Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/patched.Ren.Gen läßt sich nicht entfernen

TR/patched.Ren.Gen läßt sich nicht entfernen


Log-Analyse und Auswertung: TR/patched.Ren.Gen läßt sich nicht entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.08.2014, 13:22   #1
ighg
 
TR/patched.Ren.Gen läßt sich nicht entfernen - Standard

TR/patched.Ren.Gen läßt sich nicht entfernen


Avira meldet das TR/Patched.Ren.Gen auf den Temp Ordner zugreift. Ich habe nach folgenden "Kochrezept" ein entfernen versucht: hxxp://malwaretips.com/blogs/tr-patched-ren-gen-removal/ Es war erfolglos denn die Meldung von Avira kam heute wieder. Die gewünschte LogFiles sind hier:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-08-2014
Ran by Admin (administrator) on GENNAT-PC on 20-08-2014 12:30:17
Running from C:\Users\Admin\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft) C:\Program Files\SMA\Sunny Explorer\SMA.Multicasting.IGMP.QuerierService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Mister Group) C:\Program Files\System Explorer\SystemExplorer.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Mister Group) C:\Program Files\System Explorer\service\SystemExplorerService.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
() C:\Users\Admin\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SystemExplorerAutoStart] => C:\Program Files\System Explorer\SystemExplorer.exe [3385192 2014-08-13] (Mister Group)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [6699864 2014-06-03] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-343960346-445288625-1702831378-1003\...\Run: [SystemExplorerAutoStart] => C:\Program Files\System Explorer\SystemExplorer.exe [3385192 2014-08-13] (Mister Group)
HKU\S-1-5-21-343960346-445288625-1702831378-1003\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-343960346-445288625-1702831378-1003\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-343960346-445288625-1702831378-1003\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-343960346-445288625-1702831378-1003\...\MountPoints2: {070a73cb-c7cc-11e0-8ec9-6c626d4c20b1} - E:\CD_Start.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Gennat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Gennat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Gennat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPE172339E-680F-40A1-B7C6-299D6FBFFC03&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6q4c3vor.default
FF SearchEngineOrder.1: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6q4c3vor.default\Extensions\abs@avira.com [2014-08-18]
FF Extension: TVU Web Player - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6q4c3vor.default\Extensions\firefox@tvunetworks.com [2011-04-23]
FF Extension: Yahoo Community Smartbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6q4c3vor.default\Extensions\{79c4bdec-b507-4730-b180-fa264dab1806} [2014-07-25]
FF Extension: COMPUTERBILD-Abzockschutz - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6q4c3vor.default\Extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi [2011-08-28]

