Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Plagegeister aller Art und deren Bekämpfung: Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 15.08.2014, 10:48   #1
CapF
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Hallo,

schon vor über einer Woche habe ich ohne es zu wollen scheinbar Yourfile Downloader installiert. Jetzt öffnet sich jedes Mal beim Hochfahren ein Fenster ob ich Daten runterladen will und beim Drücken von Cancel öffnet sich Mozilla mit irgendeiner Werbeseite. Ich will den Mist weghaben, finde aber nichts in den Systemprogrammen. Habe Windows 7. Hier habe ich schon einige Threads mit dem gleichen Thema gefunden und deswegen auch schon einige Scans gemacht, das Problem besteht allerdings noch immer.

Was habe ich bisher gemacht:
1. AdwCleaner installiert, Scan, gefundenes gelöscht
Die Logs poste ich, wenn mir jemand auf mein Thema geantwortet hat, da der Post sonst zu lang gewesen wäre und ich sicher gehen wollte, dass jemand diesen Post hier liest.
2. Malwarebytes installiert, Scan, gefundenes gelöscht

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.08.2014
Suchlauf-Zeit: 22:45:58
Logdatei: malwarbytes.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.03.07
Rootkit Datenbank: v2014.08.01.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: David

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 295027
Verstrichene Zeit: 10 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.Adanak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Adanak, In Quarantäne, [231079496516e84e60255485a260ae52], 
PUP.Optional.Adanak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Adanak, In Quarantäne, [78bb80423f3cdd595432bb1e49b93ec2], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.Adanak.A, C:\Users\David\AppData\Local\Temp\Adanak, In Quarantäne, [88ab348e4338290d51308245ee140cf4], 

Dateien: 5
PUP.Optional.SkyTech.A, C:\Users\David\AppData\Local\Temp\fullpackage_temp1391036377\package1.zip, In Quarantäne, [7fb4a81a8feca294161f22104ab6936d], 
PUP.Optional.SkyTech.A, C:\Users\David\AppData\Local\Temp\fullpackage_temp1391036377\QQBrowserFrame.dll, In Quarantäne, [d55ef5cdaad13afcf342b57d03fd9070], 
PUP.Optional.SupTab.A, C:\Users\David\AppData\Local\Temp\fullpackage_temp1391036377\tmp\SupTab.exe, In Quarantäne, [e54e645edaa11026046766cf6b955ba5], 
PUP.Optional.WpManager, C:\Users\David\AppData\Local\Temp\fullpackage_temp1391036377\tmp\wpm.exe, In Quarantäne, [161dd7ebb8c3b383c0cd0763837e966a], 
PUP.Optional.Adanak.A, C:\Users\David\AppData\Local\Temp\Adanak\7za.exe, In Quarantäne, [88ab348e4338290d51308245ee140cf4], 

Physische Sektoren: 0
(No malicious items detected)


