Avira Desktop lässt sich nicht öffnen/aktivieren

geeero · 30.09.2014, 11:47

Hallo, ich bin neu hier, verzeiht mir daher evtl. Fehler in der Beschreibung meines Problems: Avira Desktop lässt sich nicht mehr öffnen/aktivieren, es erscheint die Fehlermeldung:" Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator." Alle Versuche, das Programm upzudaten sind gescheitert. Ich bin auf euer board gestossen, bitte um Hilfestellung und habe zumindest schon vom adware cleaner die log:

# AdwCleaner v3.310 - Bericht erstellt am 30/09/2014 um 12:01:25
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Desktop\adwcleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

***** [ Tasks ] *****

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p7bjhlk.default\prefs.js ]

Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]

-\\ Google Chrome v

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6997 octets] - [03/07/2014 20:52:47]
AdwCleaner[R1].txt - [7057 octets] - [03/07/2014 20:57:07]
AdwCleaner[R2].txt - [1096 octets] - [03/07/2014 21:01:13]
AdwCleaner[R3].txt - [1607 octets] - [30/09/2014 11:57:00]
AdwCleaner[S0].txt - [6606 octets] - [03/07/2014 20:58:27]
AdwCleaner[S1].txt - [1158 octets] - [03/07/2014 21:03:28]
AdwCleaner[S2].txt - [1528 octets] - [30/09/2014 12:01:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1588 octets] ##########

schrauber · 30.09.2014, 20:23

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

geeero · 02.10.2014, 15:44

FRST.txt:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-10-2014 01
Ran by User (administrator) on USER-PC on 02-10-2014 16:30:32
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User & Matthis)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKU\S-1-5-21-202807160-4012287017-4108981099-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-202807160-4012287017-4108981099-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-202807160-4012287017-4108981099-1000\...\MountPoints2: {3896bd00-997e-11e2-b92f-00219bf94fd8} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-202807160-4012287017-4108981099-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E8597AE2308CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p7bjhlk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin: @fluxdvd.com/NPAPIX -> C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF Plugin: @fluxdvd.com/NPFluxBrowserHelper -> C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF Plugin: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll No File
FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{400F0BDB-6C49-43A4-BE1F-76D7327A604D}] - C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla
FF Extension: fluxDVD Download Manager - C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2012-03-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.drumdoktor.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll No File
CHR Plugin: (Active Process Information eXchange) - C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
CHR Plugin: (fluxDVD) - C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
CHR Plugin: (NPMPDRM License Acquisition Plugin) - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR CustomProfile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-28]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-28]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-23] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-07-25] (Intel Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-07-25] (Intel Corporation) [File not signed]
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-09-29] (Protect Software GmbH) [File not signed]
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1882624 2011-02-08] (Atheros Communications, Inc.) [File not signed]
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2013-06-28] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [25856 2010-10-08] (Huawei Tech. Co., Ltd.)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [83496 2007-11-02] (MCCI Corporation)
S3 s217mdfl; C:\Windows\System32\DRIVERS\s217mdfl.sys [15016 2007-11-02] (MCCI Corporation)
S3 s217mdm; C:\Windows\System32\DRIVERS\s217mdm.sys [109992 2007-11-02] (MCCI Corporation)
S3 s217nd5; C:\Windows\System32\DRIVERS\s217nd5.sys [24872 2007-11-02] (MCCI Corporation)
S3 s217obex; C:\Windows\System32\DRIVERS\s217obex.sys [100008 2007-11-02] (MCCI Corporation)
S3 s217unic; C:\Windows\System32\DRIVERS\s217unic.sys [105896 2007-11-02] (MCCI)
R1 SSHDRV84; C:\Windows\system32\drivers\SSHDRV84.sys [76800 2013-03-18] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-15] (Avira GmbH)
S3 jgameenp; \??\C:\Users\User\AppData\Local\Temp\jgameenp.sys [X]
S3 RTL2832UBDA; system32\drivers\RTL2832UBDA.sys [X]
S3 RTL2832UUSB; System32\Drivers\RTL2832UUSB.sys [X]
S3 RTL2832U_IRHID; system32\DRIVERS\RTL2832U_IRHID.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 16:30 - 2014-10-02 16:32 - 00014750 _____ () C:\Users\User\Desktop\FRST.txt
2014-10-02 16:30 - 2014-10-02 16:30 - 00000000 ____D () C:\FRST
2014-10-02 16:28 - 2014-10-02 16:29 - 01100288 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-09-30 16:15 - 2014-09-30 16:15 - 00000000 ____D () C:\Users\User\Desktop\Auswahl
2014-09-30 12:26 - 2014-09-30 12:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Oracle
2014-09-30 12:25 - 2014-09-30 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-30 12:25 - 2014-09-30 12:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-30 12:25 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-30 12:25 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-30 12:25 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-30 12:25 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-30 12:24 - 2014-09-30 12:25 - 00004274 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-30 12:03 - 2014-09-30 12:03 - 00000306 _____ () C:\Windows\PFRO.log
2014-09-30 11:55 - 2014-09-30 11:56 - 01373475 _____ () C:\Users\User\Desktop\adwcleaner_3.310.exe
2014-09-30 11:31 - 2014-09-30 11:31 - 00283456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-29 23:25 - 2014-10-02 09:50 - 00001131 _____ () C:\Windows\setupact.log
2014-09-29 23:25 - 2014-09-29 23:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-29 23:14 - 2014-09-29 23:14 - 00061208 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-27 12:05 - 2014-10-02 16:11 - 00000000 ____D () C:\Users\User\Desktop\BühneYU
2014-09-27 03:23 - 2014-10-01 21:16 - 00003529 _____ () C:\Users\User\Desktop\Antje.txt
2014-09-26 10:16 - 2014-09-26 10:16 - 00000000 ____D () C:\Users\User\Desktop\CheersBro
2014-09-25 21:40 - 2014-09-25 21:40 - 00000000 ____D () C:\Users\User\Desktop\RespektRockt
2014-09-24 15:08 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-11 20:52 - 2014-10-01 19:32 - 00000000 ____D () C:\Users\User\Desktop\Unbekannter Interpret
2014-09-10 12:32 - 2014-09-10 12:32 - 00000000 ____D () C:\Win7 Beta Driver
2014-09-10 12:31 - 2014-09-10 12:31 - 00000000 ____D () C:\Utility
2014-09-10 12:21 - 2014-09-10 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2014-09-10 12:20 - 2013-06-28 14:49 - 01570304 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athur.sys
2014-09-10 12:20 - 2013-06-28 14:49 - 01570304 _____ (Atheros Communications, Inc.) C:\Windows\system32\athur.sys
2014-09-10 12:20 - 2013-06-28 14:49 - 00007514 _____ () C:\Windows\system32\athurext.cat
2014-09-10 12:19 - 2014-09-10 12:19 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-09-10 03:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:14 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:14 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 03:14 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:14 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 03:13 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 02:52 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 02:52 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 02:51 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 02:51 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 02:51 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 02:51 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-07 20:55 - 2014-09-07 20:55 - 26650323 _____ () C:\Users\User\Desktop\Dalida.KD