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-19] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-08-19] (SurfRight B.V.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
S2 SetupARService; C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe [24576 2013-02-13] (Realtek Semiconductor.) [File not signed]
R2 SMA.Multicasting.IGMP.QuerierService.exe; C:\Program Files\SMA\Sunny Explorer\SMA.Multicasting.IGMP.QuerierService.exe [21152 2014-03-18] (Microsoft)
R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R3 SystemExplorerHelpService; C:\Program Files\System Explorer\service\SystemExplorerService.exe [567144 2014-08-13] (Mister Group)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-06-11] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-04-06] (Emsisoft GmbH)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2000-01-01] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2000-01-01] (Advanced Micro Devices)
S3 androidusb; C:\Windows\System32\Drivers\tinnoadb.sys [25728 2010-03-12] (Google Inc)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-02] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-08-19] (Emsisoft GmbH)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2000-01-01] (JMicron Technology Corp.)
R3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-07-18] (CACE Technologies) [File not signed]
R3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490776 2007-10-12] (Logitech Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-20] (Avira GmbH)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-08-20] ()
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 uxddrv; \??\E:\uxddrv86.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 12:30 - 2014-08-20 12:30 - 00022482 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-08-20 12:29 - 2014-08-20 12:30 - 00000000 ____D () C:\FRST
2014-08-20 12:29 - 2014-08-20 12:29 - 01093632 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-08-20 12:27 - 2014-08-20 12:27 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2014-08-20 12:27 - 2014-08-20 12:27 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-08-20 12:26 - 2014-08-20 12:26 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2014-08-20 08:08 - 2014-08-20 08:08 - 00047688 _____ () C:\Users\Gennat\AppData\Local\recently-used.xbel
2014-08-19 14:19 - 2014-08-19 14:19 - 00001447 _____ () C:\Users\Admin\Documents\JRT.txt
2014-08-19 14:18 - 2014-08-19 14:18 - 00001447 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-08-19 14:04 - 2014-08-19 14:04 - 00000000 ____D () C:\Windows\ERUNT
2014-08-19 14:03 - 2014-08-19 14:03 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-08-19 14:01 - 2014-08-19 14:01 - 00001739 _____ () C:\Users\Admin\Documents\AdwCleaner[R5].txt
2014-08-19 13:55 - 2014-08-19 13:55 - 01361671 _____ () C:\Users\Admin\Downloads\adwcleaner_3.307.exe
2014-08-19 13:53 - 2014-08-19 13:53 - 00000972 _____ () C:\Users\Admin\Documents\a2scan_140819-115650.txt
2014-08-19 11:36 - 2014-08-19 11:36 - 00000735 _____ () C:\Users\Admin\Desktop\a2emergencykit.exe.lnk
2014-08-19 11:35 - 2014-08-19 11:37 - 00000000 ____D () C:\EEK
2014-08-19 11:34 - 2014-08-19 11:35 - 182360744 _____ () C:\Users\Admin\Downloads\EmsisoftEmergencyKit.exe
2014-08-19 11:33 - 2014-08-19 11:33 - 00028120 _____ () C:\Users\Admin\Documents\HitmanPro_20140819_1132.log
2014-08-19 11:22 - 2014-08-19 11:22 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-19 11:22 - 2014-08-19 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-19 11:22 - 2014-08-19 11:22 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-19 11:21 - 2014-08-19 11:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 11:20 - 2014-08-19 11:20 - 10279264 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro.exe
2014-08-19 11:20 - 2014-08-19 11:20 - 00001172 _____ () C:\Users\Admin\Documents\Protokoll MB.txt
2014-08-19 10:04 - 2014-08-19 10:04 - 00002442 _____ () C:\Users\Admin\Documents\Rkill.txt
2014-08-19 10:02 - 2014-08-19 10:03 - 00002442 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-08-19 10:01 - 2014-08-19 10:01 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\iExplore.exe
2014-08-19 09:57 - 2014-08-19 09:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\tdsskiller.exe
2014-08-19 08:47 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 08:47 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 08:47 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 08:47 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 08:47 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 08:47 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 08:47 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 08:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 08:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 08:44 - 2014-07-18 14:19 - 00221184 _____ (CACE Technologies) C:\Windows\system32\devolopcap.dll
2014-08-19 08:44 - 2014-07-18 14:19 - 00081920 _____ (CACE Technologies) C:\Windows\system32\devolopacket.dll
2014-08-19 08:44 - 2014-07-18 14:19 - 00035840 _____ (CACE Technologies) C:\Windows\system32\Drivers\npf_devolo.sys
2014-08-18 16:17 - 2014-08-20 06:40 - 00000392 _____ () C:\Windows\setupact.log
2014-08-18 16:17 - 2014-08-19 14:09 - 00000624 _____ () C:\Windows\PFRO.log
2014-08-18 16:17 - 2014-08-18 16:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-17 15:04 - 2014-08-17 15:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VSRevoGroup
2014-08-17 14:52 - 2014-08-17 14:52 - 00023032 _____ () C:\Users\Admin\Documents\viren.txt
2014-08-14 23:01 - 2014-08-14 23:01 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2014-08-14 18:03 - 2014-08-20 12:17 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 18:03 - 2014-08-14 18:03 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 18:03 - 2014-08-14 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-14 18:03 - 2014-08-14 18:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-14 18:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 18:03 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 18:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 18:02 - 2014-08-14 18:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-14 17:53 - 2014-08-14 17:53 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-08-14 17:44 - 2014-08-14 17:44 - 00001226 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-08-14 17:44 - 2014-08-14 17:44 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-14 14:21 - 2014-08-14 14:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup95.exe
2014-08-14 12:43 - 2014-08-14 12:43 - 00000005 _____ () C:\Windows\system32\lMMLDeleteUserData42107612FX.tmp
2014-08-14 12:38 - 2014-08-14 12:38 - 02096400 _____ (Mister Group ) C:\Users\Admin\Downloads\SystemExplorerSetup_592.exe