(end)
2. FRST Scan

Der erste Log:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by David (administrator) on DAVID-PC on 15-08-2014 11:16:19
Running from C:\Users\David\Downloads
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3319816922-1198177196-631927581-1000\...\Run: [Facebook Update] => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-01] (Facebook Inc.)
HKU\S-1-5-21-3319816922-1198177196-631927581-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-08] (SUPERAntiSpyware)
HKU\S-1-5-21-3319816922-1198177196-631927581-1000\...\MountPoints2: {f61259f4-746a-11e3-b4df-208984c7e943} - F:\iStudio.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x542785B63EE6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yk1rti3k.default-1407874553025
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\David\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-24] (Avira Operations GmbH & Co. KG)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-15] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 11:16 - 2014-08-15 11:17 - 00010103 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-15 11:16 - 2014-08-15 11:16 - 00000000 ____D () C:\FRST
2014-08-15 11:15 - 2014-08-15 11:15 - 02100224 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-08-15 11:13 - 2014-08-15 11:13 - 00002186 _____ () C:\Users\David\Desktop\malwarbytes.txt
2014-08-14 10:12 - 2014-08-14 10:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-14 10:12 - 2014-08-14 10:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-13 10:47 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 10:47 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 10:47 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 10:47 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 10:47 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 10:47 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 10:46 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 10:46 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 10:43 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 10:43 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 10:43 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 10:43 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 10:43 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 10:43 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 10:43 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 10:43 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 10:43 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 10:43 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 10:43 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 10:43 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 10:43 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 10:43 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 10:43 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 10:43 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 10:43 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 10:43 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 10:43 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 10:43 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 10:43 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 10:43 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 10:43 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 10:43 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 10:43 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 10:43 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 10:43 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 10:43 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 10:43 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 10:43 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 10:43 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 10:43 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 10:43 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 10:43 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 10:43 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 10:43 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 10:43 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 10:43 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 10:43 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 10:43 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 10:43 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 10:43 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 10:43 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 10:43 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 10:43 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 10:43 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 10:43 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 10:43 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 10:43 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 10:43 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 10:43 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 10:43 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 10:43 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 10:43 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 10:43 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 10:43 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 10:42 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 10:42 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 10:42 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 10:42 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 10:41 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 10:41 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 10:41 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 10:41 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 10:41 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 10:41 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 10:41 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 10:41 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 10:41 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 10:41 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 10:41 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 10:40 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 10:40 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 10:40 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 10:40 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 10:40 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 10:40 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 22:45 - 2014-08-12 22:45 - 00000627 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-12 22:39 - 2014-08-12 22:39 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 22:39 - 2014-08-12 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 22:36 - 2014-08-13 13:07 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c.job
2014-08-12 22:36 - 2014-08-13 02:00 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4.job
2014-08-12 22:36 - 2014-08-12 22:36 - 00003584 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4
2014-08-12 22:36 - 2014-08-12 22:36 - 00003510 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c
2014-08-12 22:33 - 2014-08-12 22:33 - 01366203 _____ () C:\Users\David\Downloads\adwcleaner_3.304.exe
2014-08-12 22:15 - 2014-08-12 22:15 - 00000000 ____D () C:\Users\David\Desktop\Alte Firefox-Daten
2014-08-11 13:07 - 2014-08-11 13:07 - 00000000 ____D () C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-08-11 13:06 - 2014-08-15 10:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-11 13:06 - 2014-08-11 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-11 13:06 - 2014-08-11 13:06 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-11 13:06 - 2014-08-11 13:06 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-11 13:05 - 2014-08-11 13:05 - 18701616 _____ (SUPERAntiSpyware) C:\Users\David\Downloads\SUPERAntiSpyware.exe
2014-08-10 16:23 - 2014-08-10 16:23 - 00007523 _____ () C:\Users\David\Downloads\hijackthis.log
2014-08-10 16:20 - 2014-08-10 16:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\David\Downloads\HijackThis.exe
2014-08-03 22:45 - 2014-08-15 11:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 22:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 22:42 - 2014-08-03 22:45 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-03 22:42 - 2014-08-03 22:45 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes
2014-08-03 22:42 - 2014-08-03 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 22:42 - 2014-08-03 22:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-03 22:42 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-03 22:41 - 2014-08-03 22:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.75.0.1300.exe
2014-08-03 22:36 - 2014-08-12 22:35 - 00000000 ____D () C:\AdwCleaner
2014-08-03 22:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 22:35 - 2014-08-03 22:35 - 01361309 _____ () C:\Users\David\Downloads\adwcleaner_3.302.exe
2014-08-03 10:48 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 10:48 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 10:48 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 10:48 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 10:47 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 10:47 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 10:47 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 10:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 10:47 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 10:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-03 01:22 - 2014-08-03 12:14 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-08-03 01:22 - 2014-08-03 01:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-03 01:21 - 2014-08-03 01:21 - 00003176 _____ () C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter
2014-07-24 06:12 - 2014-07-24 06:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-19 19:44 - 2014-07-27 16:13 - 00000000 ____D () C:\Users\David\Desktop\Podcast Portugiesisch
2014-07-19 10:17 - 2014-07-19 10:17 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-07-19 10:14 - 2014-07-19 10:15 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\David\Downloads\FreeYouTubeToMP3Converter-3.12.42.716.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 11:17 - 2014-08-15 11:16 - 00010103 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-15 11:17 - 2013-12-10 22:32 - 00000000 ____D () C:\Users\David\Documents\Outlook-Dateien
2014-08-15 11:16 - 2014-08-15 11:16 - 00000000 ____D () C:\FRST
2014-08-15 11:15 - 2014-08-15 11:15 - 02100224 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-08-15 11:13 - 2014-08-15 11:13 - 00002186 _____ () C:\Users\David\Desktop\malwarbytes.txt
2014-08-15 11:08 - 2014-08-03 22:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 11:06 - 2013-11-21 11:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 10:44 - 2009-07-14 06:50 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 10:44 - 2009-07-14 06:50 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 10:40 - 2013-11-20 21:16 - 01090126 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 10:39 - 2014-01-25 16:23 - 00283648 ___SH () C:\Users\David\Desktop\Thumbs.db
2014-08-15 10:37 - 2014-08-11 13:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-15 10:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 10:36 - 2009-07-14 06:56 - 00058364 _____ () C:\Windows\setupact.log
2014-08-15 08:35 - 2014-02-01 00:30 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000UA.job
2014-08-15 08:34 - 2009-07-14 06:50 - 00416360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 10:12 - 2014-08-14 10:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-14 10:12 - 2014-08-14 10:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 10:12 - 2013-11-21 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-14 10:12 - 2013-11-21 00:44 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 10:12 - 2013-11-21 00:44 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-13 13:07 - 2014-08-12 22:36 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c.job
2014-08-13 12:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 10:55 - 2013-12-10 11:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 10:45 - 2014-05-06 20:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 02:00 - 2014-08-12 22:36 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4.job
2014-08-12 22:45 - 2014-08-12 22:45 - 00000627 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-12 22:39 - 2014-08-12 22:39 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 22:39 - 2014-08-12 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 22:36 - 2014-08-12 22:36 - 00003584 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4
2014-08-12 22:36 - 2014-08-12 22:36 - 00003510 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c
2014-08-12 22:35 - 2014-08-03 22:36 - 00000000 ____D () C:\AdwCleaner
2014-08-12 22:35 - 2010-11-21 05:47 - 00237972 _____ () C:\Windows\PFRO.log
2014-08-12 22:33 - 2014-08-12 22:33 - 01366203 _____ () C:\Users\David\Downloads\adwcleaner_3.304.exe
2014-08-12 22:15 - 2014-08-12 22:15 - 00000000 ____D () C:\Users\David\Desktop\Alte Firefox-Daten
2014-08-11 23:35 - 2014-02-01 00:30 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000Core.job
2014-08-11 13:07 - 2014-08-11 13:07 - 00000000 ____D () C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-08-11 13:07 - 2014-08-11 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-11 13:06 - 2014-08-11 13:06 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-11 13:06 - 2014-08-11 13:06 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-11 13:05 - 2014-08-11 13:05 - 18701616 _____ (SUPERAntiSpyware) C:\Users\David\Downloads\SUPERAntiSpyware.exe
2014-08-10 16:23 - 2014-08-10 16:23 - 00007523 _____ () C:\Users\David\Downloads\hijackthis.log
2014-08-10 16:21 - 2013-11-20 14:39 - 00000000 ____D () C:\Users\David\AppData\Local\VirtualStore
2014-08-10 16:20 - 2014-08-10 16:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\David\Downloads\HijackThis.exe
2014-08-08 20:41 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-07 04:06 - 2014-08-13 10:40 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 10:40 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-03 22:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Web
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-08-03 22:42 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-03 22:45 - 2014-08-03 22:42 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes
2014-08-03 22:45 - 2014-08-03 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 22:45 - 2014-08-03 22:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-03 22:41 - 2014-08-03 22:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.75.0.1300.exe
2014-08-03 22:37 - 2014-01-29 00:15 - 00001079 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-03 22:37 - 2013-11-21 00:40 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-03 22:37 - 2013-11-20 14:40 - 00000995 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-03 22:37 - 2013-11-20 14:39 - 00000000 ____D () C:\Users\David
2014-08-03 22:35 - 2014-08-03 22:35 - 01361309 _____ () C:\Users\David\Downloads\adwcleaner_3.302.exe
2014-08-03 12:14 - 2014-08-03 01:22 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-08-03 12:13 - 2009-07-14 04:34 - 00000269 _____ () C:\Windows\win.ini
2014-08-03 01:22 - 2014-08-03 01:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-03 01:22 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-03 01:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-03 01:21 - 2014-08-03 01:21 - 00003176 _____ () C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter
2014-08-01 01:41 - 2014-08-13 10:43 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 10:43 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-27 18:36 - 2014-01-01 17:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\vlc
2014-07-27 16:13 - 2014-07-19 19:44 - 00000000 ____D () C:\Users\David\Desktop\Podcast Portugiesisch
2014-07-25 16:52 - 2014-08-13 10:43 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 10:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 10:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 10:43 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 10:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 10:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 10:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 10:43 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 10:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 10:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 10:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 10:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 10:43 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 10:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 10:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 10:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 10:43 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 10:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 10:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 10:43 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 10:43 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 10:43 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 10:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 10:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 10:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 10:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 10:43 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 10:43 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 10:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 10:43 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 10:43 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 10:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 10:43 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 10:43 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 10:43 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 10:43 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 10:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 10:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 10:43 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 10:43 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 10:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 10:43 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 10:43 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 10:43 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 10:43 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 10:43 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 10:43 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 10:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 10:43 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 10:43 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-25 06:24 - 2013-11-21 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-24 22:30 - 2013-11-21 00:44 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 06:12 - 2014-07-24 06:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-19 10:17 - 2014-07-19 10:17 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-07-19 10:16 - 2014-01-28 21:28 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-07-19 10:16 - 2014-01-28 21:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2014-07-19 10:16 - 2014-01-28 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-19 10:16 - 2014-01-28 21:28 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-19 10:15 - 2014-07-19 10:14 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\David\Downloads\FreeYouTubeToMP3Converter-3.12.42.716.exe
2014-07-16 05:25 - 2014-08-13 10:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-16 05:23 - 2014-08-13 10:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-07-16 04:46 - 2014-08-13 10:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-07-16 04:46 - 2014-08-13 10:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-16 04:12 - 2014-08-13 10:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\84484uninstall.exe
C:\Users\David\AppData\Local\Temp\avgnt.exe
C:\Users\David\AppData\Local\Temp\BackupSetup.exe
C:\Users\David\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\David\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\David\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\David\AppData\Local\Temp\htmlayout.dll
C:\Users\David\AppData\Local\Temp\install7131334.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\David\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\David\AppData\Local\Temp\Sqlite3.dll
C:\Users\David\AppData\Local\Temp\toolbar7129711.exe
C:\Users\David\AppData\Local\Temp\toolbar7131851.exe
C:\Users\David\AppData\Local\Temp\toolbar7132003.exe
C:\Users\David\AppData\Local\Temp\toolbar7132371.exe
C:\Users\David\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-11 12:01