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 16:30 - 2009-07-14 06:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 16:30 - 2009-07-14 06:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 16:28 - 2012-03-22 16:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-02 15:03 - 2012-03-24 15:04 - 01960312 _____ () C:\Windows\WindowsUpdate.log
2014-10-02 14:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-10-02 13:28 - 2012-03-22 16:01 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-02 09:52 - 2013-04-27 13:44 - 00000000 ___RD () C:\Users\User\Dropbox
2014-10-02 09:52 - 2013-04-27 13:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-10-02 09:51 - 2012-04-28 18:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-02 09:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 19:22 - 2010-11-20 23:01 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-30 15:08 - 2012-08-06 17:31 - 00000000 ____D () C:\Users\User\Desktop\Verkäufe
2014-09-30 12:25 - 2014-01-28 19:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-30 12:25 - 2013-02-20 13:57 - 00000000 ____D () C:\Program Files\Java
2014-09-30 12:01 - 2014-07-03 20:52 - 00000000 ____D () C:\AdwCleaner
2014-09-30 00:21 - 2012-08-22 11:18 - 00000000 ____D () C:\Users\User\Desktop\GB
2014-09-29 02:27 - 2014-08-07 01:50 - 00000000 ____D () C:\Users\User\Desktop\alegtrick
2014-09-26 08:24 - 2013-09-05 12:00 - 00000000 ____D () C:\Users\User\Desktop\Schule
2014-09-25 19:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-24 22:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 21:31 - 2012-05-22 17:34 - 00000851 _____ () C:\Users\User\Desktop\checkthatout.txt
2014-09-19 08:54 - 2013-04-27 13:44 - 00001021 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-09-19 08:54 - 2013-04-27 13:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 21:25 - 2012-05-02 19:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-09-16 03:25 - 2013-04-16 12:34 - 01259503 _____ () C:\Users\User\Desktop\Vorlage.KD
2014-09-15 10:46 - 2014-08-10 14:13 - 00000000 ____D () C:\Users\User\Documents\GBAIR14
2014-09-15 09:06 - 2011-10-11 23:11 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 22:31 - 2013-11-03 04:21 - 00000000 ____D () C:\Users\User\Desktop\Acid-Projekte
2014-09-11 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 22:56 - 2014-06-14 13:00 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-09-10 22:56 - 2012-03-22 17:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-10 12:32 - 2013-10-21 17:52 - 08500985 _____ (Macrovision Corporation) C:\Setup.exe
2014-09-10 11:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 03:13 - 2013-08-15 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:07 - 2014-05-07 23:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 03:07 - 2011-10-11 23:10 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Matthis\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppnuvur.dll
C:\Users\User\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:55

==================== End Of Log ============================

--- --- ---

Additional:FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-10-2014 01
Ran by User at 2014-10-02 16:32:47
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Ace of WAV (HKLM\...\Ace of WAV) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.2) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
cars2 (HKLM\...\{FF10D622-7BFE-48C6-8DF6-40D8CB1D3C1B}) (Version: 1.00.0000 - Disney Interactive Studios)
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HUAWEI DataCard Driver 4.22.19.00 (HKLM\...\HUAWEI DataCard Driver) (Version: 4.22.19.00 - Huawei technologies Co., Ltd.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 8.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.6.0 - )
Kronen-Design 1.10 (HKLM\...\Kronen-Design 1.10_is1) (Version:  - )
Kronen-Design 1.77 (HKLM\...\Kronen-Design_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
mDriver (Version: 9.24.0000 - Intel) Hidden
mHelp (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2000 SR-1 Small Business (HKLM\...\{00030407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
Modem-Diagnose-Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
mWMI (Version: 9.24.0000 - Intel Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Shockwave (HKLM\...\Shockwave) (Version:  - )
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Sonic Foundry ACID 4.0 (HKLM\...\{2A38B5AA-EA84-4F87-9937-2FB23982243A}) (Version: 4.0.215 - Sonic Foundry)
Sonic Foundry Sound Forge 6.0e (HKLM\...\{B3DE6A9E-1FD0-4208-92F4-EC9004E34774}) (Version: 6.0.237 - Sonic Foundry)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Test Tone Generator 4.4 (HKLM\...\A9CD4C7D-6D93-4B56-A226-1D28DB060A87_is1) (Version:  - Timo Esser)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
winLAME 2010 beta 1 (HKLM\...\{63C16E81-327C-49B6-9643-4F5EFD8A6B2D}) (Version: 1.0.2010.1 - Michael Fink)
WM Converter 2.0 (HKLM\...\WM Converter 2.0) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

02-10-2014 10:23:12 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {67B17EBC-79F0-4738-9EA8-A056FD80258C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: {84F5DE67-9EC3-40B7-A515-04DEEE888EBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-22] (Google Inc.)
Task: {8CA8E105-B78D-4C82-9957-A927D204FF90} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C83813FA-300A-4C7C-B827-1B1054EBD647} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-04-25 11:55 - 2007-04-25 11:55 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-07-25 17:25 - 2007-07-25 17:25 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2014-10-02 09:51 - 2014-10-02 09:51 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppnuvur.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\Users\User\Desktop\2008-07-27 05.14.55.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-202807160-4012287017-4108981099-500 - Administrator - Disabled)
Gast (S-1-5-21-202807160-4012287017-4108981099-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-202807160-4012287017-4108981099-1004 - Limited - Enabled)
Matthis (S-1-5-21-202807160-4012287017-4108981099-1002 - Limited - Enabled) => C:\Users\Matthis
User (S-1-5-21-202807160-4012287017-4108981099-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2014 09:52:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2014 07:20:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2014 00:05:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2014 11:32:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2014 10:19:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2014 07:16:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2014 00:02:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2014 07:57:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 04:53:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 03:01:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/02/2014 00:20:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/02/2014 00:20:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/02/2014 00:20:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/02/2014 00:20:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/02/2014 00:20:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/02/2014 00:20:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/02/2014 00:20:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/02/2014 00:20:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/02/2014 00:20:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (10/02/2014 00:20:11 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.


Microsoft Office Sessions:
=========================
Error: (10/02/2014 09:52:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2014 07:20:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2014 00:05:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2014 11:32:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2014 10:19:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2014 07:16:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2014 00:02:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2014 07:57:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 04:53:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 03:01:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU 560 @ 2.13GHz
Percentage of memory in use: 54%
Total physical RAM: 2038.04 MB
Available physical RAM: 933.11 MB
Total Pagefile: 4076.09 MB
Available Pagefile: 2582 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.7 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:48.83 GB) (Free:21.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:62.96 GB) (Free:19.04 GB) NTFS
Drive h: (HP_RECOVERY) (Fixed) (Total:6.2 GB) (Free:0.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Musik/Backup) (Fixed) (Total:66.77 GB) (Free:2.91 GB) NTFS
Drive j: (OS_TOOLS) (Fixed) (Total:1.55 GB) (Free:1.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 000CFB8F)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=63 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 74.5 GB) (Disk ID: C024ECFB)
Partition 1: (Active) - (Size=66.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

schrauber · 03.10.2014, 11:20

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

geeero · 05.10.2014, 00:32

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-10-2014 01
Ran by User at 2014-10-05 00:34:56 Run:1
Running from C:\Users\User\Desktop\scan\FRST-OlderVersion
Loaded Profile: User (Available profiles: User & Matthis)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====

C:/Combofix.txt:

Combofix Logfile:

Code:

