PUP.Optional.Astromenda.A, ~Updater.A und ~FramedDisplay.A sind nicht zu löschen

Böni · 21.10.2014, 11:05

Hallo liebes Trojaner-Team,

monatelang dank Malwarebytes Anti-Malware und Hitman Pro und Avast und Co sauber, dann ein falscher Download-Klick und alles ist im Chaos versunken.
Obwohl Malewarebytes alles in Quarantäne stellt, zeigt jeder neue Durchlauf die alten Fehlerquellen erneut an. Ich brauche wohl eure bewährte Hilfe, den Rechner wieder clean zu bekommen.

Unten das letzte Protokoll von Malwarebytes Anti-Malware zur Info.

MfG
Böni

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 21.10.2014
Suchlauf-Zeit: 11:08:48
Logdatei: malware_protokoll_14_10_21_1.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.10.21.03
Rootkit Datenbank: v2014.10.20.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Aktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: XXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 514951
Verstrichene Zeit: 34 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe, 500, , [0d4ac55257252e08ff217b4c38c958a8]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 21
PUP.Optional.FramedDisplay.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Framed Display, , [0d4ac55257252e08ff217b4c38c958a8], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{05b5ef3f-4c6a-426e-b77e-48ebb3e721f1}, , [50071dfa344896a0be61ecdb51b02bd5], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{a6ceb2de-65f7-46fe-89da-446dd487f293}, , [50071dfa344896a0be61ecdb51b02bd5], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5B81129C-6563-411B-A509-6BBB01EC25FF}, , [50071dfa344896a0be61ecdb51b02bd5], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5B81129C-6563-411B-A509-6BBB01EC25FF}, , [50071dfa344896a0be61ecdb51b02bd5], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{a6ceb2de-65f7-46fe-89da-446dd487f293}, , [50071dfa344896a0be61ecdb51b02bd5], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{05B5EF3F-4C6A-426E-B77E-48EBB3E721F1}, , [50071dfa344896a0be61ecdb51b02bd5], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Framed Display, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, , [c98ed542ec9096a022245ebec2416f91], 
PUP.Optional.Astromenda.A, HKU\S-1-5-21-3047158342-991607282-2163248425-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_astromenda, , [0156d4430b71280e4105dd478b78649c], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3047158342-991607282-2163248425-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [e96e8592e795290d01ecbb9856add729], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3047158342-991607282-2163248425-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [61f6cf48bfbde84eba860862020234cc], 
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Astromenda, , [da7d080fd8a472c46ec55cb542c1926e], 

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3047158342-991607282-2163248425-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1K1J1N2U0R1O1F, , [61f6cf48bfbde84eba860862020234cc]

Registrierungsdaten: 1
PUP.Optional.Astromenda.A, HKU\S-1-5-21-3047158342-991607282-2163248425-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://astromenda.com/?f=1&a=ast_ggfc_14_43_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0B0FzztBtCzy0CtGyEyEtB0AtGyByC0EtCtGzytB0DyEtGtCzy0AyE0C0Czy0AyC0DtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtCyEzzzztAtGtD0DyEyDtGyEtAtB0EtGzyyDzy0AtGtByC0DyCyBzytByB0B0EzyyD2Q&cr=1953599297&ir=, Gut: (www.google.com), Schlecht: (hxxp://astromenda.com/?f=1&a=ast_ggfc_14_43_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0B0FzztBtCzy0CtGyEyEtB0AtGyByC0EtCtGzytB0DyEtGtCzy0AyE0C0Czy0AyC0DtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtCyEzzzztAtGtD0DyEyDtGyEtAtB0EtGzyyDzy0AtGtByC0DyCyBzytByB0B0EzyyD2Q&cr=1953599297&ir=),,[4314d93ed3a93ef896aa1e0a1de826da]

Ordner: 13
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\TEMP, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.Updater.A, C:\Users\Bernd\AppData\Roaming\DigitalSites\UpdateProc, , [cd8a59becfad092d912e2be00201748c], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, , [da7d080fd8a472c46ec55cb542c1926e], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\bh, , [da7d080fd8a472c46ec55cb542c1926e], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS, , [da7d080fd8a472c46ec55cb542c1926e], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\WSE_Astromenda, , [bc9b0f08502cc96dc6860011986b4eb2], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5, , [bc9b0f08502cc96dc6860011986b4eb2], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\WSE_Astromenda\UpdateProc, , [bc9b0f08502cc96dc6860011986b4eb2], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs, , [a9ae0a0dfd7ff73f0693071115ee44bc], 

Dateien: 60
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe, , [0d4ac55257252e08ff217b4c38c958a8], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplaybho.dll, , [50071dfa344896a0be61ecdb51b02bd5], 
PUP.Optional.InstalLCore, C:\Users\Bernd\AppData\Local\temp\is1242154493\17996561_stp.EXE, , [82d56aada8d4bd799ca55daa2cd958a8], 
PUP.Optional.BPlug, C:\Users\Bernd\AppData\Local\temp\is1242154493\17996932_stp.EXE, , [be995bbcabd1f73fafdc863951b0f010], 
PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, , [2d2a9186443861d53ec98696bc47a759], 
PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_Astromenda.job, , [b4a370a783f9f640050378a4ff046f91], 
PUP.Optional.Astromenda, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\searchplugins\Astromenda.xml, , [2037d542afcdd2649267e93bc142e917], 
PUP.Optional.Astromenda, C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\6p6z0btk.default-1398166762451\searchplugins\Astromenda.xml, , [6fe8d344f983f3437f7ae4402cd725db], 
PUP.Optional.Astromenda, C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\ugxwq37m.default\searchplugins\Astromenda.xml, , [25329a7d790350e6a3569a8a0ef55ca4], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplay.ico, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\0, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\7za.exe, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\FramedDisplayUninstall.exe, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\updateFramedDisplay.InstallState, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\7012eec14f3742d4a2cd.dll, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\7012eec14f3742d4a2cd64.dll, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\7za.exe, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\BrowserAdapter.7z, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter64.exe, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.PurBrowse64.exe, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\FramedDisplay.PurBrowseG.zip, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\sqlite3.dll, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.InstallState, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\{7012eec1-4f37-42d4-a2cd-26727494d248}.dll, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\{7012eec1-4f37-42d4-a2cd-26727494d248}64.dll, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.BrowserAdapter.dll, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.FFUpdate.dll, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.GCUpdate.dll, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.IEUpdate.dll, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.FramedDisplay.A, C:\Program Files (x86)\Framed Display\bin\plugins\FramedDisplay.PurBrowseG.dll, , [6aed1ef9ee8e67cfca9c256a758f9f61], 
PUP.Optional.Updater.A, C:\Users\Bernd\AppData\Roaming\DigitalSites\UpdateProc\bkup.dat, , [cd8a59becfad092d912e2be00201748c], 
PUP.Optional.Updater.A, C:\Users\Bernd\AppData\Roaming\DigitalSites\UpdateProc\config.dat, , [cd8a59becfad092d912e2be00201748c], 
PUP.Optional.Updater.A, C:\Users\Bernd\AppData\Roaming\DigitalSites\UpdateProc\info.dat, , [cd8a59becfad092d912e2be00201748c], 
PUP.Optional.Updater.A, C:\Users\Bernd\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, , [cd8a59becfad092d912e2be00201748c], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\FavIcon.ico, , [da7d080fd8a472c46ec55cb542c1926e], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\Sqlite3.dll, , [da7d080fd8a472c46ec55cb542c1926e], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninst.dat, , [da7d080fd8a472c46ec55cb542c1926e], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninstall.exe, , [da7d080fd8a472c46ec55cb542c1926e], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\Sqlite3.dll, , [da7d080fd8a472c46ec55cb542c1926e], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5\ctr.ico, , [bc9b0f08502cc96dc6860011986b4eb2], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat, , [bc9b0f08502cc96dc6860011986b4eb2], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, , [bc9b0f08502cc96dc6860011986b4eb2], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, , [bc9b0f08502cc96dc6860011986b4eb2], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav-groups, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\favs##265bb01d078949b9d3b0ca786b1024d4, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\05a6b67e18b4a34ef0b3993a568280f0, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\13ddb1c7092f0b55e0fec387b68a9900, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\23b827170d8476fea82803c47587d38a, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\477df36d9244ffa3d339c30a475c7342, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\6289834cfb3782d09f133b2e8cf23078, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\aafbdae97bc721d1f89e075ec789885e, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\b1f0fae6606010b6dc130113d9370147, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\b6cde3ca4b4d3102bcc79de7bdffb39c, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\cb384bf303175031f378e5f7d9793f3d, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\d60d346467eb23ad3de8434f664b6c63, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\d8b06f3831087821c3a34a14ffbfc3d2, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\e236c9b26e928e3662e83df7563cdd6b, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\astrmndant\fav_thumbs\ec01daa48930fc1892183916ceaafcee, , [a9ae0a0dfd7ff73f0693071115ee44bc], 
PUP.Optional.Astromenda.A, C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\6p6z0btk.default-1398166762451\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_ggfc_14_43_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0B0FzztBtCzy0CtGyEyEtB0AtGyByC0EtCtGzytB0DyEtGtCzy0AyE0C0Czy0AyC0DtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtCyEzzzztAtGtD0DyEyDtGyEtAtB0EtGzyyDzy0AtGtByC0DyCyBzytByB0B0EzyyD2Q&cr=1953599297&ir=");), ,[32254ccb700cab8bb59984d632d32ed2]
PUP.Optional.Astromenda.A, C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\ugxwq37m.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_ggfc_14_43_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0B0FzztBtCzy0CtGyEyEtB0AtGyByC0EtCtGzytB0DyEtGtCzy0AyE0C0Czy0AyC0DtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtCyEzzzztAtGtD0DyEyDtGyEtAtB0EtGzyyDzy0AtGtByC0DyCyBzytByB0B0EzyyD2Q&cr=1953599297&ir=");), ,[3b1c35e281fb76c04a0471e916ef9c64]

