32 Version: 8 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (x32 Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS3 (x32 Version: 4.1 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Master Collection (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (HKLM-x32\...\Adobe_67a7fb1e97aa14ee9ef0950eb6fd757) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.)
Adobe Dreamweaver CS3 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe Encore CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Encore CS3 Codecs (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Video Encoder (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Functional Content (x32 Version: 8 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Third Party Content (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe SING CS3 (x32 Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS3 Codecs (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server {ko_KR}  (x32 Version: 3.0.0.0 {ko_KR}  - Adobe Systems Incorporated) Hidden
Adobe Video Profiles (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP DVA Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AllToAVI v4 r5394 (HKLM-x32\...\AllToAVI) (Version: v4 r5394 - Genesis Kiith Zio Matrix)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.0.0 - SlySoft)
AoW... (HKLM-x32\...\AoWSM_UPatch) (Version:  - )
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2006990062.48.56.43322602 - Audible, Inc.)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CAESAR IV (HKLM-x32\...\{B7666229-351B-47D9-AA6F-DF777CF04BBF}) (Version: 1.2 - Tilted Mill Entertainment)
Canon MP630 series Benutzerregistrierung (HKLM-x32\...\Canon MP630 series Benutzerregistrierung) (Version:  - )
Canon MP630 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CD Audio Reader Filter (remove only) (HKLM-x32\...\CD Audio Reader Filter) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.7.2423 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3228 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.3228 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )
Divinity II - Ego Draconis (HKLM-x32\...\Divinity II - Ego Draconis_is1) (Version:  - dtp)
Duel of Champions (HKLM-x32\...\MMDoC-PDCLive) (Version:  - Ubisoft)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.02.20 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ffdshow v1.1.4222 [2012-01-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4222.0 - )
FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version:  - )
Gabest MPEG Splitter (remove only) (HKLM-x32\...\Gabest MPEG Splitter) (Version:  - )
GMX ProfiFax (HKLM-x32\...\GMX ProfiFax) (Version: 2.00.222 - GMX GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Greenshot (HKLM-x32\...\Greenshot_is1) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Java 7 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417015FF}) (Version: 7.0.150 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170150}) (Version: 1.7.0.150 - Oracle)
JavaFX 2.2.7 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-227648764D10}) (Version: 2.2.7 - Oracle Corporation)
JavaFX 2.2.7 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-227648764D10}) (Version: 2.2.7 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
K-Lite Codec Pack 10.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.5 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mediaport (HKLM-x32\...\Mediaport) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.8 - Ubisoft)
MilkDrop for Winamp 2x (remove only) (HKLM-x32\...\vis_milk.dllWinamp) (Version:  - )
MONOGRAM AMR Splitter/Decoder (remove only) (HKLM-x32\...\MONOGRAM AMR Splitter/Decoder) (Version:  - )
Mozilla Firefox 31.0 (x86 de) (HKCU\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mp3tag v2.50 (HKLM-x32\...\Mp3tag) (Version: v2.50 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nero 11 Platinum (HKLM-x32\...\{79B3E8EE-35F2-4CCD-82D9-4A57F408E449}) (Version: 11.2.00700 - Nero AG)
Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 (x32 Version: 6.2.18400.2.100 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG)
Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden
Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden
Nero CoverDesigner 11 (x32 Version: 6.0.11000.13.100 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Family and Events Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode 11 (x32 Version: 5.2.11300.0.0 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (x32 Version: 11.0.10600 - Nero AG) Hidden
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video 11 (x32 Version: 8.2.16000.4.100 - Nero AG) Hidden
Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero WaveEditor 11 (x32 Version: 6.2.11300.0.100 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenSource AVI Splitter (remove only) (HKLM-x32\...\OpenSource AVI Splitter) (Version:  - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM-x32\...\OpenSource DTS/AC3/DD+ Source Filter) (Version:  - )
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.1.29801 - Grinding Gear Games)
Patrizier IV (HKLM-x32\...\{25B473C3-2C62-482B-858F-94ED76880F79}) (Version: 1.3.0.0 - Kalypso Media)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Pharaoh (HKLM-x32\...\Pharaoh) (Version:  - )