ATTFilter

ComboFix 14-10-04.01 - User 05.10.2014   1:09.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2038.1274 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\scan\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
C:\Setup.exe
c:\windows\IsUn0407.exe
H:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-09-04 bis 2014-10-04  ))))))))))))))))))))))))))))))
.
.
2014-10-04 23:18 . 2014-10-04 23:21	--------	d-----w-	c:\users\User\AppData\Local\temp
2014-10-04 23:18 . 2014-10-04 23:18	--------	d-----w-	c:\users\RA Media Server\AppData\Local\temp
2014-10-04 23:18 . 2014-10-04 23:18	--------	d-----w-	c:\users\Matthis\AppData\Local\temp
2014-10-04 22:25 . 2014-09-09 01:24	8806800	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{107C3233-E576-4967-BD13-5620A548C763}\mpengine.dll
2014-10-02 14:30 . 2014-10-04 22:34	--------	d-----w-	C:\FRST
2014-10-02 08:01 . 2014-09-25 01:40	519680	----a-w-	c:\windows\system32\qdvd.dll
2014-09-30 10:26 . 2014-09-30 10:26	--------	d-----w-	c:\users\User\AppData\Roaming\Oracle
2014-09-30 10:25 . 2014-09-30 10:25	--------	d-----w-	c:\program files\Common Files\Java
2014-09-30 10:25 . 2014-07-25 10:55	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-09-24 13:08 . 2014-09-09 21:47	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-10 10:32 . 2014-09-10 10:32	--------	d-----w-	C:\Win7 Beta Driver
2014-09-10 10:31 . 2014-09-10 10:31	--------	d-----w-	C:\Utility
2014-09-10 10:20 . 2013-06-28 12:49	1570304	----a-w-	c:\windows\system32\drivers\athur.sys
2014-09-10 10:20 . 2013-06-28 12:49	1570304	----a-w-	c:\windows\system32\athur.sys
2014-09-10 10:19 . 2014-09-10 10:19	--------	d-----w-	c:\programdata\TP-LINK
2014-09-10 01:13 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-09-10 00:52 . 2014-07-07 01:40	1059840	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-10 00:52 . 2014-07-07 01:40	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-09-10 00:51 . 2014-09-05 01:52	445952	----a-w-	c:\windows\system32\aepdu.dll
2014-09-10 00:51 . 2014-09-05 01:47	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-09-10 00:51 . 2014-08-01 11:35	793600	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-09-10 00:51 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-15 07:06 . 2011-10-11 21:11	231568	------w-	c:\windows\system32\MpSigStub.exe
2014-08-23 01:46 . 2014-08-28 14:25	305152	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 00:42 . 2014-08-28 14:25	2352640	----a-w-	c:\windows\system32\win32k.sys
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 16:10 . 2013-05-06 08:50	35848	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-07-14 01:42 . 2014-08-23 21:40	654336	----a-w-	c:\windows\system32\rpcrt4.dll
2013-05-15 16:49 . 2013-05-15 16:49	1318912	----a-w-	c:\program files\Schach.exe
2013-04-27 11:29 . 2013-04-27 11:26	34111016	----a-w-	c:\program files\Dropbox 2.0.8.exe
2003-09-28 16:40 . 2012-05-22 16:15	413696	----a-w-	c:\program files\WAVTOMP3.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-23 751184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2013-06-28 1570304]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2010-10-08 25856]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 jgameenp;jgameenp;c:\users\User\AppData\Local\Temp\jgameenp.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-28 37352]
S1 SSHDRV84;SSHDRV84;c:\windows\system32\drivers\SSHDRV84.sys [2013-03-18 76800]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\aestsrv.exe [2007-09-20 73728]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-08-23 430160]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 73216]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-22 14:01]
.
2014-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-22 14:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mWindow Title = Arcor AG & Co. KG
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p7bjhlk.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-Wdf01000.sys
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-ProtectDisc Driver 11 - c:\program files\ProtectDisc Driver Installer\uninstall_v11.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\avira\antivir desktop\avira_de____fm.exe
c:\program files\avira\antivir desktop\avira_de____fm.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-05  01:27:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-10-04 23:27
.
Vor Suchlauf: 11 Verzeichnis(se), 22.036.320.256 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 21.602.570.240 Bytes frei
.
- - End Of File - - 42017DFD815736B1A3016616C573FCDC

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 05.10.2014, 14:59

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

geeero · 06.10.2014, 02:04

mbam.txt:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 06.10.2014
Suchlauf-Zeit: 02:10:13
Logdatei: MBMVerlaufsprotokoll.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.07.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 267503
Verstrichene Zeit: 13 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)

(end)

adwcleaner.txt:AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.311 - Bericht erstellt am 06/10/2014 um 02:37:23
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Desktop\scan\adwcleaner_3.311.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p7bjhlk.default\prefs.js ]

Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]

-\\ Google Chrome v

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6997 octets] - [03/07/2014 20:52:47]
AdwCleaner[R1].txt - [7057 octets] - [03/07/2014 20:57:07]
AdwCleaner[R2].txt - [1096 octets] - [03/07/2014 21:01:13]
AdwCleaner[R3].txt - [1607 octets] - [30/09/2014 11:57:00]
AdwCleaner[R4].txt - [1591 octets] - [06/10/2014 02:35:46]
AdwCleaner[S0].txt - [6606 octets] - [03/07/2014 20:58:27]
AdwCleaner[S1].txt - [1158 octets] - [03/07/2014 21:03:28]
AdwCleaner[S2].txt - [1668 octets] - [30/09/2014 12:01:25]
AdwCleaner[S3].txt - [1512 octets] - [06/10/2014 02:37:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1572 octets] ##########

--- --- ---

JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.0 (10.05.2014:1)
OS: Windows 7 Ultimate x86
Ran by User on 06.10.2014 at 2:50:37,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{03FB422F-F472-4C16-99AB-9BC8D87535D0}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{0A2F58E2-FA90-4D0B-842C-27FA44E36710}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{38F6359B-9092-43B2-8457-04E408EF4635}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{4FD5CCB0-23B6-4F07-8F72-ED93401E8B81}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{5884FB88-09D7-48A0-AADE-DB624C601514}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{58B2E08E-192B-474D-A628-1B74553DBBFA}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{69CCF396-3F64-4703-B82E-CCAD11B5C96D}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{7EE90DA3-8D8D-4E4E-9856-3538B37FCB7B}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{93026D5B-8959-4A40-A9C5-537BF29790AD}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{9D444775-B8CC-443D-B5D9-81E9AD370AA4}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A384C846-3A79-4692-B3AB-0B180E4B4170}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{B5707ACC-FCEE-4DAE-A4BD-DCC8D2716F66}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{B7AD923C-5F87-4EF8-8B7F-B5F7173D92F6}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{D41C06D5-07A4-472B-8916-1F7A43DE0612}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{D984156A-0579-4CEE-B0E9-DF84ADD4E9B7}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{E7DDE88A-5FD9-4ACE-9942-4B66EB654777}