Physische Sektoren: 0
(No malicious items detected)


(end)

schrauber · 21.10.2014, 11:08

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Böni · 21.10.2014, 12:24

Hallo schrauber,

danke für die schnelle Hilfe!
Hier die LOG's:

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Bernd (administrator) on B-AZO-N on 21-10-2014 13:21:32
Running from C:\Users\Bernd\Downloads
Loaded Profiles: Bernd & Arbeitskonto Bernd (Available profiles: Bernd & Arbeitskonto Bernd & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
() C:\Windows\System32\WTMKM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Ashampoo Media GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() C:\Windows\System32\atwtusb.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Windows\System32\atwtusb.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\System32\WTMKM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MacrokeyManager] => C:\Windows\system32\WTMKM.exe [7329792 2011-06-01] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2005-05-23] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-12-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3047158342-991607282-2163248425-1006\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
HKU\S-1-5-21-3047158342-991607282-2163248425-1370\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe [3860304 2013-10-29] (Ashampoo Media GmbH & Co. KG)
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zenimax-Startprogramm.lnk
ShortcutTarget: Zenimax-Startprogramm.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe (ZeniMax Online Studios)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0120EC90DE5BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_43_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0B0FzztBtCzy0CtGyEyEtB0AtGyByC0EtCtGzytB0DyEtGtCzy0AyE0C0Czy0AyC0DtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtCyEzzzztAtGtD0DyEyDtGyEtAtB0EtGzyyDzy0AtGtByC0DyCyBzytByB0B0EzyyD2Q&cr=1953599297&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_43_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0B0FzztBtCzy0CtGyEyEtB0AtGyByC0EtCtGzytB0DyEtGtCzy0AyE0C0Czy0AyC0DtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtCyEzzzztAtGtD0DyEyDtGyEtAtB0EtGzyyDzy0AtGtByC0DyCyBzytByB0B0EzyyD2Q&cr=1953599297&ir=
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites03_14_21_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0SzzyByEtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0E0C0EtC0F0B0EtG0Dzz0CtCtGyE0FyDtCtGyB0D0FtAtGtB0F0ByE0CyC0DyDtD0FyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0B0Fzzzzzz0D0CtGyD0A0AtDtGyB0ByDyEtGyEtCzzzytGyC0C0CtA0FyC0AtC0EzztByC2Q&cr=1142247483&ir=
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_43_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0B0FzztBtCzy0CtGyEyEtB0AtGyByC0EtCtGzytB0DyEtGtCzy0AyE0C0Czy0AyC0DtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtCyEzzzztAtGtD0DyEyDtGyEtAtB0EtGzyyDzy0AtGtByC0DyCyBzytByB0B0EzyyD2Q&cr=1953599297&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites03_14_21_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0SzzyByEtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0E0C0EtC0F0B0EtG0Dzz0CtCtGyE0FyDtCtGyB0D0FtAtGtB0F0ByE0CyC0DyDtD0FyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0B0Fzzzzzz0D0CtGyD0A0AtDtGyB0ByDyEtGyEtCzzzytGyC0C0CtA0FyC0AtC0EzztByC2Q&cr=1142247483&ir=
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @numfum.com/JSJS,version=0.6.3.1 -> C:\Program Files (x86)\Joystick Plugin\npjoystick.dll (Numfum Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npjoystick.dll (Numfum Ltd)
FF SearchPlugin: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-27]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-21]