PHOTOfunSTUDIO HD Edition (HKLM-x32\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.126 - Panasonic)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.05.00710 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.2.6.12389 - Sony Computer Entertainment Inc.)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.50.0 - PS3 Media Server)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snappy Fax Version 5 (HKLM-x32\...\{9A0CEF36-483A-4EAE-99B8-0E5767FFD161}_is1) (Version: 5..0 - John Taylor & Associates)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.10.89 - Akademische Arbeitsgemeinschaft)
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (HKLM-x32\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.49 - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TechniPort Plus Beta (HKLM-x32\...\TechniPort Plus Beta) (Version: 0.9.5.4_beta - TechniSat)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Triumph Studios - Age of Wonders: Shadow Magic -  (HKLM-x32\...\Triumph Studios Age of Wonders: Shadow Magic) (Version: 1.3 - Triumph Studios)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.114 - TuneUp Software) Hidden
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.32 - )
Twonky Server (HKLM-x32\...\TwonkyServer) (Version: 7.2.3.0 - PacketVideo)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Warlock - Master of the Arcane (HKLM-x32\...\Steam App 203630) (Version:  - Paradox Interactive)
Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0 - Nero AG) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version:  - )
Zoom Player deutsche Sprachdateien (entfernen) (HKLM-x32\...\ZoomPlayerLang) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-07-14 18:49 - 00001440 ____A C:\Windows\system32\Drivers\etc\hosts
87.248.214.183 static1.cdn.Ubi.com
95.140.224.199 static2.cdn.Ubi.com
87.248.214.183 static3.cdn.Ubi.com
87.248.214.183 static4.cdn.Ubi.com
87.248.214.183 static5.cdn.Ubi.com
87.248.214.183 static6.cdn.Ubi.com
87.248.214.183 static7.cdn.Ubi.com
87.248.214.183 static8.cdn.Ubi.com
87.248.214.183 static9.cdn.Ubi.com
95.140.226.106 static10.cdn.Ubi.com
87.248.214.183 static11.cdn.Ubi.com
95.140.226.106 static12.cdn.Ubi.com
87.248.214.183 static13.cdn.Ubi.com
87.248.214.183 static14.cdn.Ubi.com
95.140.226.106 static15.cdn.Ubi.com
92.123.72.48 static16.cdn.Ubi.com
87.248.214.183 static17.cdn.Ubi.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B36EFFE-E0D4-4423-9446-FFB05D369F1A} - System32\Tasks\{168C551F-26EF-4D38-8AF4-7DAA5A3CFFAD} => D:\Programme\Spiele\MoO2\SETUP.EXE [1996-09-09] (InstallShield Corporation, Inc.)
Task: {0D85A586-860D-4C4C-9809-9E7C54FB1F54} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {1536B6E3-E5EF-4F48-B7BA-AC26ECFED89A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {1725ED27-A642-444E-B36A-0558D189F6FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {23172271-7EAF-47FC-8C66-65A74F594BA7} - System32\Tasks\{F5F250F3-F541-4172-ADB9-E98D12AAEF1C} => E:\SETUP.EXE
Task: {34FBBAEC-B3AE-426D-BE96-C8FC08A7E076} - System32\Tasks\{A53B2D59-6234-4D3C-9011-6697A5C040FF} => E:\SETUP.EXE
Task: {4E3DEB32-DACD-4E48-BD91-D577B851E854} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {50655AE3-DB0D-490C-B05E-DA1E0AC73006} - System32\Tasks\{2FDA865B-4412-4DEB-95AE-FA59CBD4287A} => D:\Programme\Spiele\MoO2\SETUP.EXE [1996-09-09] (InstallShield Corporation, Inc.)
Task: {514A31C1-EB2B-4389-9152-E268784519E3} - System32\Tasks\{C2CF3B8D-895C-4285-9978-0B7F8C233CAA} => D:\Programme\Spiele\MoO2\SETUP.EXE [1996-09-09] (InstallShield Corporation, Inc.)
Task: {53F39816-41E3-4237-B4C3-EC8D7ECF1C42} - System32\Tasks\{0EB46200-2E5C-4BCA-A21B-AC93CF40ADAB} => E:\SETUP.EXE
Task: {56567F93-46A5-4ADC-A99C-31B63388C63B} - System32\Tasks\{63830F23-4A34-4DA6-9845-0FB14282F86F} => D:\Programme\Spiele\MoO2\ORION2.EXE [1997-02-19] ()
Task: {6694D0B0-EED2-432B-B235-A1663B6A1770} - System32\Tasks\{0062D26E-B136-4EE0-BBBA-FD13F31EF2EE} => D:\Programme\Spiele\THQ\Titan Quest Immortal Throne\Tqit.exe [2007-01-30] ()
Task: {67C2689A-9313-430A-828E-67AE7BB2ECF0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {7659B3D7-FC8C-4D93-A7C3-5FED31E5D354} - System32\Tasks\{C07FCFA4-9F44-4BE8-9FDA-A27C036EAC4F} => D:\Programme\Spiele\MoO2\ORION2.EXE [1997-02-19] ()
Task: {792857B2-23BE-4E32-835C-26A8373D8393} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {7A90D779-A789-41E2-9C8A-C4BAA3424986} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {7B3336C9-C7D9-4048-A893-EEE51F7D8050} - System32\Tasks\{3AEF952F-B046-45E2-8C7A-DE9F32278A68} => E:\SETUP.EXE
Task: {80AC20BE-911C-4D9F-8F81-4F910ABAA74F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {854F9ECC-C6CF-46CC-A384-C74CFE641652} - System32\Tasks\{3DCBE4B9-E13D-40CB-BE00-6D0F031CA16B} => D:\Programme\Spiele\THQ\Titan Quest Immortal Throne\Tqit.exe [2007-01-30] ()
Task: {85D43D36-1983-4B83-99F8-464F29CF098D} - System32\Tasks\{66C9A0D2-5416-4704-812D-660D81948D21} => D:\Programme\Spiele\Titan Quest\Titan Quest_NI.exe
Task: {901FE91F-03BA-4D5D-A439-C9C48B93E119} - System32\Tasks\{DF7CB883-CEFA-41B3-9292-CFF53A2274D8} => D:\Programme\Spiele\MoO2\ORION95.EXE [1997-02-19] ()