==================== End Of Log ============================
Additional:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014
Ran by David at 2014-08-15 11:17:38
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1128 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-06-2014 20:34:16 Geplanter Prüfpunkt
29-06-2014 13:25:32 TuneUp Utilities 2014 wird entfernt
29-06-2014 13:26:29 TuneUp Utilities 2014 (de-DE) wird entfernt
09-07-2014 18:02:59 Windows Update
19-07-2014 14:58:47 Windows Update
03-08-2014 08:46:38 Windows Update
13-08-2014 08:45:20 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E098173-6F02-4A00-B679-9CDB3C337E60} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000Core => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-01] (Facebook Inc.)
Task: {483B700B-9844-4827-B1F5-569D9E04B987} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {649D9B0B-FF65-4037-A42F-12132EC78B15} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {85BAF5D9-F680-45FA-92AE-37451C9BCD22} - System32\Tasks\YourFile DownloaderInstaller Starter => C:\Users\David\AppData\Local\Temp\install7131334.exe [2014-08-03] (hxxp://yourfiledownloader.net) <==== ATTENTION
Task: {A832E67C-15C0-4565-B893-418CB1AC2015} - System32\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {B3D1F0DE-8B86-4A9C-97C4-C8E3B4A7EF8E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000UA => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-01] (Facebook Inc.)
Task: {E2E1CDD0-9D9A-4AC4-8290-62A5BD34D291} - System32\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000Core.job => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000UA.job => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-02-15 02:53 - 2012-02-15 02:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-15 04:36 - 2013-02-15 04:36 - 01554496 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-08-14 10:12 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\David\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-24 06:12 - 2014-07-24 06:12 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-09 19:19 - 2014-07-09 19:19 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:51E9F892

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2014 10:38:06 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2014 10:38:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2014 10:37:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2014 10:37:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2014 08:36:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2014 08:36:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: David-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/15/2014 08:36:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2014 08:36:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2014 08:35:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/14/2014 11:51:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: David-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (08/15/2014 10:38:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/15/2014 10:37:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/15/2014 10:37:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/15/2014 10:36:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/15/2014 08:36:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/15/2014 08:36:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/15/2014 08:36:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/15/2014 08:34:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/14/2014 11:51:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/14/2014 11:50:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (08/15/2014 10:38:06 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2014 10:38:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2014 10:37:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2014 10:37:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2014 08:36:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2014 08:36:34 AM) (Source: MsiInstaller) (EventID: 1024) (User: David-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/15/2014 08:36:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/15/2014 08:36:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2014 08:35:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/14/2014 11:51:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: David-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 3914.36 MB
Available physical RAM: 2499.32 MB
Total Pagefile: 7826.89 MB
Available Pagefile: 6099.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:150.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9ABFF84B)
Partition 1: (Not Active) - (Size=233 GB) - (Type=83)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
4. Junkware Removal Tool Scan

Log:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional N x64
Ran by David on 12.08.2014 at 22:40:04,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.08.2014 at 22:45:30,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wie gesagt, den AdwCleaner-Log poste ich, wenn mir jemand geantwortet hat. Der Yourfile-Downloader öffnet sich aber immer noch bei jedem Start. Ich habe echt keine Ahnung, was ich dagegen tun kann. Mache derzeit auch kein Online-Banking, weil ich Angst habe, was da alles ausgelesen werden kann. Außerdem ist mein Rechner richtig langsam geworden.

Gibt es jemanden, der mir bitte helfen kann?

Viele Grüße
David

Alt 15.08.2014, 10:51   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Hi,

AdwCLeaner posten. SInd die FRST Logs frisch nach all den Tools? Wenn ja:

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen


Frisches FRST log bitte.
__________________

__________________
Alt 15.08.2014, 11:31   #3
CapF
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Hi,

vielen Dank für deine schnelle Antwort!

1. Hier der AdwCleaner-Log:

Suchlog:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 03/08/2014 um 22:36:13
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional N Service Pack 1 (64 bits)
# Benutzername : David - DAVID-PC
# Gestartet von : C:\Users\David\Downloads\adwcleaner_3.302.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : IePluginService
Dienst Gefunden : Wpm
Dienst Gefunden : {2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
Datei Gefunden : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
Datei Gefunden : C:\Users\David\AppData\Local\mysearchdial-speeddial.crx
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\searchplugins\zonealarm.xml
Datei Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\user.js
Datei Gefunden : C:\Users\David\daemonprocess.txt
Datei Gefunden : C:\Windows\System32\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys
Datei Gefunden : C:\Windows\System32\roboot64.exe
Ordner Gefunden : C:\Program Files (x86)\BonanzaDeals
Ordner Gefunden : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gefunden : C:\Program Files (x86)\Mobogenie
Ordner Gefunden : C:\Program Files (x86)\MyPC Backup
Ordner Gefunden : C:\Program Files (x86)\SupTab
Ordner Gefunden : C:\ProgramData\BonanzaDealsLive
Ordner Gefunden : C:\ProgramData\IePluginService
Ordner Gefunden : C:\ProgramData\WPM
Ordner Gefunden : C:\Users\David\AppData\Local\BonanzaDealsLive
Ordner Gefunden : C:\Users\David\AppData\Local\Mobogenie
Ordner Gefunden : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\Extensions\lightningnewtab@gmail.com
Ordner Gefunden : C:\Users\David\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\David\AppData\Roaming\Systweak
Ordner Gefunden : C:\Users\David\Documents\Mobogenie
Ordner Gefunden : C:\Users\wangzhisong\AppData\Local\Mobogenie

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS )
Verknüpfung Gefunden : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS )
Verknüpfung Gefunden : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS )
Verknüpfung Gefunden : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS )
Verknüpfung Gefunden : C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS )

***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\blockAndSurf
Schlüssel Gefunden : HKCU\Software\BonanzaDealsLive
Schlüssel Gefunden : HKCU\Software\ClickConnect
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\mysearchdial.com
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : [x64] HKCU\Software\BonanzaDealsLive
Schlüssel Gefunden : [x64] HKCU\Software\ClickConnect
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\mysearchdial.com
Schlüssel Gefunden : [x64] HKCU\Software\SmartBar
Schlüssel Gefunden : HKLM\Software\BonanzaDealsLive
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gefunden : HKLM\Software\IePlugin
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab
Schlüssel Gefunden : HKLM\Software\SupTab
Schlüssel Gefunden : HKLM\Software\supWPM
Schlüssel Gefunden : HKLM\Software\sweet-pageSoftware
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : HKLM\Software\Wpm
Schlüssel Gefunden : HKLM\Software\YourFileDownloader
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lightningnewtab@gmail.com]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fc14c3bf-00c2-816e-d5db-47b9c59279d5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/01/2014&type=hp1000
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fc14c3bf-00c2-816e-d5db-47b9c59279d5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/01/2014&type=hp1000
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.sweet-page.com/?type=hp&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.sweet-page.com/?type=hp&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.sweet-page.com/?type=hp&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fc14c3bf-00c2-816e-d5db-47b9c59279d5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/01/2014&type=hp1000
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fc14c3bf-00c2-816e-d5db-47b9c59279d5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/01/2014&type=hp1000
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fc14c3bf-00c2-816e-d5db-47b9c59279d5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/01/2014&type=hp1000
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fc14c3bf-00c2-816e-d5db-47b9c59279d5&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/01/2014&type=hp1000
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.sweet-page.com/?type=hp&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.sweet-page.com/?type=hp&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1391036406&from=cor&uid=TOSHIBAXMQ01ABD050_3345F75YSXX3345F75YS&q={searchTerms}

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\prefs.js ]

Zeile gefunden : user_pref("extensions.irmysearch.aflt", "irmsd1103");
Zeile gefunden : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gefunden : user_pref("extensions.irmysearch.cr", "1912390639");
Zeile gefunden : user_pref("extensions.irmysearch.instlRef", "");
Zeile gefunden : user_pref("extensions.mysearchdial.aflt", "irmsd1103");
Zeile gefunden : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gefunden : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gefunden : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gefunden : user_pref("extensions.mysearchdial.cr", "1912390639");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gefunden : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gefunden : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gefunden : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gefunden : user_pref("extensions.mysearchdial.hdrMd5", "E81FFFF46BF0009BBDD0313C8C68E89C");
Zeile gefunden : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Zeile gefunden : user_pref("extensions.mysearchdial.id", "0C84DC86825BF8DA");
Zeile gefunden : user_pref("extensions.mysearchdial.instlDay", "16043");
Zeile gefunden : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gefunden : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD[...]
Zeile gefunden : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.017:30:59");
Zeile gefunden : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Zeile gefunden : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gefunden : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.sg", "none");
Zeile gefunden : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Zeile gefunden : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gefunden : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.017:30:59");
Zeile gefunden : user_pref("extensions.zonealarm.dspFFXOld", "sweet-page");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [18147 octets] - [03/08/2014 22:36:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18208 octets] ##########
--- --- ---