Chrome: 
=======
CHR StartupUrls: Default -> "https://de.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-11]
CHR Extension: (Google Drive) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-11]
CHR Extension: (Google-Suche) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-11]
CHR Extension: (avast! Online Security) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-11]
CHR Extension: (Google Wallet) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-11]
CHR Extension: (Google Mail) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-06-27] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-11] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] () [File not signed]
R2 WTService; C:\Windows\system32\atwtusb.exe [916992 2011-04-27] () [File not signed]
S2 Util Framed Display; "C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-27] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-27] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-06-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-27] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-10-21] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 tmnsusbser; C:\Windows\System32\DRIVERS\tmnsusbser.sys [124416 2010-04-21] (Wireless Device)
S3 tmusbnet; C:\Windows\System32\DRIVERS\tmusbnet.sys [129024 2010-04-20] (QUALCOMM Incorporated)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 13:21 - 2014-10-21 13:21 - 02110976 _____ (Farbar) C:\Users\Bernd\Downloads\FRST64.exe
2014-10-21 13:21 - 2014-10-21 13:21 - 00031231 _____ () C:\Users\Bernd\Downloads\FRST.txt
2014-10-21 13:11 - 2014-10-21 13:12 - 00038487 _____ () C:\Users\Arbeitskonto Bernd\Downloads\Addition.txt
2014-10-21 13:10 - 2014-10-21 13:12 - 00049228 _____ () C:\Users\Arbeitskonto Bernd\Downloads\FRST.txt
2014-10-21 13:10 - 2014-10-21 13:10 - 02110976 _____ (Farbar) C:\Users\Arbeitskonto Bernd\Downloads\FRST64.exe
2014-10-21 11:48 - 2014-10-21 11:48 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Logishrd
2014-10-21 11:45 - 2014-10-21 11:45 - 00020586 _____ () C:\Windows\PFRO.log
2014-10-21 11:37 - 2014-10-21 11:37 - 00001422 _____ () C:\Users\Bernd\Desktop\HitmanPro_20141021_1137.log
2014-10-21 11:31 - 2014-10-21 11:31 - 00003140 _____ () C:\Windows\System32\Tasks\{CE6ADC54-06A9-4B64-BD63-A202F0D090A8}
2014-10-21 11:30 - 2014-10-21 11:30 - 17703272 _____ (Adobe Systems Inc.) C:\Users\Bernd\Downloads\AdobeAIRInstaller.exe
2014-10-21 11:12 - 2014-10-21 11:12 - 00000756 _____ () C:\Windows\LkmdfCoInst.log
2014-10-21 11:12 - 2014-10-21 11:12 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Logishrd
2014-10-21 11:11 - 2014-10-21 11:12 - 00013373 _____ () C:\Windows\LDPINST.LOG
2014-10-20 17:54 - 2014-10-21 11:46 - 00000538 _____ () C:\Windows\setupact.log
2014-10-20 17:54 - 2014-10-20 17:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-20 14:07 - 2014-10-20 14:07 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthPluginSetup (1).exe
2014-10-20 14:03 - 2014-10-20 14:03 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3 (2).exe
2014-10-20 14:03 - 2014-10-20 14:03 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3 (1).exe
2014-10-20 13:59 - 2014-10-20 13:59 - 00000000 ____D () C:\Program Files (x86)\Joystick Plugin
2014-10-20 13:58 - 2014-10-20 13:58 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3.exe
2014-10-20 13:16 - 2014-10-20 13:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\WorldofTanks
2014-10-20 13:16 - 2014-10-20 13:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Sparta
2014-10-20 13:15 - 2014-10-21 13:16 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-10-20 13:15 - 2014-10-21 11:44 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\DigitalSites
2014-10-20 13:15 - 2014-10-20 13:16 - 00003230 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-10-20 13:15 - 2014-10-20 13:15 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\1H1Q
2014-10-20 13:15 - 2014-10-20 13:15 - 00000000 ____D () C:\Users\Bernd\AppData\Local\GGEmpire
2014-10-20 13:14 - 2014-10-20 13:14 - 00712240 _____ ( ) C:\Users\Arbeitskonto Bernd\Downloads\FileOpenerSetup.exe
2014-10-20 13:12 - 2014-10-20 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-10-20 13:12 - 2014-10-20 13:12 - 00002216 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-10-20 13:11 - 2014-10-20 13:11 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthSetup.exe
2014-10-19 15:35 - 2014-10-19 15:35 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthPluginSetup.exe
2014-10-16 22:59 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 22:59 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 22:59 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 22:59 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 22:59 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 22:59 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 22:59 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 22:59 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 22:59 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 22:59 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 22:59 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 22:59 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 22:59 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 22:59 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 22:59 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 22:59 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 22:59 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 22:59 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 22:59 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 22:59 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 22:59 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 22:59 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 22:59 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 22:59 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 22:59 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 22:59 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 22:59 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 22:59 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 22:59 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 22:59 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 22:59 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 22:59 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 22:59 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 22:59 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 22:59 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 22:59 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 22:59 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 22:59 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 22:59 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 22:59 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 22:59 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 22:59 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 22:59 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 22:59 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 22:59 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 22:59 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 22:59 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 22:59 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 22:59 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 22:59 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 22:59 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 22:59 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 22:59 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 22:59 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 22:58 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 22:58 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 22:58 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 22:58 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 22:58 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 22:58 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 22:58 - 2014-08-29 04:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 22:58 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 22:58 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 22:58 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 22:58 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 22:58 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 22:58 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 22:58 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 22:58 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 22:58 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 22:58 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 22:49 - 2014-10-17 00:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-15 17:07 - 2014-10-15 17:07 - 00306160 _____ () C:\Users\Arbeitskonto Bernd\Downloads\Bartender4-4.6.1.zip
2014-10-15 17:07 - 2014-10-15 17:07 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Downloads\Bartender4-4.6.1
2014-10-14 13:12 - 2014-10-14 13:12 - 00225679 _____ () C:\Users\Bernd\Documents\report.txt
2014-10-14 13:04 - 2014-10-14 13:05 - 106224784 _____ (Flexera Software) C:\Users\Arbeitskonto Bernd\Downloads\Install_ESO(1).exe
2014-10-06 09:57 - 2014-10-13 19:25 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Awesomium
2014-10-06 09:45 - 2014-10-06 09:45 - 00002075 _____ () C:\Users\Arbeitskonto Bernd\Desktop\eso - Verknüpfung.lnk
2014-10-06 09:38 - 2014-10-06 09:38 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\Elder Scrolls Online
2014-10-06 08:13 - 2014-10-14 13:20 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Awesomium
2014-10-06 08:00 - 2014-10-06 08:00 - 00000000 ____D () C:\Users\Bernd\Documents\Elder Scrolls Online
2014-10-06 08:00 - 2014-10-06 08:00 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-10-05 20:25 - 2014-10-14 13:08 - 00001251 _____ () C:\Users\Bernd\Desktop\The Elder Scrolls Online.lnk
2014-10-05 20:25 - 2014-10-05 20:25 - 00000000 ____D () C:\Windows\jre
2014-10-05 20:25 - 2014-10-05 20:25 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2014-10-05 20:24 - 2014-10-14 13:07 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-10-05 20:24 - 2014-10-05 20:25 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2014-10-05 20:23 - 2014-10-05 20:23 - 00000000 ___HD () C:\Users\Bernd\InstallAnywhere
2014-10-05 20:21 - 2014-10-05 20:23 - 106224784 _____ (Flexera Software) C:\Users\Arbeitskonto Bernd\Downloads\Install_ESO.exe
2014-10-01 09:14 - 2014-10-01 09:15 - 03589024 _____ (Blizzard Entertainment) C:\Users\Arbeitskonto Bernd\Downloads\Diablo-III-Setup-deDE.exe
2014-10-01 07:52 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 07:52 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 10:36 - 2014-09-30 10:36 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\Diablo III
2014-09-29 22:48 - 2014-09-29 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-29 22:46 - 2014-09-30 10:35 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-28 14:22 - 2014-09-28 15:19 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\My Kindle Content
2014-09-28 14:22 - 2014-09-28 14:22 - 00002295 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Kindle.lnk
2014-09-28 14:22 - 2014-09-28 14:22 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-09-28 14:21 - 2014-09-28 14:22 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Amazon
2014-09-28 14:21 - 2014-09-28 14:21 - 38157960 _____ (Amazon.com) C:\Users\Arbeitskonto Bernd\Downloads\KindleForPC-installer.exe
2014-09-27 18:56 - 2014-10-20 13:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-27 09:22 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-27 09:22 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 13:22 - 2014-07-11 12:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 13:21 - 2014-03-21 00:45 - 00000000 ____D () C:\FRST
2014-10-21 13:19 - 2014-07-11 12:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 13:19 - 2014-04-13 17:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 13:19 - 2009-07-14 04:34 - 00000595 _____ () C:\Windows\win.ini
2014-10-21 13:09 - 2013-08-08 13:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 11:54 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 11:54 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 11:51 - 2013-04-15 07:54 - 01446109 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 11:47 - 2014-06-27 14:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-21 11:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 11:44 - 2014-05-07 15:47 - 00000000 ___RD () C:\Users\Arbeitskonto Bernd\Dropbox
2014-10-21 11:22 - 2014-03-22 10:53 - 00000586 _____ () C:\Windows\system32\.crusader
2014-10-21 11:20 - 2014-07-11 12:04 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 11:20 - 2014-04-22 13:27 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-21 11:12 - 2013-12-26 23:00 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-10-21 11:12 - 2013-12-26 23:00 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-10-21 11:12 - 2013-12-26 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-10-21 11:11 - 2013-12-26 22:59 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-10-21 11:10 - 2013-12-26 22:59 - 00000000 ____D () C:\ProgramData\Logishrd
2014-10-21 11:06 - 2014-05-07 15:44 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox
2014-10-20 23:15 - 2013-04-15 08:13 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-20 20:52 - 2013-04-15 08:08 - 00000000 ____D () C:\ProgramData\Temp
2014-10-20 20:51 - 2013-08-28 13:22 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-10-20 19:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 19:27 - 2013-08-28 15:33 - 00000000 ____D () C:\Users\Bernd
2014-10-20 17:41 - 2014-04-13 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-20 17:41 - 2014-04-13 17:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-20 17:41 - 2013-08-28 13:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-20 13:19 - 2014-05-02 16:59 - 00001139 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Mozilla Firefox.lnk
2014-10-20 13:12 - 2013-09-17 08:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Google
2014-10-20 13:12 - 2013-08-28 13:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-20 10:01 - 2013-08-08 13:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 10:01 - 2013-08-08 13:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 10:01 - 2013-08-08 13:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-20 09:53 - 2014-08-25 22:39 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Battle.net
2014-10-20 08:28 - 2014-05-01 09:52 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Adobe
2014-10-19 16:27 - 2013-08-28 15:34 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Adobe
2014-10-19 15:17 - 2014-07-11 12:02 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 15:17 - 2014-07-11 12:02 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 15:28 - 2014-05-05 08:54 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\CutePDF Writer
2014-10-18 14:59 - 2014-07-09 17:58 - 00000132 _____ () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-10-18 12:37 - 2013-04-15 17:46 - 00702640 _____ () C:\Windows\system32\perfh007.dat
2014-10-18 12:37 - 2013-04-15 17:46 - 00150280 _____ () C:\Windows\system32\perfc007.dat
2014-10-18 12:37 - 2009-07-14 07:13 - 01628108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-18 10:57 - 2013-08-28 08:01 - 00000806 _____ () C:\Windows\ulead32.ini
2014-10-18 10:57 - 2013-08-28 08:01 - 00000000 ____D () C:\Windows\ulead.dat
2014-10-18 10:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 21:19 - 2014-05-01 09:52 - 00000000 ____D () C:\Users\Arbeitskonto Bernd
2014-10-17 07:35 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 07:34 - 2009-07-14 06:45 - 05140888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 07:32 - 2014-05-06 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 00:44 - 2013-08-08 13:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 00:39 - 2013-08-27 13:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 00:29 - 2013-08-27 13:51 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 00:28 - 2013-08-08 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 07:21 - 2013-08-29 15:34 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-10-15 12:56 - 2014-08-25 22:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-11 16:54 - 2013-08-28 15:31 - 00000034 _____ () C:\Windows\cdplayer.ini
2014-10-05 14:35 - 2014-07-12 19:46 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\flightgear.org
2014-10-02 15:53 - 2013-08-08 13:13 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-28 09:23 - 2014-03-31 10:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-27 09:17 - 2014-05-07 15:47 - 00001059 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Dropbox.lnk
2014-09-27 09:17 - 2014-05-07 15:46 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-27 09:17 - 2013-08-28 00:14 - 00001775 _____ () C:\Windows\wininit.ini