Task: {A496931E-130F-4F24-A62B-C569F6D399ED} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => D:\Programme\Software\Tuneup2012\OneClick.exe
Task: {A84EDFC4-1547-4047-8A59-45F10DDC018B} - System32\Tasks\{69160465-9F78-4E46-B3C2-839333A86BA7} => D:\Programme\Spiele\SIERRA\caesar iv\CaesarIVDemo.exe
Task: {B63161A6-1808-4BA8-A7AA-5296DE574B5A} - System32\Tasks\{546B3A85-1817-4262-802B-88043B495787} => D:\Programme\Spiele\Titan Quest\Titan Quest.exe
Task: {B8770440-C59C-4870-AA3A-6C6022FB6CC1} - System32\Tasks\{284946FF-96A4-48D1-AC17-EEFAA294788E} => D:\Programme\Spiele\MoO2\SETUP.EXE [1996-09-09] (InstallShield Corporation, Inc.)
Task: {BEA3E519-8D44-4197-BF64-476D004D4D68} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {C19483A7-67B4-48F7-A63B-568598157EA3} - System32\Tasks\{0D652585-916F-4EF9-B332-C89D51FAA04E} => D:\Programme\Spiele\MoO2\SETUP.EXE [1996-09-09] (InstallShield Corporation, Inc.)
Task: {C4A95E61-FB6F-4F18-9BB5-7F20F5A1B016} - System32\Tasks\{495DC30B-A1AE-417A-9006-4DB30F7D4517} => D:\Programme\Spiele\Titan Quest\Titan Quest_NI.exe
Task: {D2BB3721-77BF-491E-8668-A999634A44DA} - System32\Tasks\{4715CD2F-C934-401E-B441-DA101D523ACA} => D:\Programme\DVD\avidemux_2.5.6 win64\Avidemux 2.5\avidemux2.exe
Task: {DA89F76C-2E3F-4B67-8A64-AD96FB7E13F2} - System32\Tasks\{DE1EB2E8-2D52-4B8D-AEF9-28D4DD0FEF7A} => D:\Programme\Spiele\SIERRA\caesar iv\CaesarIVDemo.exe
Task: {DC9E31CA-105A-4AD6-8EC1-F36B1C2FB211} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {E0F8A46F-5474-4926-BD62-619D0C663CDC} - System32\Tasks\{9058CC41-53DD-4CD3-8FCF-394B91667E29} => E:\SETUP.EXE
Task: {E3C9F1E1-F7DE-43A3-8273-CEA9C74FD45D} - System32\Tasks\{79901479-DF81-4490-97EA-0A2BAF772EB7} => D:\Programme\Spiele\MoO2\ORION95.EXE [1997-02-19] ()
Task: {E42C728E-F3A9-4CBB-9EDC-EC376485F0FB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1197555270-2701532614-4018344089-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E595C854-084E-4A78-B8C3-A9190A6C0AAF} - System32\Tasks\CCleanerSkipUAC => D:\Programme\Sicherheit\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {E72AB9C6-3EC9-403D-830B-AF04DDB67CC3} - System32\Tasks\{74DACD21-A17D-4555-9232-D9BB9BD6D1F4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {EB274028-4B94-4089-9069-DD98E1E0BEAD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {EF56C934-EAFA-4B93-9933-27AF6088705F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1197555270-2701532614-4018344089-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FEFD0351-C9E6-446F-80EE-0D993D926466} - System32\Tasks\{2E125B75-28C0-4334-821A-1EE53E89A1D5} => E:\SETUP.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-15 19:47 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-27 13:20 - 2007-05-11 02:31 - 00921600 _____ () D:\Programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AdistRes.DEU
2012-11-30 14:39 - 2009-10-05 19:42 - 00043008 _____ () C:\Windows\System32\sfppm.dll
2011-01-08 11:35 - 2010-06-24 08:19 - 00109056 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
2011-01-09 16:41 - 2010-03-15 12:28 - 00166400 _____ () D:\Programme\Software\Winrar\rarext.dll
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2014-03-19 10:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-05-23 15:57 - 2013-05-23 15:57 - 00885576 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
2013-05-23 15:58 - 2013-05-23 15:58 - 02204488 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
2011-01-08 18:32 - 2009-05-07 10:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-01-08 18:32 - 2009-05-07 10:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-01-08 18:32 - 2008-01-18 08:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2011-01-08 18:32 - 2010-03-02 09:31 - 64105984 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-08-02 14:14 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2011-01-08 11:35 - 2010-02-08 18:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2011-01-08 11:35 - 2010-06-01 11:38 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2013-05-23 15:58 - 2013-05-23 15:58 - 00222024 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\wmdrmdll.dll
2014-08-02 14:14 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-08-02 14:14 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-01-08 11:35 - 2010-06-01 11:38 - 00061440 _____ () C:\Program Files\ASUS\TurboV EVO\flashobj.dll
2011-01-08 11:35 - 2009-04-22 21:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
2011-01-08 11:35 - 2010-01-08 18:17 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU\pngio.dll
2011-01-08 11:35 - 2010-01-08 18:17 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
2014-07-24 17:09 - 2014-07-24 17:09 - 03800688 _____ () D:\Programme\Software\Firefox 4.0\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk => C:\Windows\pss\TotalMedia Backup Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe_ID0EYTHM => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: Greenshot => "D:\Programme\Software\Greenshot\Greenshot.exe"
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: PDVD8LanguageShortcut => D:\Programme\DVD\PowerDVD\PowerDVD8\Language\Language.exe
MSCONFIG\startupreg: QuickTime Task => "D:\Programme\Software\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl8 => D:\Programme\DVD\PowerDVD\PowerDVD8\PDVD8Serv.exe