2014-08-14 12:32 - 2014-08-14 12:37 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-13 18:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 18:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 18:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 18:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 15:51 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 15:51 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 15:51 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 15:51 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 15:51 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 15:51 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 15:51 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 15:51 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 15:51 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 15:51 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 15:51 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 15:51 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 15:51 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 15:51 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 15:51 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 15:51 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 15:51 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 15:51 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 15:51 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 15:51 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 15:51 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 15:51 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 15:51 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 15:51 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 15:51 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 15:51 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 15:51 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 15:51 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 15:51 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 15:51 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 15:51 - 2014-07-16 04:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 15:51 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 15:51 - 2014-07-16 03:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 15:51 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 15:51 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 15:51 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 15:51 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 15:51 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 15:51 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 15:51 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 15:51 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 15:50 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 15:50 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 15:50 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 15:50 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 15:50 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 15:50 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 15:50 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 15:50 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 15:50 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\Users\Gennat\AppData\Roaming\TeamViewer
2014-08-09 12:41 - 2014-08-09 12:41 - 00001270 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-08-09 11:50 - 2014-08-09 11:50 - 00000000 ____D () C:\Users\Gennat\Documents\Finanzamt
2014-08-06 17:36 - 2014-08-06 17:37 - 00481289 ____H () C:\Users\Gennat\Downloads\Cache.mxc3
2014-08-01 22:25 - 2014-08-01 22:25 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-08-01 20:10 - 2014-08-01 20:10 - 01629075 _____ () C:\Users\Gennat\Downloads\StreamTorrent10Build0078(1).exe
2014-08-01 11:49 - 2014-08-01 11:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2014-08-01 11:49 - 2014-08-01 11:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2014-08-01 11:48 - 2014-08-14 12:41 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-08-01 11:48 - 2014-08-01 11:48 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Leadertech
2014-08-01 11:45 - 2014-08-14 12:41 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-08-01 11:45 - 2014-08-01 11:45 - 00002709 _____ () C:\Windows\system32\lvcoinst.log
2014-07-27 17:21 - 2014-07-27 17:22 - 00000000 ____D () C:\Users\Gennat\Ingo
2014-07-27 11:58 - 2014-07-27 12:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2014-07-27 11:41 - 2014-07-27 11:41 - 00008787 _____ () C:\Users\Admin\Desktop\team.odt
2014-07-27 11:25 - 2014-08-09 12:41 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-27 11:25 - 2014-08-09 12:41 - 00001052 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-27 11:25 - 2014-07-27 11:25 - 00000000 ____D () C:\Program Files\TeamViewer
2014-07-27 11:25 - 2013-10-17 17:32 - 00025088 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2014-07-27 11:23 - 2014-07-27 11:23 - 06263496 _____ (TeamViewer GmbH) C:\Users\Gennat\Downloads\TeamViewer_Setup_de_9.0.29947.exe
2014-07-25 16:33 - 2014-07-25 16:33 - 00003544 ____N () C:\bootsqm.dat
2014-07-25 11:43 - 2014-08-14 22:54 - 00001041 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-25 11:43 - 2014-08-14 22:54 - 00001011 _____ () C:\Users\Admin\Desktop\Search.lnk
2014-07-25 11:42 - 2014-07-25 11:42 - 00001930 _____ () C:\Users\Admin\Desktop\CrystalDiskInfo.lnk
2014-07-25 11:42 - 2014-07-25 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2014-07-25 11:42 - 2014-07-25 11:42 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2014-07-25 11:41 - 2014-07-25 11:41 - 02774120 _____ (Crystal Dew World ) C:\Users\Admin\Downloads\CrystalDiskInfo6_1_14-en.exe
2014-07-23 21:32 - 2014-07-23 21:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\OpenOffice
2014-07-23 15:33 - 2014-07-23 15:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 12:30 - 2014-08-20 12:30 - 00022482 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-08-20 12:30 - 2014-08-20 12:29 - 00000000 ____D () C:\FRST
2014-08-20 12:29 - 2014-08-20 12:29 - 01093632 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-08-20 12:27 - 2014-08-20 12:27 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2014-08-20 12:27 - 2014-08-20 12:27 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-08-20 12:27 - 2010-08-06 19:52 - 00000000 ____D () C:\Users\Admin
2014-08-20 12:26 - 2014-08-20 12:26 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2014-08-20 12:23 - 2012-04-07 09:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 12:18 - 2012-09-18 17:49 - 00000000 ____D () C:\Users\Admin\Tracing
2014-08-20 12:18 - 2012-07-08 13:40 - 00000386 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-08-20 12:17 - 2014-08-14 18:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 12:17 - 2012-07-08 13:40 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-08-20 12:17 - 2010-07-22 22:34 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-20 11:56 - 2010-07-22 22:34 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-20 09:24 - 2014-07-01 20:36 - 00000000 ____D () C:\Users\Gennat\.gimp-2.8