Some content of TEMP:
====================
C:\Users\Arbeitskonto Bernd\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4rqiuh.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 16:15

==================== End Of Log ============================

--- --- ---

Addition.txt
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by Bernd at 2014-10-21 13:22:28
Running from C:\Users\Bernd\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader 8.0 Professional Edition (HKLM-x32\...\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 8.00.1095.4743 - ABBYY Software House)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.5.7828 - CyberLink Corp.) Hidden
Acer Arcade Movie (x32 Version: 9.0.6629 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Edge Animate CC (HKLM-x32\...\{00603DFF-6EC5-4E9E-AB3A-AD4C7D61FF13}) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Edge Code CC (HKLM-x32\...\{55D49B2B-6211-A705-FFDF-2F65E664EA0B}) (Version: 0.95 - Adobe Systems Incorporated)
Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)
Adobe Edge Reflow CC Preview (HKLM-x32\...\{3EF53B20-D3C1-44B1-8DD9-CD51654EB20A}) (Version: 0.27.12254 - Adobe Systems Incorporated)
Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Gaming SDK 1.2 (HKLM-x32\...\{323D371C-CD65-43E2-9E42-BC643F2D4D81}) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Scout CC (HKLM\...\{24CFD7EF-32B7-4FFD-B5A8-B0F129C92D0A}) (Version: 1.1.1.354079 - Adobe Systems Incorporated)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11025 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 6 v.6.0.9 (HKLM-x32\...\{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1) (Version: 6.0.9 - Ashampoo GmbH & Co. KG)
Atlas 0.3.0 (HKLM-x32\...\Atlas_is1) (Version:  - The Atlas Project)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX - Weiteres Material DL_ST7 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST7) (Version:  - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version:  - Canon Inc.)
capella 7 (HKLM-x32\...\{D3873CF8-9608-402B-88AD-D73B5FFAAED8}) (Version: 7.1.23 - capella software AG)
capella melody trainer 1.0 (HKLM-x32\...\{5E46EEBD-257B-4ADE-B7CC-77911364FF70}) (Version: 1.0.6 - capella-software AG)
capella-scan 8.0 (HKLM-x32\...\{776B5EBF-72E9-4FBB-9CAB-F029F7500FFF}) (Version: 8.0.16 - capella-software AG)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Direct MIDI to MP3 Converter Version 7.0.0.0 (HKLM-x32\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
DriverEasy 4.6.3 (HKLM\...\DriverEasy_is1) (Version: 4.6.3.0 - Easeware)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EtikettenAssistent 4.2 (HKLM-x32\...\{9AEF64B1-79A5-4E2F-8FBC-4CA89ECD3595}) (Version: 4.2.1 - HERMA)
Extended Update (HKCU\...\Digital Sites) (Version:  - Extended Update) <==== ATTENTION
File Opener Packages (HKCU\...\File Opener Packages) (Version:  - ) <==== ATTENTION
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FlightGear v2.12.0 (HKLM\...\FlightGear_is1) (Version:  - The FlightGear Team)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free Notes & Office Ink (HKLM-x32\...\{556F2137-B772-43BB-9A45-E0275234DD16}) (Version:   -  )
Free Video Flip and Rotate version 2.1.9.827 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.827 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HERMA Label Designer plus 1.1 (HKLM-x32\...\{7DA64485-2CEE-4F7B-84AB-B287236703B6}) (Version: 1.00.0000 - HERMA GmbH)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InfoBibliothek (HKLM-x32\...\{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}) (Version:  - Akademische Arbeitsgemeinschaft)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Joystick Plug-in (HKLM-x32\...\JSJS) (Version:  - Numfum Ltd)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaShow Espresso (x32 Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X Demo (HKLM-x32\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Müller Foto (HKLM-x32\...\Müller Foto) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Power Presenter RE II (HKLM-x32\...\{8537166B-40F4-4FAE-BAC5-454A4DD773B7}) (Version: 2.59 - Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6024 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secure Banking Version 1.5.2 (HKLM-x32\...\{0BEE0AF9-79F3-4C4F-B374-90C0A16BF294}_is1) (Version: 1.5.2 - Hopfgartner Niklas)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Tablet Driver With Macrokey Manager (HKLM\...\RmTablet) (Version: 4.13 - )
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Ulead COOL 360 1.0 (HKLM-x32\...\{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}) (Version:  - )
Ulead Photo Explorer 8.6 (HKLM-x32\...\{025C3792-E9C6-432A-92C1-661F99D021CA}) (Version: 8.6 - Ulead Systems, Inc.)
Ulead PhotoImpact 11 (HKLM-x32\...\{C8550C86-A712-4219-AD4C-038C9FD1D149}) (Version: 11.0 - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSBoxGO 1.0.0.0 (HKLM-x32\...\XSBoxGO 1.0.0.0) (Version: 1.0.0.0 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-10-2014 14:47:42 Geplanter Prüfpunkt
16-10-2014 20:52:02 Windows Update
16-10-2014 22:29:02 Windows Update
19-10-2014 17:00:13 Windows-Sicherung
20-10-2014 15:51:43 Prüfpunkt von HitmanPro
21-10-2014 08:39:36 Windows Update
21-10-2014 09:22:19 Prüfpunkt von HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {393C5E5A-8BB6-4E6F-BEDA-D2E28F0E81CA} - System32\Tasks\AdobeAAMUpdater-1.0-Power-PC-Power => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {4D93747A-002B-434A-92B6-D73990FFED3F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {59FCA8D3-5D7E-4CE4-90AE-8A20CA468701} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {5A16B89E-1EC3-4A8F-9C55-513953B38E84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {5B175D70-C01E-4544-AAD7-6494F928BBC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-11] (Google Inc.)
Task: {63A3BC64-C05D-4045-8FC2-8EBE32AC2176} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-27] (AVAST Software)
Task: {703A881B-3A5B-4CA9-82BE-D6B8B8958A0F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A3C1B5A4-86DB-4228-A455-3F214B630709} - System32\Tasks\Digital Sites => C:\Users\Bernd\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A64769A7-0A24-4E26-A62C-C1033D14C38A} - System32\Tasks\AdobeAAMUpdater-1.0-Power-PC-Bernd => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {CD47CE63-D672-4A32-91E7-D1603B2E09AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-11] (Google Inc.)
Task: {D6019926-E4D4-4DF9-B9FB-F1C33FEB2B0D} - System32\Tasks\AdobeAAMUpdater-1.0-B-AZO-N-Arbeitskonto Bernd => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {F7656EA0-72F0-417B-A253-3F55B5C80873} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2013-12-23] (Easeware)
Task: {F9584202-43D3-47D3-9729-B41381CD6A37} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Bernd\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-08-28 00:09 - 2012-07-31 11:31 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-05-11 18:49 - 2011-06-01 11:47 - 07329792 _____ () C:\Windows\System32\WTMKM.exe
2013-04-15 08:09 - 2010-05-13 07:23 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2010-08-04 14:40 - 2010-08-04 14:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-05-11 18:48 - 2011-04-27 17:23 - 00916992 _____ () C:\Windows\system32\atwtusb.exe
2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-06-27 14:37 - 2014-06-27 14:37 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-21 11:05 - 2014-10-21 11:05 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14102100\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-23 11:23 - 2013-09-18 08:45 - 00043344 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\MouseHook.dll
2010-08-04 11:47 - 2010-08-04 11:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2013-08-28 08:01 - 2005-01-04 17:05 - 00028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2014-06-27 14:37 - 2014-06-27 14:37 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-27 18:56 - 2014-09-27 18:56 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2013-03-13 13:42 - 2013-12-26 11:05 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-10-19 15:29 - 2014-10-10 04:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-19 15:29 - 2014-10-10 04:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-02-18 10:04 - 2011-02-18 10:04 - 00196448 _____ () C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
2014-10-19 15:29 - 2014-10-10 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-19 15:29 - 2014-10-10 04:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Power\Documents\Bordkarte X3 2278 _ 13JAN _ CGN - FUE für SLAWINSKI_ELISABETH.eml:OECustomProperty
AlternateDataStreams: C:\Users\Power\Documents\Bordkarte X3 2278 _ 13JAN _ CGN - FUE für ZIEGENER_BERND.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3047158342-991607282-2163248425-500 - Administrator - Disabled)
Arbeitskonto Bernd (S-1-5-21-3047158342-991607282-2163248425-1370 - Limited - Enabled) => C:\Users\Arbeitskonto Bernd
Bernd (S-1-5-21-3047158342-991607282-2163248425-1006 - Administrator - Enabled) => C:\Users\Bernd
Gast (S-1-5-21-3047158342-991607282-2163248425-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3047158342-991607282-2163248425-1368 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2014 01:03:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/21/2014 11:32:35 AM) (Source: MsiInstaller) (EventID: 11406) (User: B-AZO-N)
Description: Product: Adobe AIR -- Error 1406. Could not write value  to key \Software\Classes\AIR.InstallerPackage\shell\open\command.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (10/21/2014 11:31:24 AM) (Source: MsiInstaller) (EventID: 11406) (User: B-AZO-N)
Description: Product: Adobe AIR -- Error 1406. Could not write value  to key \Software\Classes\AIR.InstallerPackage\shell\open\command.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (10/21/2014 11:23:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000204,(null),0,REG_BINARY,000000000287EB30.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.