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2014 04:16:43 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (08/02/2014 03:56:11 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (08/02/2014 03:52:07 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (08/02/2014 03:44:00 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (08/02/2014 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x171c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/02/2014 02:24:02 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (08/02/2014 02:19:58 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (08/02/2014 02:15:54 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (08/02/2014 02:07:47 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (08/02/2014 02:06:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x17e4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (08/02/2014 04:03:39 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/02/2014 03:58:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HitmanPro.Alert Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/02/2014 02:14:49 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/30/2014 06:09:07 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/29/2014 08:36:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (07/29/2014 07:48:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/25/2014 05:50:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (07/25/2014 01:32:34 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (07/25/2014 00:37:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk8\DR8 gefunden.

Error: (07/25/2014 10:27:59 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (08/02/2014 04:16:43 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/02/2014 03:56:11 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/02/2014 03:52:07 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/02/2014 03:44:00 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/02/2014 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b171c01cfae5747efd672D:\Programme\Software\Firefox 4.0\plugin-container.exeD:\Programme\Software\Firefox 4.0\mozalloc.dllc8669519-1a4a-11e4-b3b8-20cf30e44452

Error: (08/02/2014 02:24:02 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/02/2014 02:19:58 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/02/2014 02:15:54 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/02/2014 02:07:47 PM) (Source: MsiInstaller) (EventID: 11921) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/02/2014 02:06:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b17e401cfae49da29e6aeD:\Programme\Software\Firefox 4.0\plugin-container.exeD:\Programme\Software\Firefox 4.0\mozalloc.dll6e0df93d-1a3d-11e4-b0fd-20cf30e44452