2014-08-20 09:14 - 2010-01-26 16:21 - 01644734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-20 09:04 - 2010-07-22 22:04 - 00000000 ____D () C:\Users\Gennat\AppData\Local\Paint.NET
2014-08-20 08:08 - 2014-08-20 08:08 - 00047688 _____ () C:\Users\Gennat\AppData\Local\recently-used.xbel
2014-08-20 08:08 - 2014-07-01 21:32 - 00000000 ____D () C:\Users\Gennat\AppData\Local\gtk-2.0
2014-08-20 06:50 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 06:50 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 06:45 - 2010-07-22 16:37 - 01803549 _____ () C:\Windows\WindowsUpdate.log
2014-08-20 06:42 - 2014-06-13 13:45 - 00002309 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-08-20 06:40 - 2014-08-18 16:17 - 00000392 _____ () C:\Windows\setupact.log
2014-08-20 06:40 - 2013-01-20 09:49 - 00432400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-20 06:40 - 2011-03-12 12:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-08-20 06:40 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 20:02 - 2011-10-16 14:49 - 00000000 __SHD () C:\Users\Admin\AppData\Roaming\.#
2014-08-19 19:56 - 2011-10-16 14:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ALDI_SUED_Mah_Jong
2014-08-19 14:19 - 2014-08-19 14:19 - 00001447 _____ () C:\Users\Admin\Documents\JRT.txt
2014-08-19 14:18 - 2014-08-19 14:18 - 00001447 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-08-19 14:09 - 2014-08-18 16:17 - 00000624 _____ () C:\Windows\PFRO.log
2014-08-19 14:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-19 14:04 - 2014-08-19 14:04 - 00000000 ____D () C:\Windows\ERUNT
2014-08-19 14:03 - 2014-08-19 14:03 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-08-19 14:02 - 2013-11-01 14:30 - 00000000 ____D () C:\AdwCleaner
2014-08-19 14:01 - 2014-08-19 14:01 - 00001739 _____ () C:\Users\Admin\Documents\AdwCleaner[R5].txt
2014-08-19 13:55 - 2014-08-19 13:55 - 01361671 _____ () C:\Users\Admin\Downloads\adwcleaner_3.307.exe
2014-08-19 13:53 - 2014-08-19 13:53 - 00000972 _____ () C:\Users\Admin\Documents\a2scan_140819-115650.txt
2014-08-19 11:37 - 2014-08-19 11:35 - 00000000 ____D () C:\EEK
2014-08-19 11:36 - 2014-08-19 11:36 - 00000735 _____ () C:\Users\Admin\Desktop\a2emergencykit.exe.lnk
2014-08-19 11:35 - 2014-08-19 11:34 - 182360744 _____ () C:\Users\Admin\Downloads\EmsisoftEmergencyKit.exe
2014-08-19 11:33 - 2014-08-19 11:33 - 00028120 _____ () C:\Users\Admin\Documents\HitmanPro_20140819_1132.log
2014-08-19 11:22 - 2014-08-19 11:22 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-19 11:22 - 2014-08-19 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-19 11:22 - 2014-08-19 11:22 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-19 11:22 - 2014-08-19 11:21 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 11:20 - 2014-08-19 11:20 - 10279264 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro.exe
2014-08-19 11:20 - 2014-08-19 11:20 - 00001172 _____ () C:\Users\Admin\Documents\Protokoll MB.txt
2014-08-19 10:04 - 2014-08-19 10:04 - 00002442 _____ () C:\Users\Admin\Documents\Rkill.txt
2014-08-19 10:03 - 2014-08-19 10:02 - 00002442 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-08-19 10:01 - 2014-08-19 10:01 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\iExplore.exe
2014-08-19 09:57 - 2014-08-19 09:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\tdsskiller.exe
2014-08-19 08:45 - 2014-04-26 15:15 - 00000000 ____D () C:\Program Files\devolo
2014-08-18 16:17 - 2014-08-18 16:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 11:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-17 15:19 - 2014-07-03 16:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\gnupg
2014-08-17 15:04 - 2014-08-17 15:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VSRevoGroup
2014-08-17 14:52 - 2014-08-17 14:52 - 00023032 _____ () C:\Users\Admin\Documents\viren.txt
2014-08-14 23:01 - 2014-08-14 23:01 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2014-08-14 22:54 - 2014-07-25 11:43 - 00001041 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-14 22:54 - 2014-07-25 11:43 - 00001011 _____ () C:\Users\Admin\Desktop\Search.lnk
2014-08-14 22:07 - 2013-06-11 11:59 - 00000000 ____D () C:\TEMP
2014-08-14 20:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 19:56 - 2011-01-09 15:23 - 00000000 ____D () C:\Program Files\Motorola
2014-08-14 18:03 - 2014-08-14 18:03 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 18:03 - 2014-08-14 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-14 18:03 - 2014-08-14 18:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-14 18:03 - 2014-03-24 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 18:02 - 2014-08-14 18:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-14 17:53 - 2014-08-14 17:53 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-08-14 17:44 - 2014-08-14 17:44 - 00001226 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk
2014-08-14 17:44 - 2014-08-14 17:44 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-14 14:21 - 2014-08-14 14:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup95.exe
2014-08-14 12:43 - 2014-08-14 12:43 - 00000005 _____ () C:\Windows\system32\lMMLDeleteUserData42107612FX.tmp
2014-08-14 12:43 - 2011-01-09 15:24 - 00000000 ____D () C:\Users\Admin\AppData\Local\Motorola
2014-08-14 12:43 - 2011-01-09 15:24 - 00000000 ____D () C:\ProgramData\Nero
2014-08-14 12:41 - 2014-08-01 11:48 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-08-14 12:41 - 2014-08-01 11:45 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-08-14 12:38 - 2014-08-14 12:38 - 02096400 _____ (Mister Group ) C:\Users\Admin\Downloads\SystemExplorerSetup_592.exe
2014-08-14 12:38 - 2013-12-24 12:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 12:38 - 2012-09-18 17:33 - 00001048 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2014-08-14 12:38 - 2012-09-18 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2014-08-14 12:38 - 2012-09-18 17:33 - 00000000 ____D () C:\Program Files\System Explorer
2014-08-14 12:37 - 2014-08-14 12:32 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-14 12:37 - 2013-05-20 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-14 12:37 - 2013-05-20 08:28 - 00000000 ____D () C:\Program Files\Avira
2014-08-14 12:31 - 2013-05-20 08:28 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 10:00 - 2010-10-14 23:12 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 22:21 - 2012-04-07 09:39 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-13 22:21 - 2011-05-19 19:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-13 22:20 - 2011-04-22 10:29 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-08-13 22:02 - 2014-05-06 22:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 18:12 - 2013-07-15 22:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 18:04 - 2010-01-26 16:42 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\Users\Gennat\AppData\Roaming\TeamViewer