Löschen-Log:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 03/08/2014 um 22:37:16
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional N Service Pack 1 (64 bits)
# Benutzername : David - DAVID-PC
# Gestartet von : C:\Users\David\Downloads\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginService
Dienst Gelöscht : Wpm
Dienst Gelöscht : {2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\David\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\David\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\David\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\David\Documents\Mobogenie
Ordner Gelöscht : C:\Users\wangzhisong\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\Extensions\lightningnewtab@gmail.com
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys
Datei Gelöscht : C:\Users\David\daemonprocess.txt
Datei Gelöscht : C:\Users\David\AppData\Local\mysearchdial-speeddial.crx
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\user.js
Datei Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lightningnewtab@gmail.com]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\mysearchdial.com
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\blockAndSurf
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\IePlugin
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4outs96r.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "irmsd1103");
Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1912390639");
Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd1103");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1912390639");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "E81FFFF46BF0009BBDD0313C8C68E89C");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "0C84DC86825BF8DA");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16043");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.017:30:59");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutD0CzzyE0D0CzzyCzztByD0B0Fzz0D0AtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.017:30:59");
Zeile gelöscht : user_pref("extensions.zonealarm.dspFFXOld", "sweet-page");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [18369 octets] - [03/08/2014 22:36:13]
AdwCleaner[S0].txt - [15035 octets] - [03/08/2014 22:37:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15096 octets] ##########
--- --- ---


Ja, die FRST-Logs sind nach allen Tools gewesen.

Habe jetzt auch, wie du beschrieben hast, Firefox restlos gelöscht, wieder installiert und danach zurückgesetzt.