CodeIntegrity Errors:
===================================
  Date: 2012-01-28 11:55:32.689
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Anwender\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-01-28 11:55:32.651
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Anwender\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-01-28 11:55:32.602
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Programme\Software\EVEREST Ultimate Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-01-28 11:55:32.564
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Programme\Software\EVEREST Ultimate Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8190.18 MB
Available physical RAM: 5897.25 MB
Total Pagefile: 20873.36 MB
Available Pagefile: 18460.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:0.89 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:193.69 GB) NTFS
Drive g: (HITACHI) (Fixed) (Total:931.51 GB) (Free:154.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 59D409A3)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: 0ECD8351)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 3AE1C1A1)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Ich bitte um Hilfe.
Danke und beste Grüße
Dirk

vafar · 02.08.2014, 17:10

und hier noch gmer:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-02 16:30:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 OCZ-VERTEX2 rev.1.25 55,90GB
Running: Gmer-19357.exe; Driver: C:\Users\Anwender\AppData\Local\Temp\fxldqpoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[732] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                              0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[732] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                  0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                               0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000077251465 2 bytes [25, 77]
.text  C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           00000000772514bb 2 bytes [25, 77]
.text  ...                                                                                                                                                         * 2
.text  C:\Windows\system32\nvvsvc.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                   0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\nvvsvc.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                       0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\nvvsvc.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                    0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\nvvsvc.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\svchost.exe[272] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\svchost.exe[272] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\svchost.exe[272] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\svchost.exe[272] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                        0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                            0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                         0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                     0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                  0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                      0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                   0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                               0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\System32\spoolsv.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\System32\spoolsv.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\System32\spoolsv.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\System32\spoolsv.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\taskhost.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\taskhost.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\taskhost.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\taskhost.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                             0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                    0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                        0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1696] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                     0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                     0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                         0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                      0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                  0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                        0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                            0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                         0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[1808] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                       0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[1808] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                           0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe[1808] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                        0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Windows\Explorer.EXE[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                         0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\Explorer.EXE[1852] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                             0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\Explorer.EXE[1852] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                          0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\Explorer.EXE[1852] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                                      0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\taskeng.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\SysWOW64\bgsvcgen.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Windows\SysWOW64\bgsvcgen.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                    0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Windows\SysWOW64\bgsvcgen.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                 0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                    0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Windows\DAODx.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                            0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Windows\DAODx.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                                0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Windows\DAODx.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                             0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                 0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                     0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                  0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                             0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                 0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                              0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                          0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                       0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                           0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                        0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\System32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\System32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\System32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\System32\svchost.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                      0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                          0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                       0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000077251465 2 bytes [25, 77]
.text  C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000772514bb 2 bytes [25, 77]
.text  ...                                                                                                                                                         * 2
.text  C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                    0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                        0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                     0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                         0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2456] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                             0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2456] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                          0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2456] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                      0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                             0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                 0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                              0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000077251465 2 bytes [25, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000772514bb 2 bytes [25, 77]
.text  ...                                                                                                                                                         * 2
.text  C:\Program Files\Windows Sidebar\sidebar.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                    0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Program Files\Windows Sidebar\sidebar.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                        0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Program Files\Windows Sidebar\sidebar.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                     0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Program Files\Windows Sidebar\sidebar.exe[2768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                 0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  D:\Hardware\Kies\Kies.exe[2812] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                       0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  D:\Hardware\Kies\Kies.exe[2812] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                           0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  D:\Hardware\Kies\Kies.exe[2812] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                        0000000077dd0038 5 bytes JMP 0000000175688d80