~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1p7bjhlk.default\minidumps [23 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.10.2014 at 2:53:46,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2014 01
Ran by User (administrator) on USER-PC on 06-10-2014 02:56:17
Running from C:\Users\User\Desktop\scan\FRST-OlderVersion
Loaded Profile: User (Available profiles: User & Matthis)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-202807160-4012287017-4108981099-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-202807160-4012287017-4108981099-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-202807160-4012287017-4108981099-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E8597AE2308CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p7bjhlk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin: @fluxdvd.com/NPAPIX -> C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF Plugin: @fluxdvd.com/NPFluxBrowserHelper -> C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF Plugin: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll No File
FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{400F0BDB-6C49-43A4-BE1F-76D7327A604D}] - C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla
FF Extension: fluxDVD Download Manager - C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2012-03-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.drumdoktor.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll No File
CHR Plugin: (Active Process Information eXchange) - C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
CHR Plugin: (fluxDVD) - C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
CHR Plugin: (NPMPDRM License Acquisition Plugin) - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR CustomProfile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-28]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-28]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-23] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-07-25] (Intel Corporation) [File not signed]
S2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-07-25] (Intel Corporation) [File not signed]
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-09-29] (Protect Software GmbH) [File not signed]
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1882624 2011-02-08] (Atheros Communications, Inc.) [File not signed]
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2013-06-28] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [25856 2010-10-08] (Huawei Tech. Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-06] (Malwarebytes Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [83496 2007-11-02] (MCCI Corporation)
S3 s217mdfl; C:\Windows\System32\DRIVERS\s217mdfl.sys [15016 2007-11-02] (MCCI Corporation)
S3 s217mdm; C:\Windows\System32\DRIVERS\s217mdm.sys [109992 2007-11-02] (MCCI Corporation)
S3 s217nd5; C:\Windows\System32\DRIVERS\s217nd5.sys [24872 2007-11-02] (MCCI Corporation)
S3 s217obex; C:\Windows\System32\DRIVERS\s217obex.sys [100008 2007-11-02] (MCCI Corporation)
S3 s217unic; C:\Windows\System32\DRIVERS\s217unic.sys [105896 2007-11-02] (MCCI)
R1 SSHDRV84; C:\Windows\system32\drivers\SSHDRV84.sys [76800 2013-03-18] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-15] (Avira GmbH)
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 jgameenp; \??\C:\Users\User\AppData\Local\Temp\jgameenp.sys [X]
S3 RTL2832UBDA; system32\drivers\RTL2832UBDA.sys [X]
S3 RTL2832UUSB; System32\Drivers\RTL2832UUSB.sys [X]
S3 RTL2832U_IRHID; system32\DRIVERS\RTL2832U_IRHID.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 02:53 - 2014-10-06 02:53 - 00002486 _____ () C:\Users\User\Desktop\JRT.txt.txt
2014-10-06 02:50 - 2014-10-06 02:50 - 00000000 ____D () C:\Windows\ERUNT
2014-10-06 02:41 - 2014-10-06 02:41 - 00001652 _____ () C:\Users\User\Desktop\adwCleaner.txt.txt
2014-10-06 02:32 - 2014-10-06 02:32 - 00001174 _____ () C:\Users\User\Desktop\mbam.txt.txt
2014-10-06 01:55 - 2014-10-06 01:55 - 00000000 ____D () C:\Users\User\Desktop\GBsessionMP3
2014-10-05 22:11 - 2014-10-05 22:21 - 00176008 _____ () C:\Users\User\Documents\Record Take 49.sfk
2014-10-05 22:11 - 2014-10-05 22:21 - 00119820 _____ () C:\Users\User\Documents\Record Take 48.sfk
2014-10-05 22:01 - 2014-10-05 22:05 - 45051910 _____ () C:\Users\User\Documents\Record Take 49.wav
2014-10-05 21:58 - 2014-10-05 22:01 - 30664272 _____ () C:\Users\User\Documents\Record Take 48.wav
2014-10-05 21:57 - 2014-10-05 22:21 - 00158828 _____ () C:\Users\User\Documents\Record Take 47.sfk
2014-10-05 21:54 - 2014-10-05 21:57 - 40652686 _____ () C:\Users\User\Documents\Record Take 47.wav
2014-10-05 21:53 - 2014-10-05 22:21 - 00056832 _____ () C:\Users\User\Documents\Record Take 46.sfk
2014-10-05 21:51 - 2014-10-05 22:21 - 00227548 _____ () C:\Users\User\Documents\Record Take 42.sfk
2014-10-05 21:51 - 2014-10-05 22:21 - 00176604 _____ () C:\Users\User\Documents\Record Take 44.sfk
2014-10-05 21:51 - 2014-10-05 22:21 - 00174076 _____ () C:\Users\User\Documents\Record Take 43.sfk
2014-10-05 21:51 - 2014-10-05 21:53 - 14536098 _____ () C:\Users\User\Documents\Record Take 46.wav
2014-10-05 21:46 - 2014-10-05 21:50 - 45204906 _____ () C:\Users\User\Documents\Record Take 44.wav
2014-10-05 21:41 - 2014-10-05 21:45 - 44557730 _____ () C:\Users\User\Documents\Record Take 43.wav
2014-10-05 21:35 - 2014-10-05 21:40 - 58250066 _____ () C:\Users\User\Documents\Record Take 42.wav
2014-10-05 21:34 - 2014-10-05 22:21 - 00186744 _____ () C:\Users\User\Documents\Record Take 41.sfk
2014-10-05 21:30 - 2014-10-05 21:34 - 47801254 _____ () C:\Users\User\Documents\Record Take 41.wav
2014-10-05 21:29 - 2014-10-05 22:21 - 00169320 _____ () C:\Users\User\Documents\Record Take 40.sfk
2014-10-05 21:25 - 2014-10-05 21:29 - 43340030 _____ () C:\Users\User\Documents\Record Take 40.wav
2014-10-05 20:56 - 2014-10-05 21:09 - 00146420 _____ () C:\Users\User\Documents\Record Take 38.sfk
2014-10-05 20:53 - 2014-10-05 20:56 - 37475490 _____ () C:\Users\User\Documents\Record Take 38.wav
2014-10-05 20:52 - 2014-10-05 21:09 - 00218864 _____ () C:\Users\User\Documents\Record Take 37.sfk
2014-10-05 20:47 - 2014-10-05 20:52 - 56025510 _____ () C:\Users\User\Documents\Record Take 37.wav
2014-10-05 20:43 - 2014-10-05 21:09 - 00171748 _____ () C:\Users\User\Documents\Record Take 35.sfk
2014-10-05 20:43 - 2014-10-05 20:46 - 33507308 _____ () C:\Users\User\Documents\Record Take 36.wav
2014-10-05 20:39 - 2014-10-05 20:43 - 43961534 _____ () C:\Users\User\Documents\Record Take 35.wav
2014-10-05 20:38 - 2014-10-05 21:09 - 00163176 _____ () C:\Users\User\Documents\Record Take 34.sfk
2014-10-05 20:34 - 2014-10-05 21:03 - 00023740 _____ () C:\Users\User\Documents\Record Take 33.sfk
2014-10-05 20:34 - 2014-10-05 20:38 - 41766910 _____ () C:\Users\User\Documents\Record Take 34.wav
2014-10-05 20:33 - 2014-10-05 20:34 - 06062134 _____ () C:\Users\User\Documents\Record Take 33.wav
2014-10-05 20:31 - 2014-10-05 21:09 - 00172396 _____ () C:\Users\User\Documents\Record Take 32.sfk
2014-10-05 20:26 - 2014-10-05 20:31 - 44127558 _____ () C:\Users\User\Documents\Record Take 32.wav
2014-10-05 20:22 - 2014-10-05 21:09 - 00141292 _____ () C:\Users\User\Documents\Record Take 31.sfk
2014-10-05 20:19 - 2014-10-05 20:22 - 36162442 _____ () C:\Users\User\Documents\Record Take 31.wav
2014-10-05 18:24 - 2014-10-05 18:25 - 00036760 _____ () C:\Users\User\Documents\Record Take 21.sfk
2014-10-05 18:23 - 2014-10-05 18:24 - 09395884 _____ () C:\Users\User\Documents\Record Take 21.wav
2014-10-05 18:16 - 2014-10-05 18:18 - 00045620 _____ () C:\Users\User\Documents\Record Take 17.sfk