Der neue FRST-Log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by David (administrator) on DAVID-PC on 15-08-2014 12:28:40
Running from C:\Users\David\Downloads
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\David\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3319816922-1198177196-631927581-1000\...\Run: [Facebook Update] => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-01] (Facebook Inc.)
HKU\S-1-5-21-3319816922-1198177196-631927581-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-08] (SUPERAntiSpyware)
HKU\S-1-5-21-3319816922-1198177196-631927581-1000\...\MountPoints2: {f61259f4-746a-11e3-b4df-208984c7e943} - F:\iStudio.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x542785B63EE6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6gfoqpdp.default-1408098033934
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\David\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-24] (Avira Operations GmbH & Co. KG)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-15] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 12:28 - 2014-08-15 12:28 - 02100224 _____ (Farbar) C:\Users\David\Downloads\FRST64(1).exe
2014-08-15 12:16 - 2014-08-15 12:16 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-15 12:16 - 2014-08-15 12:16 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-15 12:16 - 2014-08-15 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 12:16 - 2014-08-15 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-15 12:07 - 2014-08-15 12:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\David\Downloads\revosetup95.exe
2014-08-15 12:07 - 2014-08-15 12:07 - 00001264 _____ () C:\Users\David\Desktop\Revo Uninstaller.lnk
2014-08-15 12:07 - 2014-08-15 12:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-15 11:17 - 2014-08-15 11:18 - 00050862 _____ () C:\Users\David\Downloads\Addition.txt
2014-08-15 11:16 - 2014-08-15 12:28 - 00010240 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-15 11:16 - 2014-08-15 12:28 - 00000000 ____D () C:\FRST
2014-08-15 11:15 - 2014-08-15 11:15 - 02100224 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-08-15 11:13 - 2014-08-15 11:13 - 00002186 _____ () C:\Users\David\Desktop\malwarbytes.txt
2014-08-14 10:12 - 2014-08-14 10:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-14 10:12 - 2014-08-14 10:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-13 10:47 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 10:47 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 10:47 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 10:47 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 10:47 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 10:47 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 10:46 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 10:46 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 10:43 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 10:43 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 10:43 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 10:43 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 10:43 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 10:43 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 10:43 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 10:43 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 10:43 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 10:43 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 10:43 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 10:43 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 10:43 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 10:43 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 10:43 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 10:43 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 10:43 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 10:43 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 10:43 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 10:43 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 10:43 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 10:43 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 10:43 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 10:43 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 10:43 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 10:43 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 10:43 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 10:43 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 10:43 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 10:43 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 10:43 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 10:43 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 10:43 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 10:43 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 10:43 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 10:43 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 10:43 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 10:43 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 10:43 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 10:43 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 10:43 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 10:43 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 10:43 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 10:43 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 10:43 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 10:43 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 10:43 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 10:43 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 10:43 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 10:43 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 10:43 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 10:43 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 10:43 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 10:43 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 10:43 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 10:43 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 10:42 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 10:42 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 10:42 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 10:42 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 10:41 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 10:41 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 10:41 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 10:41 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 10:41 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 10:41 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 10:41 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 10:41 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 10:41 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 10:41 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 10:41 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 10:40 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 10:40 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 10:40 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 10:40 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 10:40 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 10:40 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 22:45 - 2014-08-12 22:45 - 00000627 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-12 22:39 - 2014-08-12 22:39 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 22:39 - 2014-08-12 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 22:36 - 2014-08-13 13:07 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c.job
2014-08-12 22:36 - 2014-08-13 02:00 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4.job
2014-08-12 22:36 - 2014-08-12 22:36 - 00003584 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4
2014-08-12 22:36 - 2014-08-12 22:36 - 00003510 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c
2014-08-12 22:33 - 2014-08-12 22:33 - 01366203 _____ () C:\Users\David\Downloads\adwcleaner_3.304.exe
2014-08-12 22:15 - 2014-08-15 12:20 - 00000000 ____D () C:\Users\David\Desktop\Alte Firefox-Daten
2014-08-11 13:07 - 2014-08-11 13:07 - 00000000 ____D () C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-08-11 13:06 - 2014-08-15 10:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-11 13:06 - 2014-08-11 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-11 13:06 - 2014-08-11 13:06 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-11 13:06 - 2014-08-11 13:06 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-11 13:05 - 2014-08-11 13:05 - 18701616 _____ (SUPERAntiSpyware) C:\Users\David\Downloads\SUPERAntiSpyware.exe
2014-08-10 16:23 - 2014-08-10 16:23 - 00007523 _____ () C:\Users\David\Downloads\hijackthis.log
2014-08-10 16:20 - 2014-08-10 16:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\David\Downloads\HijackThis.exe
2014-08-03 22:45 - 2014-08-15 11:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 22:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 22:42 - 2014-08-03 22:45 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-03 22:42 - 2014-08-03 22:45 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes
2014-08-03 22:42 - 2014-08-03 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 22:42 - 2014-08-03 22:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-03 22:42 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-03 22:41 - 2014-08-03 22:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.75.0.1300.exe
2014-08-03 22:36 - 2014-08-12 22:35 - 00000000 ____D () C:\AdwCleaner
2014-08-03 22:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 22:35 - 2014-08-03 22:35 - 01361309 _____ () C:\Users\David\Downloads\adwcleaner_3.302.exe
2014-08-03 10:48 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 10:48 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 10:48 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 10:48 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 10:47 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 10:47 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 10:47 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 10:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 10:47 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 10:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-03 01:22 - 2014-08-03 12:14 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-08-03 01:22 - 2014-08-03 01:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-03 01:21 - 2014-08-03 01:21 - 00003176 _____ () C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter
2014-07-19 19:44 - 2014-07-27 16:13 - 00000000 ____D () C:\Users\David\Desktop\Podcast Portugiesisch
2014-07-19 10:17 - 2014-07-19 10:17 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-07-19 10:14 - 2014-07-19 10:15 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\David\Downloads\FreeYouTubeToMP3Converter-3.12.42.716.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 12:28 - 2014-08-15 12:28 - 02100224 _____ (Farbar) C:\Users\David\Downloads\FRST64(1).exe
2014-08-15 12:28 - 2014-08-15 11:16 - 00010240 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-15 12:28 - 2014-08-15 11:16 - 00000000 ____D () C:\FRST
2014-08-15 12:20 - 2014-08-12 22:15 - 00000000 ____D () C:\Users\David\Desktop\Alte Firefox-Daten
2014-08-15 12:16 - 2014-08-15 12:16 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-15 12:16 - 2014-08-15 12:16 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-15 12:16 - 2014-08-15 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 12:16 - 2014-08-15 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-15 12:07 - 2014-08-15 12:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\David\Downloads\revosetup95.exe
2014-08-15 12:07 - 2014-08-15 12:07 - 00001264 _____ () C:\Users\David\Desktop\Revo Uninstaller.lnk
2014-08-15 12:07 - 2014-08-15 12:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-15 12:06 - 2013-11-21 11:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 11:35 - 2014-02-01 00:30 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000UA.job
2014-08-15 11:18 - 2014-08-15 11:17 - 00050862 _____ () C:\Users\David\Downloads\Addition.txt
2014-08-15 11:17 - 2013-12-10 22:32 - 00000000 ____D () C:\Users\David\Documents\Outlook-Dateien
2014-08-15 11:15 - 2014-08-15 11:15 - 02100224 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-08-15 11:13 - 2014-08-15 11:13 - 00002186 _____ () C:\Users\David\Desktop\malwarbytes.txt
2014-08-15 11:08 - 2014-08-03 22:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 10:44 - 2009-07-14 06:50 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 10:44 - 2009-07-14 06:50 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 10:40 - 2013-11-20 21:16 - 01090126 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 10:39 - 2014-01-25 16:23 - 00283648 ___SH () C:\Users\David\Desktop\Thumbs.db
2014-08-15 10:37 - 2014-08-11 13:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-15 10:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 10:36 - 2009-07-14 06:56 - 00058364 _____ () C:\Windows\setupact.log
2014-08-15 08:34 - 2009-07-14 06:50 - 00416360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 10:12 - 2014-08-14 10:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-14 10:12 - 2014-08-14 10:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 10:12 - 2013-11-21 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-14 10:12 - 2013-11-21 00:44 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 10:12 - 2013-11-21 00:44 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-13 13:07 - 2014-08-12 22:36 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c.job
2014-08-13 12:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 10:55 - 2013-12-10 11:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 10:45 - 2014-05-06 20:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 02:00 - 2014-08-12 22:36 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4.job
2014-08-12 22:45 - 2014-08-12 22:45 - 00000627 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-12 22:39 - 2014-08-12 22:39 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 22:39 - 2014-08-12 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 22:36 - 2014-08-12 22:36 - 00003584 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4
2014-08-12 22:36 - 2014-08-12 22:36 - 00003510 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c
2014-08-12 22:35 - 2014-08-03 22:36 - 00000000 ____D () C:\AdwCleaner
2014-08-12 22:35 - 2010-11-21 05:47 - 00237972 _____ () C:\Windows\PFRO.log
2014-08-12 22:33 - 2014-08-12 22:33 - 01366203 _____ () C:\Users\David\Downloads\adwcleaner_3.304.exe
2014-08-11 23:35 - 2014-02-01 00:30 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000Core.job
2014-08-11 13:07 - 2014-08-11 13:07 - 00000000 ____D () C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-08-11 13:07 - 2014-08-11 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-11 13:06 - 2014-08-11 13:06 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-11 13:06 - 2014-08-11 13:06 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-11 13:05 - 2014-08-11 13:05 - 18701616 _____ (SUPERAntiSpyware) C:\Users\David\Downloads\SUPERAntiSpyware.exe
2014-08-10 16:23 - 2014-08-10 16:23 - 00007523 _____ () C:\Users\David\Downloads\hijackthis.log
2014-08-10 16:21 - 2013-11-20 14:39 - 00000000 ____D () C:\Users\David\AppData\Local\VirtualStore
2014-08-10 16:20 - 2014-08-10 16:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\David\Downloads\HijackThis.exe
2014-08-08 20:41 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-07 04:06 - 2014-08-13 10:40 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 10:40 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-03 22:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Web
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-08-03 22:42 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-03 22:45 - 2014-08-03 22:42 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes
2014-08-03 22:45 - 2014-08-03 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 22:45 - 2014-08-03 22:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-03 22:41 - 2014-08-03 22:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.75.0.1300.exe
2014-08-03 22:37 - 2013-11-20 14:40 - 00000995 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-03 22:37 - 2013-11-20 14:39 - 00000000 ____D () C:\Users\David
2014-08-03 22:35 - 2014-08-03 22:35 - 01361309 _____ () C:\Users\David\Downloads\adwcleaner_3.302.exe
2014-08-03 12:14 - 2014-08-03 01:22 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-08-03 12:13 - 2009-07-14 04:34 - 00000269 _____ () C:\Windows\win.ini
2014-08-03 01:22 - 2014-08-03 01:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-03 01:22 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-03 01:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-03 01:21 - 2014-08-03 01:21 - 00003176 _____ () C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter
2014-08-01 01:41 - 2014-08-13 10:43 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 10:43 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-27 18:36 - 2014-01-01 17:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\vlc
2014-07-27 16:13 - 2014-07-19 19:44 - 00000000 ____D () C:\Users\David\Desktop\Podcast Portugiesisch
2014-07-25 16:52 - 2014-08-13 10:43 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 10:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 10:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 10:43 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 10:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 10:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 10:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 10:43 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 10:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 10:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 10:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 10:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 10:43 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 10:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 10:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 10:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 10:43 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 10:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 10:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 10:43 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 10:43 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 10:43 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 10:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 10:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 10:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 10:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 10:43 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 10:43 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 10:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 10:43 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 10:43 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 10:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 10:43 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 10:43 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 10:43 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 10:43 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 10:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 10:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 10:43 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 10:43 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 10:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 10:43 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 10:43 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 10:43 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 10:43 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 10:43 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 10:43 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 10:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 10:43 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 10:43 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 22:30 - 2013-11-21 00:44 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-19 10:17 - 2014-07-19 10:17 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-07-19 10:16 - 2014-01-28 21:28 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-07-19 10:16 - 2014-01-28 21:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2014-07-19 10:16 - 2014-01-28 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-19 10:16 - 2014-01-28 21:28 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-19 10:15 - 2014-07-19 10:14 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\David\Downloads\FreeYouTubeToMP3Converter-3.12.42.716.exe
2014-07-16 05:25 - 2014-08-13 10:41 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-16 05:23 - 2014-08-13 10:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-07-16 04:46 - 2014-08-13 10:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-07-16 04:46 - 2014-08-13 10:41 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-16 04:12 - 2014-08-13 10:41 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\84484uninstall.exe
C:\Users\David\AppData\Local\Temp\avgnt.exe
C:\Users\David\AppData\Local\Temp\BackupSetup.exe
C:\Users\David\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\David\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\David\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\David\AppData\Local\Temp\htmlayout.dll
C:\Users\David\AppData\Local\Temp\install7131334.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\David\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\David\AppData\Local\Temp\Sqlite3.dll
C:\Users\David\AppData\Local\Temp\toolbar7129711.exe
C:\Users\David\AppData\Local\Temp\toolbar7131851.exe
C:\Users\David\AppData\Local\Temp\toolbar7132003.exe
C:\Users\David\AppData\Local\Temp\toolbar7132371.exe
C:\Users\David\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-11 12:01

==================== End Of Log ============================
--- --- ---

--- --- ---
__________________
Alt 16.08.2014, 06:48   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.08.2014, 12:53   #5
CapF
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Ja, Yourfile Downloader öffnet sich noch immer beim Start und wenn ich cancel drücke öffnet sich wieder eine Werbeseite in Mozilla. Gestern hatte ich den Eindruck, dass Mozilla nach der Neuinstallation deutlich schneller war, heute nach dem neuen Hochfahren war aber eigentlich alles so wie vorher.