.text  D:\Hardware\Kies\Kies.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                     0000000077251465 2 bytes [25, 77]
.text  D:\Hardware\Kies\Kies.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                    00000000772514bb 2 bytes [25, 77]
.text  ...                                                                                                                                                         * 2
.text  D:\Hardware\Kies\External\FirmwareUpdate\KiesPDLR.exe[2932] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                                     0000000077dc000c 1 byte [C3]
.text  D:\Hardware\Kies\External\FirmwareUpdate\KiesPDLR.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                           0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  D:\Hardware\Kies\External\FirmwareUpdate\KiesPDLR.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                               0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  D:\Hardware\Kies\External\FirmwareUpdate\KiesPDLR.exe[2932] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                            0000000077dd0038 5 bytes JMP 0000000175688d80
.text  D:\Hardware\Kies\External\FirmwareUpdate\KiesPDLR.exe[2932] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                0000000077e4f8ea 5 bytes JMP 0000000177dfd5c1
.text  C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2960] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                             0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2960] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                 0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2960] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                              0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                     0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                         0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000077251465 2 bytes [25, 77]
.text  C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000772514bb 2 bytes [25, 77]
.text  ...                                                                                                                                                         * 2
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                   0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                       0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                    0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\syswow64\USER32.dll!GetMenu + 412                                            0000000076c951dd 7 bytes JMP 0000000110053ac0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407                                       0000000076c9610b 7 bytes JMP 0000000110053c10
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131                         0000000076c9c6c1 7 bytes JMP 0000000110053bf0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199                                0000000076cdfc98 7 bytes JMP 0000000110053c60
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52                                 0000000076cdfcd1 7 bytes JMP 0000000110053d30
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31                                       0000000076cdfcf5 7 bytes JMP 0000000110053ce0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000077251465 2 bytes [25, 77]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000772514bb 2 bytes [25, 77]
.text  ...                                                                                                                                                         * 2
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                             0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                 0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                              0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                          0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe[2512] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                 0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe[2512] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                     0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe[2512] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                  0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\ASUS\EPU\EPU.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                         0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\ASUS\EPU\EPU.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                             0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\ASUS\EPU\EPU.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                          0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[1128] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                               0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[1128] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                   0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[1128] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory  0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory      0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory   0000000077dd0038 5 bytes JMP 0000000175688d80
.text  D:\Programme\Software\Winamp\winampa.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                        0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  D:\Programme\Software\Winamp\winampa.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                            0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  D:\Programme\Software\Winamp\winampa.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                         0000000077dd0038 5 bytes JMP 0000000175688d80
.text  D:\Hardware\Kies\KiesTrayAgent.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                              0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  D:\Hardware\Kies\KiesTrayAgent.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                  0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  D:\Hardware\Kies\KiesTrayAgent.exe[3184] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                               0000000077dd0038 5 bytes JMP 0000000175688d80
.text  D:\Hardware\Kies\KiesTrayAgent.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            0000000077251465 2 bytes [25, 77]
.text  D:\Hardware\Kies\KiesTrayAgent.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                           00000000772514bb 2 bytes [25, 77]
.text  ...                                                                                                                                                         * 2
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                          0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                              0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3228] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                           0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                    0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                 0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                       0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                           0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                        0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                    0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\conhost.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\svchost.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\svchost.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\svchost.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\svchost.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files (x86)\Nero\Update\NASvc.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                    0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Program Files (x86)\Nero\Update\NASvc.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                        0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Program Files (x86)\Nero\Update\NASvc.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                     0000000077dd0038 5 bytes JMP 0000000175688d80
.text  C:\Windows\system32\msiexec.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\msiexec.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\msiexec.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\msiexec.exe[2536] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\AUDIODG.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\AUDIODG.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\AUDIODG.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\AUDIODG.EXE[1788] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                          0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                              0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                           0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                       0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\wbem\wmiprvse.exe[2552] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                           0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\wbem\wmiprvse.exe[2552] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                               0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\wbem\wmiprvse.exe[2552] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\wbem\wmiprvse.exe[2552] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                        0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Windows\system32\taskeng.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 0000000077c21430 5 bytes JMP 0000000177bc0010
.text  C:\Windows\system32\taskeng.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     0000000077c21490 5 bytes JMP 0000000177bc0028
.text  C:\Windows\system32\taskeng.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  0000000077c217b0 1 byte JMP 0000000177bc0040
.text  C:\Windows\system32\taskeng.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2                                                              0000000077c217b2 3 bytes {JMP 0xfffffffffff9e890}
.text  C:\Users\Anwender\Desktop\Gmer-19357.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                        0000000077dcfac0 5 bytes JMP 0000000175688cf0
.text  C:\Users\Anwender\Desktop\Gmer-19357.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                            0000000077dcfb58 5 bytes JMP 0000000175688ea0
.text  C:\Users\Anwender\Desktop\Gmer-19357.exe[1564] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                         0000000077dd0038 5 bytes JMP 0000000175688d80