2014-08-09 12:41 - 2014-08-09 12:41 - 00001270 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-08-09 12:41 - 2014-07-27 11:25 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-09 12:41 - 2014-07-27 11:25 - 00001052 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-09 11:50 - 2014-08-09 11:50 - 00000000 ____D () C:\Users\Gennat\Documents\Finanzamt
2014-08-08 20:18 - 2013-03-15 21:16 - 00000000 ____D () C:\TorrentStream
2014-08-08 20:17 - 2013-03-15 21:16 - 00000000 ____D () C:\Users\Gennat\AppData\Roaming\.Torrent Stream
2014-08-08 13:31 - 2010-07-22 22:42 - 00000000 ____D () C:\Users\Gennat\Documents\DVDVideoSoft
2014-08-08 13:30 - 2010-12-19 11:05 - 00000000 ____D () C:\Users\Gennat\AppData\Roaming\DVDVideoSoft
2014-08-07 03:43 - 2014-08-13 15:50 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-13 15:50 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 17:37 - 2014-08-06 17:36 - 00481289 ____H () C:\Users\Gennat\Downloads\Cache.mxc3
2014-08-06 17:37 - 2013-01-04 19:46 - 00000000 ____D () C:\Users\Gennat\Downloads\Treiber_CynusT1_T2
2014-08-06 17:37 - 2013-01-04 16:48 - 00000000 ____D () C:\Users\Gennat\Downloads\win32diskimager-binary
2014-08-06 17:36 - 2014-04-08 20:47 - 00000000 ____D () C:\Users\Gennat\Downloads\LuPO - Abiturjahrgang 2017
2014-08-06 17:36 - 2013-02-13 18:25 - 00000000 ____D () C:\Users\Gennat\Downloads\proxmate_unblock_the_internet-2.1.7-fx(1)
2014-08-06 17:36 - 2013-01-04 19:59 - 00000000 ____D () C:\Users\Gennat\Downloads\CynusT1SW(Ver.0.13)
2014-08-06 17:36 - 2013-01-04 19:19 - 00000000 ____D () C:\Users\Gennat\Downloads\Root_with_Restore_by_Bin4ry_v18
2014-08-06 12:38 - 2014-07-03 16:52 - 00000000 ____D () C:\Users\Gennat\AppData\Roaming\gnupg
2014-08-06 09:36 - 2010-11-01 20:11 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-08-05 09:20 - 2010-01-26 16:37 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-01 22:25 - 2014-08-01 22:25 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-08-01 20:11 - 2013-02-21 20:26 - 00001079 _____ () C:\Users\Admin\Desktop\StreamTorrent 1.0.lnk
2014-08-01 20:10 - 2014-08-01 20:10 - 01629075 _____ () C:\Users\Gennat\Downloads\StreamTorrent10Build0078(1).exe
2014-08-01 17:44 - 2010-12-25 16:37 - 00131072 ____H () C:\Users\Gennat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-01 11:49 - 2014-08-01 11:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2014-08-01 11:49 - 2014-08-01 11:49 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2014-08-01 11:48 - 2014-08-01 11:48 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Leadertech
2014-08-01 11:45 - 2014-08-01 11:45 - 00002709 _____ () C:\Windows\system32\lvcoinst.log
2014-08-01 11:45 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2014-08-01 01:16 - 2014-08-13 15:51 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 07:58 - 2012-03-03 15:57 - 00000956 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-28 18:56 - 2010-07-22 16:38 - 00000000 ___HD () C:\Users\Gennat
2014-07-27 17:22 - 2014-07-27 17:21 - 00000000 ____D () C:\Users\Gennat\Ingo
2014-07-27 12:01 - 2014-07-27 11:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2014-07-27 11:41 - 2014-07-27 11:41 - 00008787 _____ () C:\Users\Admin\Desktop\team.odt
2014-07-27 11:33 - 2013-02-17 13:26 - 00117152 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-27 11:25 - 2014-07-27 11:25 - 00000000 ____D () C:\Program Files\TeamViewer
2014-07-27 11:23 - 2014-07-27 11:23 - 06263496 _____ (TeamViewer GmbH) C:\Users\Gennat\Downloads\TeamViewer_Setup_de_9.0.29947.exe
2014-07-25 16:33 - 2014-07-25 16:33 - 00003544 ____N () C:\bootsqm.dat
2014-07-25 15:51 - 2014-08-13 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 15:04 - 2014-08-13 15:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 15:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 14:34 - 2014-08-13 15:51 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 14:34 - 2014-08-13 15:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 14:33 - 2014-08-13 15:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 15:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 14:21 - 2014-08-13 15:51 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 14:18 - 2014-08-13 15:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 15:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 14:12 - 2014-08-13 15:51 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 14:10 - 2014-08-13 15:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 14:10 - 2014-08-13 15:51 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:08 - 2014-08-13 15:51 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 15:51 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 13:59 - 2014-08-13 15:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 13:52 - 2014-08-13 15:51 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 13:43 - 2014-08-13 15:51 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 13:36 - 2014-08-13 15:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 13:34 - 2014-08-13 15:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 15:51 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 13:13 - 2014-08-13 15:51 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:09 - 2014-08-13 15:51 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:07 - 2014-08-13 15:51 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 15:51 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 15:51 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 12:09 - 2014-08-13 15:51 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 15:51 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:00 - 2014-08-13 15:51 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 11:42 - 2014-07-25 11:42 - 00001930 _____ () C:\Users\Admin\Desktop\CrystalDiskInfo.lnk
2014-07-25 11:42 - 2014-07-25 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2014-07-25 11:42 - 2014-07-25 11:42 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2014-07-25 11:41 - 2014-07-25 11:41 - 02774120 _____ (Crystal Dew World ) C:\Users\Admin\Downloads\CrystalDiskInfo6_1_14-en.exe
2014-07-24 20:22 - 2014-05-25 15:27 - 00000000 ____D () C:\Users\Gennat\AppData\Roaming\Media Player Classic
2014-07-24 16:29 - 2013-05-20 08:30 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-23 21:32 - 2014-07-23 21:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\OpenOffice
2014-07-23 20:29 - 2010-04-29 14:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 20:28 - 2010-04-29 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 20:19 - 2012-06-03 14:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-23 15:33 - 2014-07-23 15:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Gennat\AppData\Local\Temp\avgnt.exe
C:\Users\Gennat\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Ingo\AppData\Local\Temp\avgnt.exe
C:\Users\Ingo\AppData\Local\Temp\DivXSetup.exe
C:\Users\Ingo\AppData\Local\Temp\WmpPluginSetup_2.1.0.6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 11:22