Hast du noch mehr Ideen?


Alt 17.08.2014, 07:15   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Lass das Fenster mal offen, dann FRST öffnen, Haken setzen bei Addition ud scannen, poste bitte beide Logfiles.
__________________
--> Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?

Alt 17.08.2014, 16:48   #7
CapF
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Okay, habe jetzt das YF-Downloader Fenster offen gelassen. Hier der FRST Log mit Haken bei Addition.txt:

1. Log


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by David (administrator) on DAVID-PC on 17-08-2014 17:42:43
Running from C:\Users\David\Downloads
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(hxxp://yourfiledownloader.net) C:\Users\David\AppData\Local\Temp\install7131334.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3319816922-1198177196-631927581-1000\...\Run: [Facebook Update] => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-01] (Facebook Inc.)
HKU\S-1-5-21-3319816922-1198177196-631927581-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-08] (SUPERAntiSpyware)
HKU\S-1-5-21-3319816922-1198177196-631927581-1000\...\MountPoints2: {f61259f4-746a-11e3-b4df-208984c7e943} - F:\iStudio.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x542785B63EE6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6gfoqpdp.default-1408098033934
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\David\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-24] (Avira Operations GmbH & Co. KG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 17:42 - 2014-08-17 17:42 - 00000000 ____D () C:\Users\David\Downloads\FRST-OlderVersion
2014-08-17 17:39 - 2014-08-17 17:39 - 00002166 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-17 17:39 - 2014-08-17 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-17 17:39 - 2014-08-17 17:39 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-17 17:39 - 2014-08-17 17:39 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-17 17:39 - 2014-08-17 17:39 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-08-15 12:16 - 2014-08-15 12:16 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-15 12:16 - 2014-08-15 12:16 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-15 12:16 - 2014-08-15 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 12:16 - 2014-08-15 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-15 12:07 - 2014-08-15 12:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\David\Downloads\revosetup95.exe
2014-08-15 12:07 - 2014-08-15 12:07 - 00001264 _____ () C:\Users\David\Desktop\Revo Uninstaller.lnk
2014-08-15 12:07 - 2014-08-15 12:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-15 11:17 - 2014-08-15 11:18 - 00050862 _____ () C:\Users\David\Downloads\Addition.txt
2014-08-15 11:16 - 2014-08-17 17:43 - 00010344 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-15 11:16 - 2014-08-17 17:42 - 00000000 ____D () C:\FRST
2014-08-15 11:15 - 2014-08-17 17:42 - 02101760 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-08-15 11:13 - 2014-08-15 11:13 - 00002186 _____ () C:\Users\David\Desktop\malwarbytes.txt
2014-08-14 10:12 - 2014-08-14 10:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-14 10:12 - 2014-08-14 10:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-13 10:47 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 10:47 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 10:47 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 10:47 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 10:47 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 10:47 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 10:46 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 10:46 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 10:43 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 10:43 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 10:43 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 10:43 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 10:43 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 10:43 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 10:43 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 10:43 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 10:43 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 10:43 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 10:43 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 10:43 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 10:43 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 10:43 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 10:43 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 10:43 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 10:43 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 10:43 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 10:43 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 10:43 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 10:43 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 10:43 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 10:43 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 10:43 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 10:43 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 10:43 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 10:43 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 10:43 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 10:43 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 10:43 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 10:43 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 10:43 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 10:43 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 10:43 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 10:43 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 10:43 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 10:43 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 10:43 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 10:43 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 10:43 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 10:43 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 10:43 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 10:43 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 10:43 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 10:43 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 10:43 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 10:43 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 10:43 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 10:43 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 10:43 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 10:43 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 10:43 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 10:43 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 10:43 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 10:43 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 10:43 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 10:42 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 10:42 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 10:42 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 10:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 10:42 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 10:42 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 10:41 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 10:41 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 10:41 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 10:41 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 10:41 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 10:41 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 10:41 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 10:41 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 10:41 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 10:41 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 10:41 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 10:40 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 10:40 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 10:40 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 10:40 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 10:40 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 10:40 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 22:45 - 2014-08-12 22:45 - 00000627 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-12 22:39 - 2014-08-12 22:39 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 22:39 - 2014-08-12 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 22:36 - 2014-08-16 21:07 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c.job
2014-08-12 22:36 - 2014-08-13 02:00 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4.job
2014-08-12 22:36 - 2014-08-12 22:36 - 00003584 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4
2014-08-12 22:36 - 2014-08-12 22:36 - 00003510 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c
2014-08-12 22:33 - 2014-08-12 22:33 - 01366203 _____ () C:\Users\David\Downloads\adwcleaner_3.304.exe
2014-08-12 22:15 - 2014-08-15 12:20 - 00000000 ____D () C:\Users\David\Desktop\Alte Firefox-Daten
2014-08-11 13:07 - 2014-08-11 13:07 - 00000000 ____D () C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-08-11 13:06 - 2014-08-17 17:36 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-11 13:06 - 2014-08-11 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-11 13:06 - 2014-08-11 13:06 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-11 13:06 - 2014-08-11 13:06 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-11 13:05 - 2014-08-11 13:05 - 18701616 _____ (SUPERAntiSpyware) C:\Users\David\Downloads\SUPERAntiSpyware.exe
2014-08-10 16:23 - 2014-08-10 16:23 - 00007523 _____ () C:\Users\David\Downloads\hijackthis.log
2014-08-10 16:20 - 2014-08-10 16:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\David\Downloads\HijackThis.exe
2014-08-03 22:45 - 2014-08-15 11:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 22:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 22:42 - 2014-08-03 22:45 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-03 22:42 - 2014-08-03 22:45 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes
2014-08-03 22:42 - 2014-08-03 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 22:42 - 2014-08-03 22:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-03 22:42 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-03 22:41 - 2014-08-03 22:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.75.0.1300.exe
2014-08-03 22:36 - 2014-08-12 22:35 - 00000000 ____D () C:\AdwCleaner
2014-08-03 22:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 22:35 - 2014-08-03 22:35 - 01361309 _____ () C:\Users\David\Downloads\adwcleaner_3.302.exe
2014-08-03 10:48 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 10:48 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 10:48 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 10:48 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 10:47 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 10:47 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 10:47 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 10:47 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 10:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 10:47 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 10:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-03 01:22 - 2014-08-03 12:14 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-08-03 01:22 - 2014-08-03 01:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-03 01:21 - 2014-08-03 01:21 - 00003176 _____ () C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter
2014-07-19 19:44 - 2014-07-27 16:13 - 00000000 ____D () C:\Users\David\Desktop\Podcast Portugiesisch
2014-07-19 10:17 - 2014-07-19 10:17 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-07-19 10:14 - 2014-07-19 10:15 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\David\Downloads\FreeYouTubeToMP3Converter-3.12.42.716.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 17:43 - 2014-08-15 11:16 - 00010344 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-17 17:42 - 2014-08-17 17:42 - 00000000 ____D () C:\Users\David\Downloads\FRST-OlderVersion
2014-08-17 17:42 - 2014-08-15 11:16 - 00000000 ____D () C:\FRST
2014-08-17 17:42 - 2014-08-15 11:15 - 02101760 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-08-17 17:40 - 2013-11-20 21:16 - 01160117 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 17:39 - 2014-08-17 17:39 - 00002166 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-17 17:39 - 2014-08-17 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-17 17:39 - 2014-08-17 17:39 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-17 17:39 - 2014-08-17 17:39 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-17 17:39 - 2014-08-17 17:39 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-08-17 17:39 - 2013-11-21 11:33 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-17 17:39 - 2013-11-21 11:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-17 17:39 - 2013-11-21 11:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-17 17:39 - 2013-11-21 11:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 17:36 - 2014-08-11 13:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-17 17:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 17:35 - 2009-07-14 06:56 - 00058700 _____ () C:\Windows\setupact.log
2014-08-17 16:05 - 2009-07-14 06:50 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 16:05 - 2009-07-14 06:50 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 15:58 - 2009-07-14 06:50 - 00416360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 21:07 - 2014-08-12 22:36 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c.job
2014-08-16 14:35 - 2014-02-01 00:30 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000UA.job
2014-08-15 20:42 - 2010-11-21 05:47 - 00238300 _____ () C:\Windows\PFRO.log
2014-08-15 12:20 - 2014-08-12 22:15 - 00000000 ____D () C:\Users\David\Desktop\Alte Firefox-Daten
2014-08-15 12:16 - 2014-08-15 12:16 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-15 12:16 - 2014-08-15 12:16 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-15 12:16 - 2014-08-15 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 12:16 - 2014-08-15 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-15 12:07 - 2014-08-15 12:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\David\Downloads\revosetup95.exe
2014-08-15 12:07 - 2014-08-15 12:07 - 00001264 _____ () C:\Users\David\Desktop\Revo Uninstaller.lnk
2014-08-15 12:07 - 2014-08-15 12:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-15 11:18 - 2014-08-15 11:17 - 00050862 _____ () C:\Users\David\Downloads\Addition.txt
2014-08-15 11:17 - 2013-12-10 22:32 - 00000000 ____D () C:\Users\David\Documents\Outlook-Dateien
2014-08-15 11:13 - 2014-08-15 11:13 - 00002186 _____ () C:\Users\David\Desktop\malwarbytes.txt
2014-08-15 11:08 - 2014-08-03 22:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 10:39 - 2014-01-25 16:23 - 00283648 ___SH () C:\Users\David\Desktop\Thumbs.db
2014-08-14 10:12 - 2014-08-14 10:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-14 10:12 - 2014-08-14 10:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 10:12 - 2013-11-21 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-14 10:12 - 2013-11-21 00:44 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 10:12 - 2013-11-21 00:44 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-13 12:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 10:55 - 2013-12-10 11:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 10:45 - 2014-05-06 20:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 02:00 - 2014-08-12 22:36 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4.job
2014-08-12 22:45 - 2014-08-12 22:45 - 00000627 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-12 22:39 - 2014-08-12 22:39 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 22:39 - 2014-08-12 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 22:36 - 2014-08-12 22:36 - 00003584 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4
2014-08-12 22:36 - 2014-08-12 22:36 - 00003510 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c
2014-08-12 22:35 - 2014-08-03 22:36 - 00000000 ____D () C:\AdwCleaner
2014-08-12 22:33 - 2014-08-12 22:33 - 01366203 _____ () C:\Users\David\Downloads\adwcleaner_3.304.exe
2014-08-11 23:35 - 2014-02-01 00:30 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000Core.job
2014-08-11 13:07 - 2014-08-11 13:07 - 00000000 ____D () C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2014-08-11 13:07 - 2014-08-11 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-11 13:06 - 2014-08-11 13:06 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-11 13:06 - 2014-08-11 13:06 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-11 13:05 - 2014-08-11 13:05 - 18701616 _____ (SUPERAntiSpyware) C:\Users\David\Downloads\SUPERAntiSpyware.exe
2014-08-10 16:23 - 2014-08-10 16:23 - 00007523 _____ () C:\Users\David\Downloads\hijackthis.log
2014-08-10 16:21 - 2013-11-20 14:39 - 00000000 ____D () C:\Users\David\AppData\Local\VirtualStore
2014-08-10 16:20 - 2014-08-10 16:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\David\Downloads\HijackThis.exe
2014-08-08 20:41 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-07 04:06 - 2014-08-13 10:40 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 10:40 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-03 22:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Web
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-08-03 22:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-03 22:45 - 2014-08-03 22:42 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-03 22:45 - 2014-08-03 22:42 - 00000000 ____D () C:\Users\David\AppData\Roaming\Malwarebytes
2014-08-03 22:45 - 2014-08-03 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 22:45 - 2014-08-03 22:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-03 22:41 - 2014-08-03 22:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-1.75.0.1300.exe
2014-08-03 22:37 - 2013-11-20 14:40 - 00000995 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-03 22:37 - 2013-11-20 14:39 - 00000000 ____D () C:\Users\David
2014-08-03 22:35 - 2014-08-03 22:35 - 01361309 _____ () C:\Users\David\Downloads\adwcleaner_3.302.exe
2014-08-03 12:14 - 2014-08-03 01:22 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-08-03 12:13 - 2009-07-14 04:34 - 00000269 _____ () C:\Windows\win.ini
2014-08-03 01:22 - 2014-08-03 01:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-03 01:22 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-03 01:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-03 01:21 - 2014-08-03 01:21 - 00003176 _____ () C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter
2014-08-01 01:41 - 2014-08-13 10:43 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 10:43 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-27 18:36 - 2014-01-01 17:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\vlc
2014-07-27 16:13 - 2014-07-19 19:44 - 00000000 ____D () C:\Users\David\Desktop\Podcast Portugiesisch
2014-07-25 16:52 - 2014-08-13 10:43 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 10:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 10:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 10:43 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 10:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 10:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 10:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 10:43 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 10:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 10:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 10:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 10:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 10:43 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 10:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 10:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 10:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 10:43 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 10:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 10:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 10:43 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 10:43 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 10:43 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 10:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 10:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 10:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 10:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 10:43 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 10:43 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 10:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 10:43 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 10:43 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 10:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 10:43 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 10:43 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 10:43 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 10:43 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 10:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 10:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 10:43 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 10:43 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 10:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 10:43 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 10:43 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 10:43 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 10:43 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 10:43 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 10:43 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 10:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 10:43 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 10:43 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 22:30 - 2013-11-21 00:44 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-19 10:17 - 2014-07-19 10:17 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-07-19 10:16 - 2014-01-28 21:28 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-07-19 10:16 - 2014-01-28 21:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2014-07-19 10:16 - 2014-01-28 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-19 10:16 - 2014-01-28 21:28 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-19 10:15 - 2014-07-19 10:14 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\David\Downloads\FreeYouTubeToMP3Converter-3.12.42.716.exe