---- EOF - GMER 2.1 ----

Hallo nochmal,
nachdem ich also eine alte MBAM-version manuell deinstalliert habe. Ließ sich die aktuelle Version installieren und starten.
Es wurden einige Funde gefunden und entfernt.
Firefox verhält sich auch wieder normal.
Ich würde mich aber freuen, wenn ein Profi mal einen Blick drauf wirft.
Danke und Gruß
Dirk

schrauber · 05.08.2014, 08:10

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

vafar · 05.08.2014, 19:25

Hallo Schrauber,
Danke für die Anweisungen.
ich habe Combofix laufen lassen- nachdem alle Anti-Programme gestoppt worden sind - jedoch wurde nach Beendigung keine Logdatei erzeugt. Stattdessen gibt es eine Verknüpfung mit dem Namen Combofix, welche auf "computer" verlinkt.
Es sah zumindest so aus als combofix fertig war. Im Dos-fenster blinkte der Cursor, als ob er auf eine Eingabe wartet.

War das zu früh?

Danke und Gruß
Dirk

schrauber · 06.08.2014, 15:21

Combofix löschen und neu laden, nochmal laufen lassen.

vafar · 08.08.2014, 08:26

hier ist das combofixlog:

Code:

ATTFilter

ComboFix 14-08-06.02 - Anwender 08.08.2014   9:08.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8190.5976 [GMT 2:00]
ausgeführt von:: c:\users\Anwender\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-08 bis 2014-08-08  ))))))))))))))))))))))))))))))
.
.
2014-08-02 15:17 . 2014-08-08 07:15	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-02 15:17 . 2014-08-02 15:17	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-02 15:17 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-02 14:19 . 2014-08-02 14:20	--------	d-----w-	C:\FRST
2014-08-02 14:07 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-08-02 13:53 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-02 12:14 . 2014-08-02 12:14	--------	d-----w-	c:\programdata\Sony
2014-08-02 12:06 . 2014-08-02 12:06	--------	d-----w-	c:\users\Anwender\.android
2014-08-02 12:06 . 2014-08-02 14:08	--------	d-----w-	c:\program files (x86)\Yawtix
2014-07-30 15:29 . 2014-07-25 13:50	1291280	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-07-30 15:29 . 2014-07-25 13:50	1715224	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-07-22 17:06 . 2014-07-22 17:06	--------	d-----w-	c:\program files (x86)\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-08 07:15 . 2011-03-28 17:36	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-07 16:08 . 2014-06-27 18:31	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-07-25 13:50 . 2013-11-29 12:54	1126480	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2013-11-29 12:54	1283136	----a-w-	c:\windows\system32\nvspcap64.dll
2014-07-24 14:58 . 2014-03-13 15:55	42040	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-07-23 08:52 . 2011-01-08 09:36	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-07-11 01:02 . 2013-10-17 21:16	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-10 19:00 . 2011-01-08 09:48	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-07-08 18:42 . 2012-03-30 09:22	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 18:42 . 2011-05-13 10:45	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-03 15:57 . 2014-03-05 18:09	117712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-07-02 20:48 . 2014-02-18 18:33	16122344	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2013-11-29 12:51	2814656	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2013-11-29 12:51	14498552	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2013-10-27 08:12	965312	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2013-10-27 08:12	3196816	----a-w-	c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2013-09-17 20:22	18626304	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2013-09-17 20:22	17555104	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-07-02 18:55 . 2013-11-15 17:47	6783776	----a-w-	c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2013-11-15 17:47	3522392	----a-w-	c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2013-11-15 17:47	935368	----a-w-	c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2013-11-15 17:47	62808	----a-w-	c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2013-11-15 17:47	386520	----a-w-	c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2013-11-15 17:47	2559960	----a-w-	c:\windows\system32\nvsvcr.dll
2014-07-02 10:14 . 2013-11-15 17:47	3826628	----a-w-	c:\windows\system32\nvcoproc.bin