==================== End Of Log ============================
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-08-2014
Ran by Admin at 2014-08-20 12:31:18
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - )
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\{15AE611F-5A40-4BD0-9291-1C6856BDB9A4}) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\{16E20D9D-E7E2-4951-A944-6FFC40870AD4}) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
ALDI Süd Foto Manager Free (HKLM\...\ALDI Süd Foto Manager Free D) (Version: 6.0.1.491 - MAGIX AG)
ALDI Süd Foto Service (HKLM\...\ALDI Süd Foto Service D) (Version: 4.5.9.140 - MAGIX AG)
Aldi Süd Fotoservice (HKLM\...\Aldi Süd Fotoservice_is1) (Version:  - )
ALDI SÜD Mah Jong (HKLM\...\ALDI SÜD Mah Jong) (Version:  - )
ALDI Süd Online Druck Service (HKLM\...\ALDI Süd Online Druck Service D) (Version: 4.5.1.0 - MAGIX AG)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{7C368470-3D19-24D9-4A81-697C1DEB4710}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!fax für FRITZ!Box (HKLM\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVNavigator (HKCU\...\AVNavigator) (Version: VSX-921 - PIONEER CORPORATION)
Bing Bar (HKLM\...\{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}) (Version: 7.0.791.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
COMPUTERBILD-Abzockschutz (HKLM\...\{8AADC86C-5018-4762-A309-3031F68D1008}) (Version: 1.0.32 - J3S)
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Extra Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CrystalDiskInfo 6.1.14 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.14 - Crystal Dew World)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2515 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
devolo Cockpit (HKLM\...\dlancockpit) (Version: 4.2.3.0 - devolo AG)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Double Vibration steering wheel (HKLM\...\Double Vibration steering wheel) (Version:  - )
Double Vibration steering wheel (HKLM\...\InstallShield_{6A3E5F76-7DD4-4F59-9CD6-B0159622B353}) (Version: 1.00.0000 - Technology Innovation)
Double Vibration steering wheel (Version: 1.00.0000 - Technology Innovation) Hidden
Driving Speed 2.0 (HKLM\...\Driving Speed 2_is1) (Version:  - WheelSpin Studios)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 6.0 - Emsi Software GmbH)
FastStone Photo Resizer 3.0 (HKLM\...\FastStone Photo Resizer) (Version: 3.0 - FastStone Soft.)
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version:  - )
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
FMS (HKLM\...\FMS) (Version:  - )
Freddy:Deutsch3/Deutsch4 (HKLM\...\freddyDeutsch34) (Version:  - )
Free Audio CD Burner version 1.4 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free FLV Converter V 7.6.1 (HKLM\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.2.14.319 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 4.3.815 (HKLM\...\Free Video to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube Download version 3.2.3.610 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.3.610 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.8.717 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.8.717 - DVDVideoSoft Ltd.)
Free Zip 9.20 (HKLM\...\7-Zip) (Version:  - Somoto Ltd) <==== ATTENTION
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Haack Weltatlas CD-ROM 1.3 (HKLM\...\Haack Weltatlas CD-ROM_is1) (Version: 1.3 - Ernst Klett Verlag GmbH)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
IZArc 4.1.7 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.7 - Ivan Zahariev)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Last.fm Scrobbler 2.1.35 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mathe mit Maya 3 (HKLM\...\Mathe mit Maya 3) (Version:  - )
Media Go (HKLM\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.105.02020 (HKLM\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.105.02020 - Sony)
MEDION Fotos auf CD & DVD SE Sued (HKLM\...\MEDION Fotos auf CD & DVD SE Sued D) (Version: 8.0.3.4 - MAGIX AG)
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\MPEG4E) (Version:  - )
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia Ovi Player (HKLM\...\{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}) (Version: 2.1.10304 - Nokia Ovi Player)
Nokia Photos (HKLM\...\{0EABFEF6-6D10-4C12-8667-3029C481D355}) (Version: 1.6.434 - Nokia)
Nokia Software Updater (HKLM\...\{4D568C38-0552-4CDD-A643-01FAFA2957EF}) (Version: 02.06.006.44298 - Nokia Corporation)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.5.34.0 - Nokia)
Nokia Suite (Version: 3.5.34.0 - Nokia) Hidden
Nokia_Multimedia_Common_Components_2_5 (HKLM\...\{70B31335-50EE-4834-8431-27412CDE62BD}) (Version: 2.6.86 - Nokia)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PC Connectivity Solution (HKLM\...\{7390478C-8581-415E-92E9-2997D9306B81}) (Version: 12.0.32.0 - Nokia)
phase-6 2.1.2.2a (HKLM\...\phase-6) (Version: 2.1.2.2a - phase-6)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation(R)Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0182 - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rossmann Fotowelt Software 4.9 (HKLM\...\Rossmann Fotowelt Software) (Version: 4.9 - ORWO Net)
Secunia PSI (3.0.0.6001) (HKLM\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
simfy (HKLM\...\Simfy) (Version: 1.4.0 - simfy GmbH)
simfy (Version: 1.4.0 - simfy GmbH) Hidden
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.2.201401231410 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version:  - )
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Sunny Explorer (HKLM\...\{74BA5B29-15A6-4640-8FD9-535DA42ECDD7}) (Version: 1.7.11 - SMA Solar Technology AG)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Explorer 5.9.2 (HKLM\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
The Lord of the Rings FREE Trial  (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Tinno S9050 Drivers(x86) (HKLM\...\{36970DF8-EA47-4DB3-A280-4B895CE38583}) (Version: 2.00 - Tinno)
TOPP Vorlagen-Druckstudio (3695) (HKLM\...\{DA2E5E6E-80A4-460D-9CBF-553DA8EB449E}_is1) (Version:  - frechverlag GmbH)
TVUPlayer 2.5.3.1 (HKLM\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks)
Ulead Video ToolBox Basic (HKLM\...\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}) (Version: 2.0 - Ulead System)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
UpdateYeti (HKLM\...\UpdateYeti_is1) (Version: 2.0 - Abelssoft GmbH)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VidCoder 1.2.2 (x86) (HKLM\...\VidCoder_is1) (Version: 1.2.2 - RandomEngy)
VIRTUAL RC RACING DEMO (HKLM\...\{E2A8DAD8-830C-49D7-8C10-A633D4708803}) (Version: 3.2.0.0 - Virtual Racing Industries)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Volvo - The Game (HKLM\...\Volvo - The Game_is1) (Version:  - SimBin)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Service-Center 2013 (HKLM\...\{7B324AC3-57C3-4701-B023-F54D78546BFA}_is1) (Version:  - IDG Tech Media GmbH)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Yahoo Community Smartbar Engine (HKCU\...\{5a3cfccc-a8e9-412f-af13-ded336ce71a5}) (Version: 11.63.66.17714 - Linkury Inc.) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-343960346-445288625-1702831378-1003_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343960346-445288625-1702831378-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343960346-445288625-1702831378-1003_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343960346-445288625-1702831378-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343960346-445288625-1702831378-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-343960346-445288625-1702831378-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E667C71-5D75-4D05-9DD6-639C7B708E2A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {1FB4C625-409D-412F-A217-342678703ACC} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {2F6D6097-E8F1-432C-8B41-E20C42FC4C1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-22] (Google Inc.)
Task: {75C5D58F-9579-4BE0-8C80-0FC298426156} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-13] (Adobe Systems Incorporated)
Task: {79AC27B2-ECE2-4FB7-B742-87CC22F75D1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-22] (Google Inc.)
Task: {89F75749-2D43-4353-A08A-32C519B9B480} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B42497FE-2C33-4B45-9C98-EAD19CD03F0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {FED2EB48-3AED-4D27-A7D2-2DCB97F1E649} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2014-06-28 11:24 - 2014-06-28 11:24 - 00703800 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2014-07-27 11:26 - 2013-10-17 17:32 - 00019448 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2014-06-03 16:12 - 2014-06-03 16:12 - 00655352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
2014-06-03 16:22 - 2014-06-03 16:22 - 00087928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_thread-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00022392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_system-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_chrono-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00048512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_date_time-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00107904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_filesystem-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 08386920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareServiceKernel.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SQLite.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 02421064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\RCF.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00638328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_regex-vc100-mt-1_55.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00478056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareActivation.dll
2014-06-03 16:23 - 2014-06-03 16:23 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\pugixml.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00300920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareApplicationUpdater.dll
2014-06-03 16:23 - 2014-06-03 16:23 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\libssh2.dll
2014-06-03 16:23 - 2014-06-03 16:23 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\zlib.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00119656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareGamingMode.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00087384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareReset.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00105304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTime.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00248184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdater.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00170376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00342376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIgnoreList.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00205160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareQuarantine.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00277872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiMalwareEngine.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiRootkitEngine.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00367472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerHistory.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00503648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScanner.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00030584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_timer-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00270192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerScheduler.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00372600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareRealTimeProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00190824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIncompatibles.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00179552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiSpam.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00143720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiPhishing.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00633712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareParentalControl.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 01873768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareWebProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00344944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareEmailProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00513392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareNetworkProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00298840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwarePromo.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00248160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareFeedback.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00313720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareThreatWorkAlliance.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SecurityCenter.dll
2014-02-10 20:01 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2009-11-02 14:20 - 2009-11-02 14:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 14:23 - 2009-11-02 14:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2014-08-14 12:32 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Admin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 06699864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
2014-06-03 16:22 - 2014-06-03 16:22 - 00405880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_locale-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00310624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\HtmlFramework.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00056664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\DllStorage.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00804208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTrayDefaultSkin.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00118104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\Localization.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-02-10 20:01 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 15:54 - 2011-07-07 15:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2014-02-10 20:01 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2014-03-06 16:42 - 2014-03-06 16:42 - 00528384 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2012-12-19 16:31 - 2012-12-19 16:31 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-10 20:01 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2012-07-08 13:44 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
2012-07-08 13:44 - 2011-08-03 17:08 - 00739840 _____ () C:\Program Files\Realtek\11n USB Wireless LAN Utility\P2PLib.dll
2014-07-23 15:33 - 2014-07-23 15:33 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-13 22:21 - 2014-08-13 22:21 - 17048240 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll
2014-08-20 12:26 - 2014-08-20 12:26 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Gennat\Documents\Gehaltsmitteilung1.tiff:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gennat\Documents\Gehaltsmitteilung1.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Gennat\Documents\Gehaltsmitteilung2.tiff:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Gennat\Documents\Gehaltsmitteilung2.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaMusic FastStart => "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader => C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe
MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor => "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2014 06:40:58 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/19/2014 08:04:33 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/19/2014 07:07:28 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/19/2014 04:20:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (08/19/2014 02:24:37 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/19/2014 02:24:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SystemExplorer.exe, Version: 5.9.2.5250, Zeitstempel: 0x53eb6183
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x9a0
Startzeit der fehlerhaften Anwendung: 0xSystemExplorer.exe0
Pfad der fehlerhaften Anwendung: SystemExplorer.exe1
Pfad des fehlerhaften Moduls: SystemExplorer.exe2
Berichtskennung: SystemExplorer.exe3