Error: (10/21/2014 11:23:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000011c8,(null),0,REG_BINARY,0000000008C9E340.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Generatorname: MSSearch Service Writer
   Generatorinstanz-ID: {58cc2457-1ffe-41e3-a64d-c5285212163b}

Error: (10/21/2014 11:23:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000308,(null),0,REG_BINARY,00000000022DE080.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {9369c20f-f932-440a-aa57-a211a4626b20}

Error: (10/21/2014 11:23:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000007b0,(null),0,REG_BINARY,00000000010ADE70.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {55e3d124-ba27-4f0e-8585-b6824eab88a4}

Error: (10/21/2014 11:23:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000011c8,(null),0,REG_BINARY,0000000008C9E340.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Generatorname: MSSearch Service Writer
   Generatorinstanz-ID: {58cc2457-1ffe-41e3-a64d-c5285212163b}

Error: (10/21/2014 11:23:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001f0,(null),0,REG_BINARY,0000000002A3EBF0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {160a434f-9e04-4569-a5cf-8793b6ae4a6d}

Error: (10/21/2014 11:23:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000308,(null),0,REG_BINARY,00000000022DE080.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {9369c20f-f932-440a-aa57-a211a4626b20}


System errors:
=============
Error: (10/21/2014 11:46:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Framed Display" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/21/2014 11:46:11 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.

Error: (10/21/2014 11:44:35 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/21/2014 11:05:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Framed Display" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/21/2014 10:33:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Framed Display" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/20/2014 11:17:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Framed Display" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/20/2014 11:03:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Framed Display" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/20/2014 08:43:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Framed Display" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/20/2014 08:13:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Framed Display" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/20/2014 07:13:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Framed Display" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 37%
Total physical RAM: 8183.76 MB
Available physical RAM: 5086.91 MB
Total Pagefile: 16365.7 MB
Available Pagefile: 12211.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:962.11 GB) (Free:758.43 GB) NTFS
Drive d: (DATA) (Fixed) (Total:887.14 GB) (Free:885.35 GB) NTFS
Drive l: (VERBATIM HD) (Fixed) (Total:465.65 GB) (Free:219.78 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6E20CE3B)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=962.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=887.1 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 94A56F94)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End Of Log ============================

--- --- ---

schrauber · 22.10.2014, 07:18

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Extended Update

File Opener Packages
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Böni · 22.10.2014, 09:16

Combofix Logfile:

Code:

ATTFilter

ComboFix 14-10-21.01 - Bernd 22.10.2014   9:53.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8184.5295 [GMT 2:00]
ausgeführt von:: c:\users\Bernd\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-09-22 bis 2014-10-22  ))))))))))))))))))))))))))))))
.
.
2014-10-22 08:07 . 2014-10-22 08:07	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-10-22 08:07 . 2014-10-22 08:07	--------	d-----w-	c:\users\Power\AppData\Local\temp
2014-10-22 08:07 . 2014-10-22 08:07	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2014-10-22 08:07 . 2014-10-22 08:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-21 09:48 . 2014-10-21 09:48	--------	d-----w-	c:\users\Arbeitskonto Bernd\AppData\Roaming\Logishrd
2014-10-21 09:12 . 2014-10-21 09:12	--------	d-----w-	c:\users\Bernd\AppData\Local\Logishrd
2014-10-21 08:42 . 2014-10-14 19:59	11627712	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{54B10FA5-35B3-41EF-91C9-5C99E77FACF7}\mpengine.dll
2014-10-20 11:59 . 2014-10-20 11:59	--------	d-----w-	c:\program files (x86)\Joystick Plugin
2014-10-20 11:16 . 2014-10-20 11:16	--------	d-----w-	c:\users\Bernd\AppData\Local\WorldofTanks
2014-10-20 11:16 . 2014-10-20 11:16	--------	d-----w-	c:\users\Bernd\AppData\Local\Sparta
2014-10-20 11:15 . 2014-10-20 11:15	--------	d-----w-	c:\users\Bernd\AppData\Local\GGEmpire
2014-10-20 11:15 . 2014-10-21 09:44	--------	d-----w-	c:\users\Bernd\AppData\Roaming\DigitalSites
2014-10-20 11:15 . 2014-10-22 07:44	--------	d-----w-	c:\users\Bernd\AppData\Roaming\1H1Q
2014-10-16 20:58 . 2014-09-18 02:00	3241472	----a-w-	c:\windows\system32\msi.dll
2014-10-16 20:49 . 2014-10-16 22:28	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2014-10-06 07:57 . 2014-10-13 17:25	--------	d-----w-	c:\users\Arbeitskonto Bernd\AppData\Roaming\Awesomium
2014-10-06 06:13 . 2014-10-14 11:20	--------	d-----w-	c:\users\Bernd\AppData\Roaming\Awesomium
2014-10-06 06:00 . 2014-10-06 06:00	--------	d-----w-	c:\programdata\Elder Scrolls Online
2014-10-05 18:25 . 2014-10-05 18:25	--------	d-----w-	c:\windows\jre
2014-10-05 18:24 . 2014-10-14 11:07	--------	d-----w-	c:\program files (x86)\Zenimax Online
2014-10-05 18:24 . 2014-10-05 18:25	--------	d--h--w-	c:\program files (x86)\Zero G Registry
2014-10-05 18:23 . 2014-10-05 18:23	--------	d--h--w-	c:\users\Bernd\InstallAnywhere
2014-10-01 05:52 . 2014-09-25 02:08	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-10-01 05:52 . 2014-09-25 01:40	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-29 20:46 . 2014-09-30 08:35	--------	d-----w-	c:\program files (x86)\Diablo III
2014-09-28 12:21 . 2014-09-28 12:22	--------	d-----w-	c:\users\Arbeitskonto Bernd\AppData\Local\Amazon
2014-09-27 07:22 . 2014-09-09 22:11	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-27 07:22 . 2014-09-09 21:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-22 07:34 . 2014-04-13 15:42	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-21 09:12 . 2013-12-26 21:00	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-10-20 08:01 . 2013-08-08 11:26	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-20 08:01 . 2013-08-08 11:26	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 22:29 . 2013-08-27 11:51	103265616	----a-w-	c:\windows\system32\MRT.exe
2014-10-02 13:53 . 2013-08-08 11:13	278152	------w-	c:\windows\system32\MpSigStub.exe
2014-10-01 09:11 . 2014-06-08 09:16	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-10-01 09:11 . 2014-04-13 15:42	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 09:11 . 2013-08-28 11:07	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-23 02:07 . 2014-08-28 08:27	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 08:27	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-09 08:28 . 2012-07-17 12:37	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-01 11:53 . 2014-09-10 18:15	1031168	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-10 18:15	793600	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-06-29 124136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-12-26 1039240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
.
c:\users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Zenimax-Startprogramm.lnk - c:\program files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [2014-10-5 12166704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Util Framed Display;Util Framed Display;c:\program files (x86)\Framed Display\bin\utilFramedDisplay.exe;c:\program files (x86)\Framed Display\bin\utilFramedDisplay.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 tmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCTTomato;c:\windows\system32\DRIVERS\tmnsusbser.sys;c:\windows\SYSNATIVE\DRIVERS\tmnsusbser.sys [x]
R3 tmusbnet;Wireless Data Device driver for usb ethernet adapter;c:\windows\system32\DRIVERS\tmusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\tmusbnet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - hitmanpro37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-19 13:25	1089352	----a-w-	c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08 08:01]
.
2013-12-26 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2013-12-26 01:16]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-11 10:02]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-11 10:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:06	672416	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:06	672416	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:06	672416	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-27 12:37	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"MacrokeyManager"="WTMKM.exe" [2011-06-01 7329792]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mSearch Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\
FF - prefs.js: browser.search.defaulturl - hxxps://de.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF - prefs.js: keyword.URL - hxxps://de.search.yahoo.com/yhs/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-BRS - c:\program files (x86)\WSE_Astromenda\BRS\brs.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
AddRemove-XSBoxGO 1.0.0.0 - c:\program files (x86)\XSBoxGO\Uninstall.exe
AddRemove-{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1 - c:\program files (x86)\Ashampoo\Ashampoo Burning Studio 6 FREE\unins001.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-22  10:11:56
ComboFix-quarantined-files.txt  2014-10-22 08:11
ComboFix2.txt  2014-04-18 18:04
.
Vor Suchlauf: 14 Verzeichnis(se), 813.502.423.040 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 814.375.890.944 Bytes frei
.
- - End Of File - - EFD5DCEBFF40D8DAFCADB758B0EC8AF6