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\84484uninstall.exe
C:\Users\David\AppData\Local\Temp\avgnt.exe
C:\Users\David\AppData\Local\Temp\BackupSetup.exe
C:\Users\David\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\David\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\David\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\David\AppData\Local\Temp\htmlayout.dll
C:\Users\David\AppData\Local\Temp\install7131334.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\David\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\David\AppData\Local\Temp\Sqlite3.dll
C:\Users\David\AppData\Local\Temp\toolbar7129711.exe
C:\Users\David\AppData\Local\Temp\toolbar7131851.exe
C:\Users\David\AppData\Local\Temp\toolbar7132003.exe
C:\Users\David\AppData\Local\Temp\toolbar7132371.exe
C:\Users\David\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-11 12:01

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by David at 2014-08-17 17:43:49
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1128 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-06-2014 20:34:16 Geplanter Prüfpunkt
29-06-2014 13:25:32 TuneUp Utilities 2014 wird entfernt
29-06-2014 13:26:29 TuneUp Utilities 2014 (de-DE) wird entfernt
09-07-2014 18:02:59 Windows Update
19-07-2014 14:58:47 Windows Update
03-08-2014 08:46:38 Windows Update
13-08-2014 08:45:20 Windows Update
15-08-2014 10:10:16 Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 de)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E098173-6F02-4A00-B679-9CDB3C337E60} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000Core => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-01] (Facebook Inc.)
Task: {483B700B-9844-4827-B1F5-569D9E04B987} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-17] (Adobe Systems Incorporated)
Task: {649D9B0B-FF65-4037-A42F-12132EC78B15} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {85BAF5D9-F680-45FA-92AE-37451C9BCD22} - System32\Tasks\YourFile DownloaderInstaller Starter => C:\Users\David\AppData\Local\Temp\install7131334.exe [2014-08-03] (hxxp://yourfiledownloader.net) <==== ATTENTION
Task: {A832E67C-15C0-4565-B893-418CB1AC2015} - System32\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {B3D1F0DE-8B86-4A9C-97C4-C8E3B4A7EF8E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000UA => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-01] (Facebook Inc.)
Task: {E2E1CDD0-9D9A-4AC4-8290-62A5BD34D291} - System32\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000Core.job => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3319816922-1198177196-631927581-1000UA.job => C:\Users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d17f9e01-32f7-4dfd-96f9-2833e2f1697c.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2c8d3a2-c5df-4a26-8584-0607630b9bc4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-02-15 02:53 - 2012-02-15 02:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-14 10:12 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\David\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-15 12:16 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-17 17:39 - 2014-08-17 17:39 - 17048240 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:51E9F892