System errors:
=============
Error: (08/20/2014 00:17:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (08/20/2014 06:48:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst System Explorer Service erreicht.

Error: (08/20/2014 06:43:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (08/20/2014 06:43:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/20/2014 06:43:05 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde nicht richtig gestartet.

Error: (08/20/2014 06:41:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (08/20/2014 06:40:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/19/2014 08:19:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Realtek11nSU erreicht.

Error: (08/19/2014 08:06:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
SBRE

Error: (08/19/2014 08:06:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (08/20/2014 06:40:58 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/19/2014 08:04:33 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/19/2014 07:07:28 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/19/2014 04:20:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (08/19/2014 02:24:37 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei SetupAfterRebootService.SetupARService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/19/2014 02:24:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SystemExplorer.exe5.9.2.525053eb6183KERNELBASE.dll6.1.7601.18409531599f60eedfade0000812f9a001cfbba8776d79c2C:\Program Files\System Explorer\SystemExplorer.exeC:\Windows\system32\KERNELBASE.dllc0fec320-279b-11e4-b727-6c626d4c20b1


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 620 Processor
Percentage of memory in use: 59%
Total physical RAM: 3326.3 MB
Available physical RAM: 1332.29 MB
Total Pagefile: 6650.9 MB
Available Pagefile: 4023.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.56 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:755.78 GB) NTFS
Drive d: (Recover) (Fixed) (Total:20 GB) (Free:8.03 GB) NTFS
Drive e: (PHILIPS UFD) (Removable) (Total:3.61 GB) (Free:2.86 GB) FAT32
Drive f: (Intenso-Festplatte) (Fixed) (Total:3726.01 GB) (Free:3235.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 6.

==================== End Of Log ============================
Code:
ATTFilter
Exportierte Ereignisse:

19.08.2014 10:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Windows\Temp\e9aeb8c9-2a40-4065-b38f-1f68f171f601\tmp00000248\tmp0000828b'
      wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x86
Ran by Admin on 19.08.2014 at 14:14:27,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-343960346-445288625-1702831378-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-343960346-445288625-1702831378-1003\Software\web assistant



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\6q4c3vor.default\minidumps [28 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.08.2014 at 14:18:58,07
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter
Rkill 2.6.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/19/2014 10:02:17 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: hxxp://www.bleepingcomputer.com/download/hosts-permbat/

Program finished at: 08/19/2014 10:03:06 AM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:53 on 20/08/2014 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
ATTFilter
# AdwCleaner v3.307 - Bericht erstellt am 19/08/2014 um 13:56:15
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Admin - GENNAT-PC
# Gestartet von : C:\Users\Admin\Downloads\adwcleaner_3.307.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6q4c3vor.default\prefs.js ]


[ Datei : C:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\4rc45oyg.default\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [26970 octets] - [01/11/2013 14:30:05]
AdwCleaner[R1].txt - [18419 octets] - [24/03/2014 19:52:57]
AdwCleaner[R2].txt - [5103 octets] - [13/06/2014 14:17:38]
AdwCleaner[R3].txt - [5227 octets] - [14/08/2014 22:52:46]
AdwCleaner[R4].txt - [1617 octets] - [18/08/2014 15:27:25]
AdwCleaner[R5].txt - [1297 octets] - [19/08/2014 13:56:15]
AdwCleaner[S0].txt - [26548 octets] - [01/11/2013 14:31:29]
AdwCleaner[S1].txt - [18329 octets] - [24/03/2014 19:55:13]
AdwCleaner[S2].txt - [4994 octets] - [13/06/2014 14:19:54]
AdwCleaner[S3].txt - [4715 octets] - [14/08/2014 22:54:23]
AdwCleaner[S4].txt - [1678 octets] - [18/08/2014 16:16:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1659 octets] ##########


Danke für die Hilfe

Alt 20.08.2014, 14:14   #2
schrauber
/// the machine
/// TB-Ausbilder
 
TR/patched.Ren.Gen läßt sich nicht entfernen - Standard

TR/patched.Ren.Gen läßt sich nicht entfernen


hi,

lass die Tempfiles mal bei www.virustotal.com scannen.
__________________

__________________
Alt 20.08.2014, 15:19   #3
ighg
 
TR/patched.Ren.Gen läßt sich nicht entfernen - Standard

TR/patched.Ren.Gen läßt sich nicht entfernen


Hallo Schrauber dies sind die Ergebnisse:
SHA256: 5bfb56b7266dfcfdd34f99e4a9f5a5eb33bd95fff2ef467ec5e5e59567a658bb
Dateiname: tmp0000587b
Bkav W32.HfsAutoB.F90c, K7GW Virus ( f10001071 )

SHA256: 441d65aea923662d41051d9d8dc8cd2753f5d964879fb0fec2b2b876a8323c29
Dateiname: tmp00008002
K7GW Virus ( f10001071 )

SHA256: 96d67035dfd31f3a40bdbb7329d8ba05395195d1a18929a0ad3ab2e6527e7347
Dateiname: tmp0000828b
Bkav W32.HfsAutoB.F90c
K7GW Virus ( f10001071 )
__________________
Alt 21.08.2014, 12:22   #4
schrauber
/// the machine
/// TB-Ausbilder
 