--- --- ---

schrauber · 22.10.2014, 19:10

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Böni · 22.10.2014, 22:04

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.10.2014
Suchlauf-Zeit: 21:35:50
Logdatei: mbm_protokoll_14_10_22.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.10.22.08
Rootkit Datenbank: v2014.10.21.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Bernd

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 474570
Verstrichene Zeit: 12 Min, 41 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.001 - Bericht erstellt am 22/10/2014 um 22:42:57
# DB v2014-10-21.1
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Bernd - B-AZO-N
# Gestartet von : C:\Users\Bernd\Downloads\AdwCleaner_4.001.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Util Framed Display

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Bernd\AppData\Roaming\1H1Q
Ordner Gelöscht : C:\Users\Bernd\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Users\Power\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\6p6z0btk.default-1398166762451\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Ordner Gelöscht : C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\ugxwq37m.default\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Ordner Gelöscht : C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\6p6z0btk.default-1398166762451\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
Ordner Gelöscht : C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\ugxwq37m.default\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
Datei Gelöscht : C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\ugxwq37m.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\6p6z0btk.default-1398166762451\user.js
Datei Gelöscht : C:\Users\Power\AppData\Roaming\Mozilla\Firefox\Profiles\ugxwq37m.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\BRS
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Framed Display
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Framed Display

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 de)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [1711 octets] - [19/04/2014 16:53:47]
AdwCleaner[R1].txt - [9014 octets] - [22/10/2014 22:38:18]
AdwCleaner[S0].txt - [1728 octets] - [19/04/2014 16:57:11]
AdwCleaner[S1].txt - [8268 octets] - [22/10/2014 22:42:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8328 octets] ##########

--- --- ---

JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bernd on 22.10.2014 at 22:48:42,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\DriverEasy Scheduled Scan.job



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\jrweuwgo.default\prefs.js

user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ggfc_14_43_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBt
user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ggfc_14_43_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0StCtDtBtAtN1L2XzutAtFt
user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ggfc_14_43_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzzyCzzyB0DtCyDyByByE0EtN0D0Tzu0StCtDtBtAtN1L2XzutAt



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.10.2014 at 22:57:47,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Bernd (administrator) on B-AZO-N on 22-10-2014 22:59:43
Running from C:\Users\Bernd\Downloads
Loaded Profile: Bernd (Available profiles: Bernd & Arbeitskonto Bernd & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Windows\System32\atwtusb.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\System32\WTMKM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MacrokeyManager] => C:\Windows\system32\WTMKM.exe [7329792 2011-06-01] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2005-05-23] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-12-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Startup: C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zenimax-Startprogramm.lnk
ShortcutTarget: Zenimax-Startprogramm.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe (ZeniMax Online Studios)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0120EC90DE5BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @numfum.com/JSJS,version=0.6.3.1 -> C:\Program Files (x86)\Joystick Plugin\npjoystick.dll (Numfum Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npjoystick.dll (Numfum Ltd)
FF SearchPlugin: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-27]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-21]