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2014 05:37:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 03:59:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 03:59:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/17/2014 03:59:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/17/2014 03:58:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/16/2014 08:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2014 06:56:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/16/2014 06:56:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/16/2014 06:56:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2014 06:55:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (08/17/2014 05:36:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (08/17/2014 05:35:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/17/2014 03:59:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/17/2014 03:59:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/17/2014 03:59:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/17/2014 03:58:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/16/2014 08:49:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (08/16/2014 08:48:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/16/2014 06:56:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/16/2014 06:56:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (08/17/2014 05:37:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 03:59:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 03:59:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/17/2014 03:59:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/17/2014 03:58:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/16/2014 08:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2014 06:56:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/16/2014 06:56:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/16/2014 06:56:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2014 06:55:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
   bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   bei System.ComponentModel.Composition.Primitives.Export.get_Value()
   bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 3914.36 MB
Available physical RAM: 2418.76 MB
Total Pagefile: 7826.89 MB
Available Pagefile: 6152.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:149.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9ABFF84B)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=83)
Partition 2: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 18.08.2014, 20:41   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
C:\Program Files (x86)\ver1BlockAndSurf

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.08.2014, 22:29   #9
CapF
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Hier der Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by David at 2014-08-18 23:27:30 Run:1
Running from C:\Users\David\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
C:\Program Files (x86)\ver1BlockAndSurf
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BlockAndSurf => value deleted successfully.
"C:\Program Files (x86)\ver1BlockAndSurf" => File/Directory not found.

==== End of Fixlog ====

Alt 19.08.2014, 20:35   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.08.2014, 20:33   #11
CapF
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Also beim Starten öffnet sich noch immer das Fenster von Yourfile Downloader. Wenn ich dann allerdings auf Cancel drücke, hat sich bei den letzten drei Mal keine Werbung in Mozilla geöffnet, was ja schon mal ein sehr guter Fortschritt ist.

Allerdings öffnet sich halt noch das Fenster am Anfang.

Hmm, habe gerade noch mal hochgefahren und beim Cancel-Drücken kam wieder Werbung in Mozilla

Alt 21.08.2014, 17:15   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Das Fenster kommt aber auch wenn kein FF geöffnet ist oder?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.08.2014, 14:23   #13
CapF
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Ja genau, ich fahre den Rechner hoch, sehe meinen normalen Hintergrund mit den Verknüpfungen und dann eben ein Fenster mit Yourfile Downloader, wo ich entweder "Download Your File" klicken kann, oder "cancel". Hab ein kurzes Bild angefügt.
Miniaturansicht angehängter Grafiken
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?-unbenannt.jpg  

Alt 23.08.2014, 06:02   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {85BAF5D9-F680-45FA-92AE-37451C9BCD22} - System32\Tasks\YourFile DownloaderInstaller Starter => C:\Users\David\AppData\Local\Temp\install7131334.exe [2014-08-03] (hxxp://yourfiledownloader.net) <==== ATTENTION
C:\Users\David\AppData\Local\Temp\install7131334.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.08.2014, 20:54   #15
CapF
 
Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Standard

Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


Hier der Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2014
Ran by David at 2014-08-23 21:47:42 Run:2
Running from C:\Users\David\Desktop\FRST-OlderVersion
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {85BAF5D9-F680-45FA-92AE-37451C9BCD22} - System32\Tasks\YourFile DownloaderInstaller Starter => C:\Users\David\AppData\Local\Temp\install7131334.exe [2014-08-03] (hxxp://yourfiledownloader.net) <==== ATTENTION
C:\Users\David\AppData\Local\Temp\install7131334.exe
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85BAF5D9-F680-45FA-92AE-37451C9BCD22}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85BAF5D9-F680-45FA-92AE-37451C9BCD22}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderInstaller Starter" => Key deleted successfully.
C:\Users\David\AppData\Local\Temp\install7131334.exe => Moved successfully.

==== End of Fixlog ====
Habe den Rechner gerade neu hochgefahren und Yourfiledownloader hat sich nicht mehr geöffnet! Oberflächlich betrachtet also keine Probleme mehr. Ist damit alles wieder in Ordnung?

Antwort
Seite 1 von 2 1 2

Themen zu Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?
4d36e972-e325-11ce-bfc1-08002be10318, antivirus, blockandsurf, device driver, downloader, dvdvideosoft ltd., failed, fehlercode 1, flash player, hijack, iexplore.exe, installation, junkware, langsam, mobogenie, mobogenie entfernen, pup.optional.adanak.a, pup.optional.skytech.a, pup.optional.suptab.a, pup.optional.wpmanager, registry, rundll, security, services.exe, svchost.exe, sweet-page, sweet-page entfernen, teredo, vcredist, windows


« Keylogger sicher weg ? | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert »


Ähnliche Themen: Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?


  1. Yourfile Downloader Befall, wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2014 (23)
  2. Yourfile Downloader - Troyaner - wie entfernt man den Mist?
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (20)
  3. Yourfile Downloader Malware
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (7)
  4. yourfile downloader. Virus oder Adware?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2014 (19)
  5. Probleme mit Yourfile Downloader
    Plagegeister aller Art und deren Bekämpfung - 05.05.2014 (7)
  6. yourfile downloader
    Plagegeister aller Art und deren Bekämpfung - 30.04.2014 (11)
  7. Wie kann ich gqs.donedrive.net von meinem Computer entfernen?
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (1)
  8. Win32.Downloader.gen auf meinem Rechner gefunden...
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (17)
  9. SweetPacks IM , Yourfile Downloader
    Log-Analyse und Auswertung - 11.10.2012 (35)
  10. XP REchner: kann nicht erkennen, ob ich immer noch Trojaner auf meinem Rechner habe
    Plagegeister aller Art und deren Bekämpfung - 13.09.2011 (43)
  11. wie kann ich coolwwwsearch.yexe von meinem rechner entfernen????
    Log-Analyse und Auswertung - 03.08.2010 (1)
  12. trojanisches pferd in meinem forum wie kann ichs entfernen?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2010 (1)
  13. Trojaner auf meinem Rechner: HTML/Crypted.Gen. Kann ihn nicht dauerhaft löschen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2009 (2)
  14. Kann mir jemand helfen? - Ich bekomme schädliche Dateien nicht von meinem Rechner!
    Log-Analyse und Auswertung - 19.08.2008 (15)
  15. Trojan-Downloader.Win32.Agent variant auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 27.10.2007 (1)
  16. ntos.exe trojaner auf meinem rechner, bekomm den aber nicht weg :( was kann ich tun
    Log-Analyse und Auswertung - 15.10.2007 (4)
  17. Wer kann mir helfen - Trojan-Downloader entfernen???
    Log-Analyse und Auswertung - 13.07.2005 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? - Hallo, schon vor über einer Woche habe ich ohne es zu wollen scheinbar Yourfile Downloader installiert. Jetzt öffnet sich jedes Mal beim Hochfahren ein Fenster ob ich Daten runterladen will - Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?...
Archiv
Du betrachtest: Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19