TR/patched.Ren.Gen läßt sich nicht entfernen - Standard

TR/patched.Ren.Gen läßt sich nicht entfernen


wieviel von wieviel Scannern haben was gefudnen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.08.2014, 13:25   #5
ighg
 
TR/patched.Ren.Gen läßt sich nicht entfernen - Standard

TR/patched.Ren.Gen läßt sich nicht entfernen


jedesmal 2 von 54.
Gruß


Alt 22.08.2014, 13:18   #6
schrauber
/// the machine
/// TB-Ausbilder
 
TR/patched.Ren.Gen läßt sich nicht entfernen - Standard

TR/patched.Ren.Gen läßt sich nicht entfernen


alles Fehlalarme.
__________________
--> TR/patched.Ren.Gen läßt sich nicht entfernen

Alt 22.08.2014, 13:25   #7
ighg
 
TR/patched.Ren.Gen läßt sich nicht entfernen - Standard

TR/patched.Ren.Gen läßt sich nicht entfernen


Was heißt das jetzt? Ist der TR/patched.Ren.Gen nicht schädlich? Braucht der nicht entfernt werden? Im Netz sind viele Horrrmeldungen darüber im Umlauf. Soll ich nichts mehr machen?

Alt 23.08.2014, 06:01   #8
schrauber
/// the machine
/// TB-Ausbilder
 
TR/patched.Ren.Gen läßt sich nicht entfernen - Standard

TR/patched.Ren.Gen läßt sich nicht entfernen


Die eigentliche Horrormeldung ist das Leute immer noch Antivir benutzen .

Bei Antivir ist in den Temps alles patched.Ren.Gen, und wenn sonst nix zu finden ist werden noch paar seit jahren installierte Programme oder Systemdateien als Crypt.Xpack.Gen oder ZPack.Gen betitelt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.08.2014, 08:21   #9
ighg
 
TR/patched.Ren.Gen läßt sich nicht entfernen - Standard

TR/patched.Ren.Gen läßt sich nicht entfernen


Hallo Schrauber,
danke für die Antwort.
Wenn ich das jetzt richtig verstehe bedeutet dies: Ich soll den Virenscanner wechseln.
Habe ich schon darüber nachgedacht aber ich konnte mich für keinen so richtig entscheiden. Was mich nur stutzig macht. Ich hatte u.a. den Inhalt des Temp Ordners gelöscht. Trotzdem werden immer wieder Dateien als Virenwarnung hineingeschrieben.
Ich nehme jetzt mal als Aufgabe folgendes mit. Ich schau mal nach welche anderer Virenscanner für mich in Frage kommen könnten. Vielleicht habt ihr ja auch einen Tip für mich.
Danke!
Viele Grüße
ighg

Alt 24.08.2014, 06:17   #10
schrauber
/// the machine
/// TB-Ausbilder
 
TR/patched.Ren.Gen läßt sich nicht entfernen - Standard

TR/patched.Ren.Gen läßt sich nicht entfernen


Naja, die Temps werden ja auch normalweise nach ner Sekunde wieder gefüllt .

Ich empfehle immer Emsisoft
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu TR/patched.Ren.Gen läßt sich nicht entfernen
4d36e972-e325-11ce-bfc1-08002be10318, abelssoft, ad-aware, antivir, avira, bingbar, bonjour, branding, browser, converter, desktop, downloader, dvdvideosoft ltd., entfernen, error, firefox, flash player, google, home, homepage, kaspersky, koyote, linkury, mp3, programm, realtek, registrierungsdatenbank, scan, security, software, system, windows, windows xp, yahoo community smartbar


« win7: Kasperski Web-Anti-Virus blockt: obession.co.ua/loader/loadit.exe | Windows Vista: Malwarebytes meldet Virenfund »


Ähnliche Themen: TR/patched.Ren.Gen läßt sich nicht entfernen


  1. Window 7: SpyHunter 4 läßt sich nicht entfernen
    Log-Analyse und Auswertung - 23.04.2015 (21)
  2. Mysearchdial läßt sich nicht entfernen
    Log-Analyse und Auswertung - 05.03.2014 (8)
  3. Iminent läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 22.12.2013 (9)
  4. Interpol Trojaner läßt sich nicht entfernen...
    Log-Analyse und Auswertung - 03.12.2013 (3)
  5. qvo6 Virus läßt sich nicht entfernen
    Log-Analyse und Auswertung - 15.05.2013 (11)
  6. C:\test.exe läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (3)
  7. fb downloader search läßt sich nicht entfernen
    Log-Analyse und Auswertung - 27.11.2012 (1)
  8. Spyhunter 4 läßt sich nicht entfernen.
    Plagegeister aller Art und deren Bekämpfung - 02.05.2012 (30)
  9. Malware läßt sich nicht entfernen.
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (3)
  10. tr/dldr.tracur.b.11 läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.08.2009 (1)
  11. ShlapiW32.dll läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.08.2007 (6)
  12. Tr/Agent läßt sich nicht Entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.06.2007 (1)
  13. Trojaner läßt sich nicht entfernen...!!
    Plagegeister aller Art und deren Bekämpfung - 20.04.2007 (4)
  14. Dieser Trojaner läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.12.2006 (15)
  15. C2Lop läßt sich nicht entfernen!
    Mülltonne - 03.09.2006 (1)
  16. Malware VX2 läßt sich nicht restlos entfernen
    Log-Analyse und Auswertung - 29.05.2005 (0)
  17. Hijacker läßt sich nicht entfernen
    Log-Analyse und Auswertung - 27.07.2004 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/patched.Ren.Gen läßt sich nicht entfernen - Avira meldet das TR/Patched.Ren.Gen auf den Temp Ordner zugreift. Ich habe nach folgenden "Kochrezept" ein entfernen versucht: hxxp://malwaretips.com/blogs/tr-patched-ren-gen-removal/ Es war erfolglos denn die Meldung von Avira kam heute wieder. Die - TR/patched.Ren.Gen läßt sich nicht entfernen...
Archiv
Du betrachtest: TR/patched.Ren.Gen läßt sich nicht entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19