2014-06-03 15:36 . 2014-03-05 18:09	130584	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-06-03 08:41 . 2013-03-08 21:20	589008	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-05-20 02:44 . 2014-05-28 16:57	1889112	----a-w-	c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-28 16:57	1541576	----a-w-	c:\windows\system32\nvdispgenco6433788.dll
2014-05-12 05:25 . 2014-01-08 22:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 08:39	1730264	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 08:39	1730264	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 08:39	1730264	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"KiesPreload"="d:\hardware\Kies\Kies.exe" [2013-09-04 1564528]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-05-08 746376]
"Spotify Web Helper"="c:\users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-06-20 1176632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"WinampAgent"="d:\programme\Software\Winamp\winampa.exe" [2012-06-28 74752]
"KiesTrayAgent"="d:\hardware\Kies\KiesTrayAgent.exe" [2013-09-04 311152]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"NBAgent"="d:\programme\Software\Nero11\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 cpuz130;cpuz130;c:\users\Anwender\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Anwender\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AAV UpdateService;AAV UpdateService;d:\programme\Software\SSE 2012\AAVUpdateManager\aavus.exe;d:\programme\Software\SSE 2012\AAVUpdateManager\aavus.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 networx;networx;c:\windows\system32\drivers\networx.sys;c:\windows\SYSNATIVE\drivers\networx.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/01/12 18:44];d:\programme\DVD\PowerDVD\PowerDVD8\000.fcl;d:\programme\DVD\PowerDVD\PowerDVD8\000.fcl [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [x]
S2 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-22 17:25	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:42]
.
2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08 22:52]
.
2014-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08 22:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{1606DC18-9578-4cbd-8312-8E9868F06A1D}"="\cmdinstall.exe -cmdfile" [X]
"Snappy Fax Printer virtual printer agent"="d:\programme\Software\Snappy Fax Version 5\sfpagent.exe" [2009-10-05 116224]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - d:\programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - d:\programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - d:\programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - d:\programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Verknüpfungsziel in Adobe PDF konvertieren - d:\programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\programme\Software\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: gmx.net\service
TCP: DhcpNameServer = 192.168.2.1
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\pdjlvypb.default\
FF - prefs.js: browser.startup.homepage - hxxps://news.google.de/nwshp?hl=de&tab=wn&ei=lAzQUtrZCITHsQah_oFg&ved=0CAsQqS4oCA
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-UnityWebPlayer - c:\users\Anwender\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\programme\DVD\PowerDVD\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1197555270-2701532614-4018344089-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:79,1f,06,b6,d6,49,b5,4e,64,91,32,51,a8,63,b0,5a,2f,ab,a5,c8,ee,a6,a6,
   de,c5,f7,f6,0d,a8,85,e9,16,78,c4,aa,14,a5,24,fb,29,bb,50,c2,73,57,80,b8,87,\
"??"=hex:fc,bb,8a,2e,7c,92,3e,a2,b0,81,0c,a3,a8,eb,1c,ce
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\DAODx.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe
c:\program files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
c:\program files (x86)\Avira\AntiVir Desktop\avwsc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-08  09:17:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-08-08 07:17
.
Vor Suchlauf: 6.042.427.392 Bytes frei
Nach Suchlauf: 5.549.326.336 Bytes frei
.
- - End Of File - - 809E12E77ABFCB153C11146CB7BED334
A36C5E4F47E84449FF07ED3517B43A31

gruß
dirk

schrauber · 09.08.2014, 09:45

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

06.08.2014, 15:21	#5
schrauber /// the machine /// TB-Ausbilder	Windows 7: Anti Malwarebytes startet nicht Combofix löschen und neu laden, nochmal laufen lassen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7: Anti Malwarebytes startet nicht

Plagegeister aller Art und deren Bekämpfung: Windows 7: Anti Malwarebytes startet nicht