Chrome: 
=======
CHR StartupUrls: Default -> "https://de.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-11]
CHR Extension: (Google Drive) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-11]
CHR Extension: (Google-Suche) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-11]
CHR Extension: (Avast Online Security) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-11]
CHR Extension: (Google Wallet) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-11]
CHR Extension: (Google Mail) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-06-27] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-11] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] () [File not signed]
R2 WTService; C:\Windows\system32\atwtusb.exe [916992 2011-04-27] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-27] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-27] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-06-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-27] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 tmnsusbser; C:\Windows\System32\DRIVERS\tmnsusbser.sys [124416 2010-04-21] (Wireless Device)
S3 tmusbnet; C:\Windows\System32\DRIVERS\tmusbnet.sys [129024 2010-04-20] (QUALCOMM Incorporated)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 22:59 - 2014-10-22 22:59 - 00000000 ____D () C:\Users\Bernd\Downloads\FRST-OlderVersion
2014-10-22 22:57 - 2014-10-22 22:57 - 00001639 _____ () C:\Users\Bernd\Desktop\JRT.txt
2014-10-22 22:48 - 2014-10-22 22:48 - 01706144 _____ (Thisisu) C:\Users\Bernd\Downloads\JRT.exe
2014-10-22 22:37 - 2014-10-22 22:37 - 01962496 _____ () C:\Users\Bernd\Downloads\AdwCleaner_4.001.exe
2014-10-22 10:11 - 2014-10-22 10:11 - 00025938 _____ () C:\ComboFix.txt
2014-10-22 09:49 - 2014-10-22 09:49 - 05584933 ____R (Swearware) C:\Users\Bernd\Downloads\ComboFix.exe
2014-10-22 09:36 - 2014-10-22 09:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bernd\Downloads\revosetup95.exe
2014-10-21 13:22 - 2014-10-21 13:23 - 00046218 _____ () C:\Users\Bernd\Downloads\Addition.txt
2014-10-21 13:21 - 2014-10-22 22:59 - 02112000 _____ (Farbar) C:\Users\Bernd\Downloads\FRST64.exe
2014-10-21 13:21 - 2014-10-22 22:59 - 00024357 _____ () C:\Users\Bernd\Downloads\FRST.txt
2014-10-21 13:11 - 2014-10-21 13:12 - 00038487 _____ () C:\Users\Arbeitskonto Bernd\Downloads\Addition.txt
2014-10-21 13:10 - 2014-10-21 13:12 - 00049228 _____ () C:\Users\Arbeitskonto Bernd\Downloads\FRST.txt
2014-10-21 13:10 - 2014-10-21 13:10 - 02110976 _____ (Farbar) C:\Users\Arbeitskonto Bernd\Downloads\FRST64.exe
2014-10-21 11:48 - 2014-10-21 11:48 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Logishrd
2014-10-21 11:45 - 2014-10-22 22:44 - 00021462 _____ () C:\Windows\PFRO.log
2014-10-21 11:37 - 2014-10-21 11:37 - 00001422 _____ () C:\Users\Bernd\Desktop\HitmanPro_20141021_1137.log
2014-10-21 11:31 - 2014-10-21 11:31 - 00003140 _____ () C:\Windows\System32\Tasks\{CE6ADC54-06A9-4B64-BD63-A202F0D090A8}
2014-10-21 11:30 - 2014-10-21 11:30 - 17703272 _____ (Adobe Systems Inc.) C:\Users\Bernd\Downloads\AdobeAIRInstaller.exe
2014-10-21 11:12 - 2014-10-21 11:12 - 00000756 _____ () C:\Windows\LkmdfCoInst.log
2014-10-21 11:12 - 2014-10-21 11:12 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Logishrd
2014-10-21 11:11 - 2014-10-21 11:12 - 00013373 _____ () C:\Windows\LDPINST.LOG
2014-10-20 17:54 - 2014-10-22 22:44 - 00000930 _____ () C:\Windows\setupact.log
2014-10-20 17:54 - 2014-10-20 17:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-20 14:07 - 2014-10-20 14:07 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthPluginSetup (1).exe
2014-10-20 14:03 - 2014-10-20 14:03 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3 (2).exe
2014-10-20 14:03 - 2014-10-20 14:03 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3 (1).exe
2014-10-20 13:59 - 2014-10-20 13:59 - 00000000 ____D () C:\Program Files (x86)\Joystick Plugin
2014-10-20 13:58 - 2014-10-20 13:58 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3.exe
2014-10-20 13:16 - 2014-10-20 13:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\WorldofTanks
2014-10-20 13:16 - 2014-10-20 13:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Sparta
2014-10-20 13:15 - 2014-10-20 13:15 - 00000000 ____D () C:\Users\Bernd\AppData\Local\GGEmpire
2014-10-20 13:14 - 2014-10-20 13:14 - 00712240 _____ ( ) C:\Users\Arbeitskonto Bernd\Downloads\FileOpenerSetup.exe
2014-10-20 13:12 - 2014-10-20 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-10-20 13:12 - 2014-10-20 13:12 - 00002216 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-10-20 13:11 - 2014-10-20 13:11 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthSetup.exe
2014-10-19 15:35 - 2014-10-19 15:35 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthPluginSetup.exe
2014-10-16 22:59 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 22:59 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 22:59 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 22:59 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 22:59 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 22:59 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 22:59 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 22:59 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 22:59 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 22:59 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 22:59 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 22:59 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 22:59 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 22:59 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 22:59 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 22:59 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 22:59 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 22:59 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 22:59 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 22:59 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 22:59 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 22:59 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 22:59 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 22:59 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 22:59 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 22:59 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 22:59 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 22:59 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 22:59 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 22:59 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 22:59 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 22:59 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 22:59 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 22:59 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 22:59 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 22:59 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 22:59 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 22:59 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 22:59 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 22:59 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 22:59 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 22:59 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 22:59 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 22:59 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 22:59 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 22:59 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 22:59 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 22:59 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 22:59 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 22:59 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 22:59 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 22:59 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 22:59 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 22:59 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 22:58 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 22:58 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 22:58 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 22:58 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 22:58 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 22:58 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 22:58 - 2014-08-29 04:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 22:58 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 22:58 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 22:58 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 22:58 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 22:58 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 22:58 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 22:58 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 22:58 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 22:58 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 22:58 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 22:49 - 2014-10-17 00:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-15 17:07 - 2014-10-15 17:07 - 00306160 _____ () C:\Users\Arbeitskonto Bernd\Downloads\Bartender4-4.6.1.zip
2014-10-15 17:07 - 2014-10-15 17:07 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Downloads\Bartender4-4.6.1
2014-10-14 13:12 - 2014-10-14 13:12 - 00225679 _____ () C:\Users\Bernd\Documents\report.txt
2014-10-14 13:04 - 2014-10-14 13:05 - 106224784 _____ (Flexera Software) C:\Users\Arbeitskonto Bernd\Downloads\Install_ESO(1).exe
2014-10-06 09:57 - 2014-10-13 19:25 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Awesomium
2014-10-06 09:45 - 2014-10-06 09:45 - 00002075 _____ () C:\Users\Arbeitskonto Bernd\Desktop\eso - Verknüpfung.lnk
2014-10-06 09:38 - 2014-10-06 09:38 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\Elder Scrolls Online
2014-10-06 08:13 - 2014-10-14 13:20 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Awesomium
2014-10-06 08:00 - 2014-10-06 08:00 - 00000000 ____D () C:\Users\Bernd\Documents\Elder Scrolls Online
2014-10-06 08:00 - 2014-10-06 08:00 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-10-05 20:25 - 2014-10-14 13:08 - 00001251 _____ () C:\Users\Bernd\Desktop\The Elder Scrolls Online.lnk
2014-10-05 20:25 - 2014-10-05 20:25 - 00000000 ____D () C:\Windows\jre
2014-10-05 20:25 - 2014-10-05 20:25 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2014-10-05 20:24 - 2014-10-14 13:07 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-10-05 20:24 - 2014-10-05 20:25 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2014-10-05 20:23 - 2014-10-05 20:23 - 00000000 ___HD () C:\Users\Bernd\InstallAnywhere
2014-10-05 20:21 - 2014-10-05 20:23 - 106224784 _____ (Flexera Software) C:\Users\Arbeitskonto Bernd\Downloads\Install_ESO.exe
2014-10-01 09:14 - 2014-10-01 09:15 - 03589024 _____ (Blizzard Entertainment) C:\Users\Arbeitskonto Bernd\Downloads\Diablo-III-Setup-deDE.exe
2014-10-01 07:52 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 07:52 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 10:36 - 2014-09-30 10:36 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\Diablo III
2014-09-29 22:48 - 2014-09-29 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-29 22:46 - 2014-09-30 10:35 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-28 14:22 - 2014-09-28 15:19 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\My Kindle Content
2014-09-28 14:22 - 2014-09-28 14:22 - 00002295 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Kindle.lnk
2014-09-28 14:22 - 2014-09-28 14:22 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-09-28 14:21 - 2014-09-28 14:22 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Amazon
2014-09-28 14:21 - 2014-09-28 14:21 - 38157960 _____ (Amazon.com) C:\Users\Arbeitskonto Bernd\Downloads\KindleForPC-installer.exe
2014-09-27 18:56 - 2014-10-20 13:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-27 09:22 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-27 09:22 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 22:59 - 2014-03-21 00:45 - 00000000 ____D () C:\FRST
2014-10-22 22:52 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 22:52 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 22:46 - 2014-04-13 17:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 22:45 - 2014-07-11 12:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 22:45 - 2009-07-14 04:34 - 00000595 _____ () C:\Windows\win.ini
2014-10-22 22:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 22:43 - 2014-04-19 16:41 - 00000000 ____D () C:\AdwCleaner
2014-10-22 22:43 - 2013-04-15 07:54 - 01494027 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 22:42 - 2014-08-25 22:39 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Battle.net
2014-10-22 22:23 - 2014-07-11 12:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 22:09 - 2013-08-08 13:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 18:29 - 2013-04-15 17:46 - 00702640 _____ () C:\Windows\system32\perfh007.dat
2014-10-22 18:29 - 2013-04-15 17:46 - 00150280 _____ () C:\Windows\system32\perfc007.dat
2014-10-22 18:29 - 2009-07-14 07:13 - 01628108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 18:28 - 2014-05-07 15:47 - 00000000 ___RD () C:\Users\Arbeitskonto Bernd\Dropbox
2014-10-22 18:28 - 2014-05-07 15:44 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox
2014-10-22 10:12 - 2014-04-18 19:21 - 00000000 ____D () C:\Qoobox
2014-10-22 10:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-22 10:01 - 2013-04-15 08:08 - 00000000 ____D () C:\ProgramData\Temp
2014-10-22 09:37 - 2014-04-18 19:15 - 00001268 _____ () C:\Users\Bernd\Desktop\Revo Uninstaller.lnk
2014-10-22 09:37 - 2014-04-18 19:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-22 08:31 - 2014-05-01 09:52 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Adobe
2014-10-21 23:40 - 2014-06-27 14:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-21 23:38 - 2014-04-13 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-21 23:38 - 2014-04-13 17:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-21 23:38 - 2013-08-28 13:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-21 17:56 - 2014-05-05 08:54 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\CutePDF Writer
2014-10-21 17:53 - 2014-07-09 17:58 - 00000132 _____ () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-10-21 14:03 - 2013-08-28 08:01 - 00000806 _____ () C:\Windows\ulead32.ini
2014-10-21 11:22 - 2014-03-22 10:53 - 00000586 _____ () C:\Windows\system32\.crusader
2014-10-21 11:20 - 2014-07-11 12:04 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 11:20 - 2014-04-22 13:27 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-21 11:12 - 2013-12-26 23:00 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-10-21 11:12 - 2013-12-26 23:00 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-10-21 11:12 - 2013-12-26 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-10-21 11:11 - 2013-12-26 22:59 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-10-21 11:10 - 2013-12-26 22:59 - 00000000 ____D () C:\ProgramData\Logishrd
2014-10-20 23:15 - 2013-04-15 08:13 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-20 20:51 - 2013-08-28 13:22 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-10-20 19:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 19:27 - 2013-08-28 15:33 - 00000000 ____D () C:\Users\Bernd
2014-10-20 13:19 - 2014-05-02 16:59 - 00001139 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Mozilla Firefox.lnk
2014-10-20 13:12 - 2013-09-17 08:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Google
2014-10-20 13:12 - 2013-08-28 13:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-20 10:01 - 2013-08-08 13:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 10:01 - 2013-08-08 13:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 10:01 - 2013-08-08 13:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-19 16:27 - 2013-08-28 15:34 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Adobe
2014-10-19 15:17 - 2014-07-11 12:02 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 15:17 - 2014-07-11 12:02 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 10:57 - 2013-08-28 08:01 - 00000000 ____D () C:\Windows\ulead.dat
2014-10-18 10:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 21:19 - 2014-05-01 09:52 - 00000000 ____D () C:\Users\Arbeitskonto Bernd
2014-10-17 07:35 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 07:34 - 2009-07-14 06:45 - 05140888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 07:32 - 2014-05-06 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 00:44 - 2013-08-08 13:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 00:39 - 2013-08-27 13:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 00:29 - 2013-08-27 13:51 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 00:28 - 2013-08-08 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 07:21 - 2013-08-29 15:34 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-10-15 12:56 - 2014-08-25 22:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-11 16:54 - 2013-08-28 15:31 - 00000034 _____ () C:\Windows\cdplayer.ini
2014-10-05 14:35 - 2014-07-12 19:46 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\flightgear.org
2014-10-02 15:53 - 2013-08-08 13:13 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 11:11 - 2014-06-08 11:16 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-04-13 17:42 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2013-08-28 13:07 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 09:23 - 2014-03-31 10:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-27 09:17 - 2014-05-07 15:47 - 00001059 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Dropbox.lnk
2014-09-27 09:17 - 2014-05-07 15:46 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\Arbeitskonto Bernd\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6u9kk9.dll
C:\Users\Bernd\AppData\Local\temp\Quarantine.exe
C:\Users\Bernd\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 16:15