2014-10-05 18:15 - 2014-10-05 18:16 - 11665550 _____ () C:\Users\User\Documents\Record Take 17.wav
2014-10-05 18:12 - 2014-10-05 18:14 - 00034528 _____ () C:\Users\User\Documents\Record Take 13.sfk
2014-10-05 18:11 - 2014-10-05 18:12 - 08824558 _____ () C:\Users\User\Documents\Record Take 13.wav
2014-10-05 16:24 - 2014-10-05 16:24 - 00000000 ____D () C:\Users\User\Desktop\Dalida
2014-10-05 01:27 - 2014-10-05 01:27 - 00016643 _____ () C:\ComboFix.txt
2014-10-05 01:05 - 2014-10-05 01:27 - 00000000 ____D () C:\Qoobox
2014-10-05 01:05 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-05 01:05 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-05 01:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-05 01:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-05 01:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-05 01:05 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-05 01:05 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-05 01:05 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-05 01:04 - 2014-10-05 01:24 - 00000000 ____D () C:\Windows\erdnt
2014-10-02 16:46 - 2014-10-06 02:56 - 00000000 ____D () C:\Users\User\Desktop\scan
2014-10-02 16:30 - 2014-10-06 02:56 - 00000000 ____D () C:\FRST
2014-10-02 10:01 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 12:26 - 2014-09-30 12:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Oracle
2014-09-30 12:25 - 2014-09-30 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-30 12:25 - 2014-09-30 12:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-30 12:25 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-30 12:25 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-30 12:25 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-30 12:25 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-30 12:24 - 2014-09-30 12:25 - 00004274 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-30 12:03 - 2014-10-06 02:38 - 00001162 _____ () C:\Windows\PFRO.log
2014-09-30 11:31 - 2014-09-30 11:31 - 00283456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-29 23:25 - 2014-10-06 02:38 - 00001738 _____ () C:\Windows\setupact.log
2014-09-29 23:25 - 2014-09-29 23:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-29 23:14 - 2014-09-29 23:14 - 00061208 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-27 12:05 - 2014-10-02 16:11 - 00000000 ____D () C:\Users\User\Desktop\BühneYU
2014-09-27 03:23 - 2014-10-01 21:16 - 00003529 _____ () C:\Users\User\Desktop\Antje.txt
2014-09-26 10:16 - 2014-09-26 10:16 - 00000000 ____D () C:\Users\User\Desktop\CheersBro
2014-09-25 21:40 - 2014-09-25 21:40 - 00000000 ____D () C:\Users\User\Desktop\RespektRockt
2014-09-24 15:08 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-11 20:52 - 2014-10-01 19:32 - 00000000 ____D () C:\Users\User\Desktop\Unbekannter Interpret
2014-09-10 12:32 - 2014-09-10 12:32 - 00000000 ____D () C:\Win7 Beta Driver
2014-09-10 12:31 - 2014-09-10 12:31 - 00000000 ____D () C:\Utility
2014-09-10 12:21 - 2014-09-10 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2014-09-10 12:20 - 2013-06-28 14:49 - 01570304 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athur.sys
2014-09-10 12:20 - 2013-06-28 14:49 - 01570304 _____ (Atheros Communications, Inc.) C:\Windows\system32\athur.sys
2014-09-10 12:20 - 2013-06-28 14:49 - 00007514 _____ () C:\Windows\system32\athurext.cat
2014-09-10 12:19 - 2014-09-10 12:19 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-09-10 03:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:14 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:14 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 03:14 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:14 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 03:13 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 02:52 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 02:52 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 02:51 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 02:51 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 02:51 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 02:51 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-06 02:51 - 2012-03-24 15:04 - 01048790 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 02:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-10-06 02:47 - 2009-07-14 06:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 02:47 - 2009-07-14 06:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 02:40 - 2013-04-27 13:44 - 00000000 ___RD () C:\Users\User\Dropbox
2014-10-06 02:39 - 2013-04-27 13:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-10-06 02:39 - 2012-03-22 16:01 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 02:38 - 2012-04-28 18:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-06 02:38 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 02:37 - 2014-07-03 20:52 - 00000000 ____D () C:\AdwCleaner
2014-10-06 02:28 - 2012-03-22 16:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-06 02:07 - 2014-07-03 22:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 02:00 - 2013-11-03 04:21 - 00000000 ____D () C:\Users\User\Desktop\Acid-Projekte
2014-10-06 01:37 - 2012-08-22 11:18 - 00000000 ____D () C:\Users\User\Desktop\GB
2014-10-05 21:09 - 2014-08-12 14:34 - 00130920 _____ () C:\Users\User\Documents\Record Take 36.sfk
2014-10-05 19:56 - 2010-11-20 23:01 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 01:27 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-05 01:21 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-05 01:19 - 2009-07-14 04:03 - 40632320 _____ () C:\Windows\system32\config\software.bak
2014-10-05 01:19 - 2009-07-14 04:03 - 18087936 _____ () C:\Windows\system32\config\system.bak
2014-10-05 01:19 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-10-05 01:19 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-10-05 01:19 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-30 15:08 - 2012-08-06 17:31 - 00000000 ____D () C:\Users\User\Desktop\Verkäufe
2014-09-30 12:25 - 2014-01-28 19:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-30 12:25 - 2013-02-20 13:57 - 00000000 ____D () C:\Program Files\Java
2014-09-29 02:27 - 2014-08-07 01:50 - 00000000 ____D () C:\Users\User\Desktop\alegtrick
2014-09-26 08:24 - 2013-09-05 12:00 - 00000000 ____D () C:\Users\User\Desktop\Schule
2014-09-25 19:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-24 22:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 21:31 - 2012-05-22 17:34 - 00000851 _____ () C:\Users\User\Desktop\checkthatout.txt
2014-09-19 08:54 - 2013-04-27 13:44 - 00001021 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-09-19 08:54 - 2013-04-27 13:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 21:25 - 2012-05-02 19:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-09-16 03:25 - 2013-04-16 12:34 - 01259503 _____ () C:\Users\User\Desktop\Vorlage.KD
2014-09-15 10:46 - 2014-08-10 14:13 - 00000000 ____D () C:\Users\User\Documents\GBAIR14
2014-09-15 09:06 - 2011-10-11 23:11 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 22:56 - 2014-06-14 13:00 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-09-10 22:56 - 2012-03-22 17:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-10 11:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 03:13 - 2013-08-15 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:07 - 2014-05-07 23:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 03:07 - 2011-10-11 23:10 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\avgnt.exe
C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgjynrm.dll
C:\Users\User\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:55

==================== End Of Log ============================

--- --- ---

schrauber · 06.10.2014, 18:35

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

geeero · 07.10.2014, 11:05

ESET Logfile:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=58b472f1bf999149b3bb8feb17562977
# engine=20472
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-07 01:19:53
# local_time=2014-10-07 03:19:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 180026 157143967 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 50235 164275984 0 0
# scanned=132817
# found=1
# cleaned=0
# scan_time=3679
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Documents\KameraSony\Sony_Cyber-shot_DSC-F707_Treiber_Update_03-2014.exe"

Security Check txt:

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
JavaFX 2.1.1
Java 7 Update 60
Java version out of Date!
Adobe Flash Player 11.5.502.146 Flash Player out of Date!
Adobe Reader 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Frisches FRST:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
Ran by User (administrator) on USER-PC on 07-10-2014 11:49:20
Running from C:\Users\User\Desktop\scan\FRST-OlderVersion
Loaded Profile: User (Available profiles: User & Matthis)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-202807160-4012287017-4108981099-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-202807160-4012287017-4108981099-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-202807160-4012287017-4108981099-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E8597AE2308CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p7bjhlk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin: @fluxdvd.com/NPAPIX -> C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF Plugin: @fluxdvd.com/NPFluxBrowserHelper -> C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF Plugin: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll No File
FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{400F0BDB-6C49-43A4-BE1F-76D7327A604D}] - C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla
FF Extension: fluxDVD Download Manager - C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2012-03-22]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.drumdoktor.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll No File
CHR Plugin: (Active Process Information eXchange) - C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
CHR Plugin: (fluxDVD) - C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
CHR Plugin: (NPMPDRM License Acquisition Plugin) - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR CustomProfile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-28]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-28]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-23] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-07-25] (Intel Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-07-25] (Intel Corporation) [File not signed]
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-09-29] (Protect Software GmbH) [File not signed]
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1882624 2011-02-08] (Atheros Communications, Inc.) [File not signed]
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2013-06-28] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [25856 2010-10-08] (Huawei Tech. Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-06] (Malwarebytes Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [83496 2007-11-02] (MCCI Corporation)
S3 s217mdfl; C:\Windows\System32\DRIVERS\s217mdfl.sys [15016 2007-11-02] (MCCI Corporation)
S3 s217mdm; C:\Windows\System32\DRIVERS\s217mdm.sys [109992 2007-11-02] (MCCI Corporation)
S3 s217nd5; C:\Windows\System32\DRIVERS\s217nd5.sys [24872 2007-11-02] (MCCI Corporation)
S3 s217obex; C:\Windows\System32\DRIVERS\s217obex.sys [100008 2007-11-02] (MCCI Corporation)
S3 s217unic; C:\Windows\System32\DRIVERS\s217unic.sys [105896 2007-11-02] (MCCI)
R1 SSHDRV84; C:\Windows\system32\drivers\SSHDRV84.sys [76800 2013-03-18] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-15] (Avira GmbH)
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 jgameenp; \??\C:\Users\User\AppData\Local\Temp\jgameenp.sys [X]
S3 RTL2832UBDA; system32\drivers\RTL2832UBDA.sys [X]
S3 RTL2832UUSB; System32\Drivers\RTL2832UUSB.sys [X]
S3 RTL2832U_IRHID; system32\DRIVERS\RTL2832U_IRHID.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 01:01 - 2014-10-07 01:05 - 00001853 _____ () C:\Users\User\Desktop\YUJubilee.txt
2014-10-07 00:45 - 2014-10-07 00:45 - 26787292 _____ () C:\Users\User\Desktop\Bandinfo.KD
2014-10-06 23:09 - 2014-10-06 23:12 - 00000000 ____D () C:\Users\User\Desktop\Bube,Dame,König,Gras
2014-10-06 02:50 - 2014-10-06 02:50 - 00000000 ____D () C:\Windows\ERUNT
2014-10-06 01:55 - 2014-10-06 01:55 - 00000000 ____D () C:\Users\User\Desktop\GBsessionMP3
2014-10-05 22:11 - 2014-10-05 22:21 - 00176008 _____ () C:\Users\User\Documents\Record Take 49.sfk
2014-10-05 22:11 - 2014-10-05 22:21 - 00119820 _____ () C:\Users\User\Documents\Record Take 48.sfk
2014-10-05 22:01 - 2014-10-05 22:05 - 45051910 _____ () C:\Users\User\Documents\Record Take 49.wav
2014-10-05 21:58 - 2014-10-05 22:01 - 30664272 _____ () C:\Users\User\Documents\Record Take 48.wav
2014-10-05 21:57 - 2014-10-05 22:21 - 00158828 _____ () C:\Users\User\Documents\Record Take 47.sfk
2014-10-05 21:54 - 2014-10-05 21:57 - 40652686 _____ () C:\Users\User\Documents\Record Take 47.wav
2014-10-05 21:53 - 2014-10-05 22:21 - 00056832 _____ () C:\Users\User\Documents\Record Take 46.sfk
2014-10-05 21:51 - 2014-10-05 22:21 - 00227548 _____ () C:\Users\User\Documents\Record Take 42.sfk
2014-10-05 21:51 - 2014-10-05 22:21 - 00176604 _____ () C:\Users\User\Documents\Record Take 44.sfk
2014-10-05 21:51 - 2014-10-05 22:21 - 00174076 _____ () C:\Users\User\Documents\Record Take 43.sfk
2014-10-05 21:51 - 2014-10-05 21:53 - 14536098 _____ () C:\Users\User\Documents\Record Take 46.wav
2014-10-05 21:46 - 2014-10-05 21:50 - 45204906 _____ () C:\Users\User\Documents\Record Take 44.wav
2014-10-05 21:41 - 2014-10-05 21:45 - 44557730 _____ () C:\Users\User\Documents\Record Take 43.wav
2014-10-05 21:35 - 2014-10-05 21:40 - 58250066 _____ () C:\Users\User\Documents\Record Take 42.wav
2014-10-05 21:34 - 2014-10-05 22:21 - 00186744 _____ () C:\Users\User\Documents\Record Take 41.sfk
2014-10-05 21:30 - 2014-10-05 21:34 - 47801254 _____ () C:\Users\User\Documents\Record Take 41.wav
2014-10-05 21:29 - 2014-10-05 22:21 - 00169320 _____ () C:\Users\User\Documents\Record Take 40.sfk
2014-10-05 21:25 - 2014-10-05 21:29 - 43340030 _____ () C:\Users\User\Documents\Record Take 40.wav
2014-10-05 20:56 - 2014-10-05 21:09 - 00146420 _____ () C:\Users\User\Documents\Record Take 38.sfk
2014-10-05 20:53 - 2014-10-05 20:56 - 37475490 _____ () C:\Users\User\Documents\Record Take 38.wav
2014-10-05 20:52 - 2014-10-05 21:09 - 00218864 _____ () C:\Users\User\Documents\Record Take 37.sfk
2014-10-05 20:47 - 2014-10-05 20:52 - 56025510 _____ () C:\Users\User\Documents\Record Take 37.wav
2014-10-05 20:43 - 2014-10-05 21:09 - 00171748 _____ () C:\Users\User\Documents\Record Take 35.sfk
2014-10-05 20:43 - 2014-10-05 20:46 - 33507308 _____ () C:\Users\User\Documents\Record Take 36.wav
2014-10-05 20:39 - 2014-10-05 20:43 - 43961534 _____ () C:\Users\User\Documents\Record Take 35.wav
2014-10-05 20:38 - 2014-10-05 21:09 - 00163176 _____ () C:\Users\User\Documents\Record Take 34.sfk
2014-10-05 20:34 - 2014-10-05 21:03 - 00023740 _____ () C:\Users\User\Documents\Record Take 33.sfk
2014-10-05 20:34 - 2014-10-05 20:38 - 41766910 _____ () C:\Users\User\Documents\Record Take 34.wav
2014-10-05 20:33 - 2014-10-05 20:34 - 06062134 _____ () C:\Users\User\Documents\Record Take 33.wav
2014-10-05 20:31 - 2014-10-05 21:09 - 00172396 _____ () C:\Users\User\Documents\Record Take 32.sfk
2014-10-05 20:26 - 2014-10-05 20:31 - 44127558 _____ () C:\Users\User\Documents\Record Take 32.wav
2014-10-05 20:22 - 2014-10-05 21:09 - 00141292 _____ () C:\Users\User\Documents\Record Take 31.sfk
2014-10-05 20:19 - 2014-10-05 20:22 - 36162442 _____ () C:\Users\User\Documents\Record Take 31.wav
2014-10-05 18:24 - 2014-10-05 18:25 - 00036760 _____ () C:\Users\User\Documents\Record Take 21.sfk
2014-10-05 18:23 - 2014-10-05 18:24 - 09395884 _____ () C:\Users\User\Documents\Record Take 21.wav
2014-10-05 18:16 - 2014-10-05 18:18 - 00045620 _____ () C:\Users\User\Documents\Record Take 17.sfk
2014-10-05 18:15 - 2014-10-05 18:16 - 11665550 _____ () C:\Users\User\Documents\Record Take 17.wav
2014-10-05 18:12 - 2014-10-05 18:14 - 00034528 _____ () C:\Users\User\Documents\Record Take 13.sfk
2014-10-05 18:11 - 2014-10-05 18:12 - 08824558 _____ () C:\Users\User\Documents\Record Take 13.wav
2014-10-05 16:24 - 2014-10-05 16:24 - 00000000 ____D () C:\Users\User\Desktop\Dalida
2014-10-05 01:27 - 2014-10-05 01:27 - 00016643 _____ () C:\ComboFix.txt
2014-10-05 01:05 - 2014-10-05 01:27 - 00000000 ____D () C:\Qoobox
2014-10-05 01:05 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-05 01:05 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-05 01:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-05 01:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-05 01:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-05 01:05 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-05 01:05 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-05 01:05 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-05 01:04 - 2014-10-05 01:24 - 00000000 ____D () C:\Windows\erdnt
2014-10-02 16:46 - 2014-10-07 11:39 - 00000000 ____D () C:\Users\User\Desktop\scan
2014-10-02 16:30 - 2014-10-07 11:49 - 00000000 ____D () C:\FRST
2014-10-02 10:01 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 12:26 - 2014-09-30 12:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Oracle
2014-09-30 12:25 - 2014-09-30 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-30 12:25 - 2014-09-30 12:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-30 12:25 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-30 12:25 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-30 12:25 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-30 12:25 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-30 12:24 - 2014-09-30 12:25 - 00004274 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-30 12:03 - 2014-10-06 02:38 - 00001162 _____ () C:\Windows\PFRO.log
2014-09-30 11:31 - 2014-09-30 11:31 - 00283456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-29 23:25 - 2014-10-06 11:07 - 00001794 _____ () C:\Windows\setupact.log
2014-09-29 23:25 - 2014-09-29 23:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-29 23:14 - 2014-09-29 23:14 - 00061208 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-27 12:05 - 2014-10-02 16:11 - 00000000 ____D () C:\Users\User\Desktop\BühneYU
2014-09-27 03:23 - 2014-10-01 21:16 - 00003529 _____ () C:\Users\User\Desktop\Antje.txt
2014-09-26 10:16 - 2014-09-26 10:16 - 00000000 ____D () C:\Users\User\Desktop\CheersBro
2014-09-25 21:40 - 2014-09-25 21:40 - 00000000 ____D () C:\Users\User\Desktop\RespektRockt
2014-09-24 15:08 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-11 20:52 - 2014-10-01 19:32 - 00000000 ____D () C:\Users\User\Desktop\Unbekannter Interpret
2014-09-10 12:32 - 2014-09-10 12:32 - 00000000 ____D () C:\Win7 Beta Driver
2014-09-10 12:31 - 2014-09-10 12:31 - 00000000 ____D () C:\Utility
2014-09-10 12:21 - 2014-09-10 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2014-09-10 12:20 - 2013-06-28 14:49 - 01570304 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athur.sys
2014-09-10 12:20 - 2013-06-28 14:49 - 01570304 _____ (Atheros Communications, Inc.) C:\Windows\system32\athur.sys
2014-09-10 12:20 - 2013-06-28 14:49 - 00007514 _____ () C:\Windows\system32\athurext.cat
2014-09-10 12:19 - 2014-09-10 12:19 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-09-10 03:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:14 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:14 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 03:14 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:14 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 03:13 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 02:52 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 02:52 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 02:51 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 02:51 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 02:51 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 02:51 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 11:49 - 2012-03-24 15:04 - 01112650 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 11:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-10-07 11:28 - 2012-03-22 16:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 01:53 - 2010-11-20 23:01 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 01:08 - 2013-09-05 12:00 - 00000000 ____D () C:\Users\User\Desktop\Schule
2014-10-07 00:45 - 2012-08-22 11:18 - 00000000 ____D () C:\Users\User\Desktop\GB
2014-10-06 13:28 - 2012-03-22 16:01 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 11:14 - 2009-07-14 06:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 11:14 - 2009-07-14 06:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 11:11 - 2013-04-27 13:44 - 00000000 ___RD () C:\Users\User\Dropbox
2014-10-06 11:11 - 2013-04-27 13:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-10-06 11:07 - 2012-04-28 18:10 - 00458752 _____ () C:\Windows\system32\Ikeext.etl
2014-10-06 11:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 02:37 - 2014-07-03 20:52 - 00000000 ____D () C:\AdwCleaner
2014-10-06 02:07 - 2014-07-03 22:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 02:00 - 2013-11-03 04:21 - 00000000 ____D () C:\Users\User\Desktop\Acid-Projekte
2014-10-05 21:09 - 2014-08-12 14:34 - 00130920 _____ () C:\Users\User\Documents\Record Take 36.sfk
2014-10-05 01:27 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-05 01:21 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-05 01:19 - 2009-07-14 04:03 - 40632320 _____ () C:\Windows\system32\config\software.bak
2014-10-05 01:19 - 2009-07-14 04:03 - 18087936 _____ () C:\Windows\system32\config\system.bak
2014-10-05 01:19 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-10-05 01:19 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-10-05 01:19 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-30 15:08 - 2012-08-06 17:31 - 00000000 ____D () C:\Users\User\Desktop\Verkäufe
2014-09-30 12:25 - 2014-01-28 19:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-30 12:25 - 2013-02-20 13:57 - 00000000 ____D () C:\Program Files\Java
2014-09-29 02:27 - 2014-08-07 01:50 - 00000000 ____D () C:\Users\User\Desktop\alegtrick
2014-09-25 19:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-24 22:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 21:31 - 2012-05-22 17:34 - 00000851 _____ () C:\Users\User\Desktop\checkthatout.txt
2014-09-19 08:54 - 2013-04-27 13:44 - 00001021 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-09-19 08:54 - 2013-04-27 13:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 21:25 - 2012-05-02 19:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-09-16 03:25 - 2013-04-16 12:34 - 01259503 _____ () C:\Users\User\Desktop\Vorlage.KD
2014-09-15 10:46 - 2014-08-10 14:13 - 00000000 ____D () C:\Users\User\Documents\GBAIR14
2014-09-15 09:06 - 2011-10-11 23:11 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 20:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 22:56 - 2014-06-14 13:00 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-09-10 22:56 - 2012-03-22 17:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-10 11:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 03:13 - 2013-08-15 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:07 - 2014-05-07 23:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 03:07 - 2011-10-11 23:10 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\avgnt.exe
C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8seoi_.dll
C:\Users\User\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 13:18

==================== End Of Log ============================

--- --- ---

Frische Addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-10-2014 01
Ran by User at 2014-10-07 11:50:46
Running from C:\Users\User\Desktop\scan\FRST-OlderVersion
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Ace of WAV (HKLM\...\Ace of WAV) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
cars2 (HKLM\...\{FF10D622-7BFE-48C6-8DF6-40D8CB1D3C1B}) (Version: 1.00.0000 - Disney Interactive Studios)
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HUAWEI DataCard Driver 4.22.19.00 (HKLM\...\HUAWEI DataCard Driver) (Version: 4.22.19.00 - Huawei technologies Co., Ltd.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 8.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.6.0 - )
Kronen-Design 1.10 (HKLM\...\Kronen-Design 1.10_is1) (Version: - )
Kronen-Design 1.77 (HKLM\...\Kronen-Design_is1) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
mDriver (Version: 9.24.0000 - Intel) Hidden
mHelp (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2000 SR-1 Small Business (HKLM\...\{00030407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
Modem-Diagnose-Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
mWMI (Version: 9.24.0000 - Intel Corporation) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Shockwave (HKLM\...\Shockwave) (Version: - )
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Sonic Foundry ACID 4.0 (HKLM\...\{2A38B5AA-EA84-4F87-9937-2FB23982243A}) (Version: 4.0.215 - Sonic Foundry)
Sonic Foundry Sound Forge 6.0e (HKLM\...\{B3DE6A9E-1FD0-4208-92F4-EC9004E34774}) (Version: 6.0.237 - Sonic Foundry)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Test Tone Generator 4.4 (HKLM\...\A9CD4C7D-6D93-4B56-A226-1D28DB060A87_is1) (Version: - Timo Esser)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
winLAME 2010 beta 1 (HKLM\...\{63C16E81-327C-49B6-9643-4F5EFD8A6B2D}) (Version: 1.0.2010.1 - Michael Fink)
WM Converter 2.0 (HKLM\...\WM Converter 2.0) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-202807160-4012287017-4108981099-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

07-10-2014 01:47:57 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {67B17EBC-79F0-4738-9EA8-A056FD80258C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: {84F5DE67-9EC3-40B7-A515-04DEEE888EBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-22] (Google Inc.)
Task: {8CA8E105-B78D-4C82-9957-A927D204FF90} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C83813FA-300A-4C7C-B827-1B1054EBD647} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-04-25 11:55 - 2007-04-25 11:55 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-07-25 17:25 - 2007-07-25 17:25 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2012-04-25 19:39 - 2012-03-22 19:58 - 06593993 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll
2012-04-25 19:39 - 2012-03-22 19:58 - 00207835 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll
2012-04-25 19:39 - 2012-03-22 20:00 - 03471360 _____ () C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
2012-04-25 19:39 - 2012-03-22 19:58 - 00374115 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
2012-04-25 19:39 - 2012-03-22 19:58 - 00143974 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avfilter-lav-2.dll
2014-10-06 11:11 - 2014-10-06 11:11 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8seoi_.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
2012-04-25 19:39 - 2012-03-22 19:58 - 01183264 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avformat-lav-54.dll
2012-04-25 19:39 - 2012-03-22 19:58 - 00172032 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\libbluray.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\Users\User\Desktop\2008-07-27 05.14.55.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-202807160-4012287017-4108981099-500 - Administrator - Disabled)
Gast (S-1-5-21-202807160-4012287017-4108981099-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-202807160-4012287017-4108981099-1004 - Limited - Enabled)
Matthis (S-1-5-21-202807160-4012287017-4108981099-1002 - Limited - Enabled) => C:\Users\Matthis
User (S-1-5-21-202807160-4012287017-4108981099-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2014 11:08:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (10/06/2014 09:03:36 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error: (10/06/2014 09:03:13 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.1.80
registriert werden. Der Computer mit IP-Adresse 10.0.1.96 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/06/2014 08:46:28 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NONAME-E135",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{EDD4EE35-45FC-40AC-BA89-BB0FAF-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (10/06/2014 07:40:06 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Microsoft Office Sessions:
=========================
Error: (10/06/2014 11:08:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 560 @ 2.13GHz
Percentage of memory in use: 55%
Total physical RAM: 2038.04 MB
Available physical RAM: 911.15 MB
Total Pagefile: 4076.09 MB
Available Pagefile: 2547.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.42 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:48.83 GB) (Free:18.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:62.96 GB) (Free:19.04 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:3.71 GB) (Free:0.05 GB) FAT32
Drive h: (HP_RECOVERY) (Fixed) (Total:6.2 GB) (Free:0.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (Musik/Backup) (Fixed) (Total:66.77 GB) (Free:2.95 GB) NTFS
Drive j: (OS_TOOLS) (Fixed) (Total:1.55 GB) (Free:1.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 000CFB8F)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=63 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 74.5 GB) (Disk ID: C024ECFB)
Partition 1: (Active) - (Size=66.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

So, erstmal vielen Dank für die Hilfe, ich melde mich nochmal, wenn alles läuft.
Wie beim Doktor: "Was hat er denn nun gehabt?"
Grüsse

schrauber · 07.10.2014, 20:32

Java, Flash und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicyUsers\S-1-5-21-202807160-4012287017-4108981099-1002\User: Group Policy restriction detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

geeero · 08.10.2014, 20:21

Hallo Schrauber, ich werde in den kommenden Tagen alles mal checken und mich nochmal melden, wie's gelaufen ist. Vielen Dank für deine Mühe und die Tips am Rande!

Letztes FRST:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-10-2014 01
Ran by User at 2014-10-08 13:59:51 Run:2
Running from C:\Users\User\Desktop\scan
Loaded Profile: User (Available profiles: User & Matthis)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-202807160-4012287017-4108981099-1002\User: Group Policy restriction detected <======= ATTENTION
*****************

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-202807160-4012287017-4108981099-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

Hallo Schrauber, nach einigem hin und her hier nun die hoffentlich letzte Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-10-2014 01
Ran by User at 2014-10-08 21:15:09 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User & Matthis)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-202807160-4012287017-4108981099-1002\User: Group Policy restriction detected <======= ATTENTION
*****************

"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-202807160-4012287017-4108981099-1002\User" => File/Directory not found.

==== End of Fixlog ====

und noch den DelFix.txt:

# DelFix v10.8 - Datei am 08/10/2014 um 20:47:06 erstellt
# Aktualisiert am 29/07/2014 von Xplode
# Benutzer : User - USER-PC
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\Qoobox
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\User\Desktop\uninstall.exe.exe
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Windows\grep.exe
Gelöscht : C:\Windows\PEV.exe
Gelöscht : C:\Windows\NIRCMD.exe
Gelöscht : C:\Windows\MBR.exe
Gelöscht : C:\Windows\SED.exe
Gelöscht : C:\Windows\SWREG.exe
Gelöscht : C:\Windows\SWSC.exe
Gelöscht : C:\Windows\SWXCACLS.exe
Gelöscht : C:\Windows\Zip.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #344 [Removed TP-LINK Wireless Configuration Utility and Driver | 10/08/2014 13:18:12]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

Combofix hat sich nicht von alleine verzogen, da musste ich nachhelfen. Ich hoffe, das war's. Vielen Dank für deine Hilfe, ich halt mich an Mozilla und deine tips zu den add-ons. Grüsse ins Netz, Gero

schrauber · 09.10.2014, 19:50

Gern Geschehen

09.10.2014, 19:50	#12
schrauber /// the machine /// TB-Ausbilder	Avira Desktop lässt sich nicht öffnen/aktivieren Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Avira Desktop lässt sich nicht öffnen/aktivieren

Antiviren-, Firewall- und andere Schutzprogramme: Avira Desktop lässt sich nicht öffnen/aktivieren