==================== End Of Log ============================

--- --- ---

schrauber · 23.10.2014, 19:36

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Böni · 24.10.2014, 10:21

Probleme mit den genannten "pup...." scheint es nicht mehr zu geben.
Beim Start als Admin erscheint nun ein Kasten mit der Überschrift

"Internal Error...
Abort: Pointer is Null
(...\cef\clienthandler.c/648)"

Der lässt sich zwar wegklicken, aber nervt.

Grüße von
Böni

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=502ddf83ef274740b5835593b73dc79e
# engine=20750
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-24 05:52:12
# local_time=2014-10-24 07:52:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 96 693587 10257397 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 248996 165759782 0 0
# scanned=1055378
# found=63
# cleaned=0
# scan_time=33440
sh=709335B7BFA1F2579F5F4450828B97136471B29E ft=1 fh=0d2b3090a56aa8d8 vn="Variante von Win32/InstallCore.QB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Arbeitskonto Bernd\Downloads\FileOpenerSetup.exe"
sh=E4D8744E3C7F33DC588089B4BA3BDF508938F365 ft=1 fh=f47fb070f835e266 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Arbeitskonto Bernd\Downloads\HTML Editor Phase - CHIP-Downloader (1).exe"
sh=03D28E474D550DACC92FC2AFFF2BDD573072FE9C ft=1 fh=1bc6bc227d789569 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Arbeitskonto Bernd\Downloads\HTML Editor Phase - CHIP-Downloader.exe"
sh=61D95C702DE958A367B221090C788EF3BC8C0605 ft=1 fh=883e907eef5227c2 vn="Variante von Win32/InstallCore.JP evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Arbeitskonto Bernd\Downloads\VideoConverterSetup.exe"
sh=D80C67DEC7565A7139DC74467C8E1EB4EB2B2570 ft=1 fh=c553f983ce9ae6b6 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bernd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQ85BZL5\FramedDisplay[1].dll"
sh=15779A83152DB723FC94C3A9C1D054CC55E88414 ft=1 fh=68ba20b51425ebf1 vn="Variante von Win32/Toolbar.Funmoods.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Power\Downloads\agsetup183se.exe"
sh=2FEB417894E6C5E60BB62DDB12511A67D41D6646 ft=1 fh=422245aca42721c5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Power\Downloads\avc-558-free.exe"
sh=14810DC56829DCAB9AD47499BB60466043E148DD ft=1 fh=e9ecc738542a5ba4 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Power\Downloads\FreemakeVideoConverterSetup_4.1.3.15.exe"
sh=563E1B707747F87BD96829B81E92CA1EE04E83FD ft=1 fh=421b349ff9c9cc9b vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Power\Downloads\freeocr422.exe"
sh=1F086C18C59F6F0CBE7C0A03C111F4F5B43DDCDB ft=1 fh=f9b46d7c76787cfa vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Power\Downloads\FreeYouTubeDownload-3.2.20.1230.exe"
sh=9DF97B417C53958902D1876867B1B5233E107868 ft=1 fh=b6fea5969f17fc17 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Power\Downloads\m4a-to-mp3-81converter.exe"
sh=72082AACD426490FFD3E6D50AAF9FFF1E355CDCE ft=1 fh=5191f77b348dd238 vn="Win32/WinloadSDA.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Power\Downloads\MS-Flight-Simulator-X-Setup.exe"
sh=9B229D45DAF8E42A9E5AB80B8A8F3C1DA28BE5D9 ft=1 fh=fc29e722f48e28ff vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\MSI1E83.tmp"
sh=6314842A7A8C329FEDBEA24B4DB13033B8A180BE ft=1 fh=7acf53733f08fe1d vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-3047158342-991607282-2163248425-1006\$RHNU65E.exe"
sh=B8D9B9B9478A0D4934AC1D89955115D987416C1E ft=1 fh=78155a628be8688e vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-3047158342-991607282-2163248425-1006\$RWGOBV1.exe"
sh=C7D9DD032E415706468EE6B89F1C53AB0E0EBD40 ft=1 fh=652b75961704fed4 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="K:\Atelcosicherungen\070321\Daten_neu\Downloads\cute\CuteWriter(1).exe"
sh=49AD0B478FFCBFFCE2A39580FCA1090652544ACF ft=1 fh=2814fb9309668e67 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="K:\Atelcosicherungen\070321\Daten_neu\Downloads\sonstiges\FCTBSetup.exe"
sh=2CC3CFC835012E5F8AA0235ABF75A14CB47321D5 ft=1 fh=49b4f9c6c90b39f9 vn="Win32/MCH potenziell unsichere Anwendung" ac=I fn="K:\Atelcosicherungen\070321\Daten_neu\Downloads\sonstiges\kisi2010(2).exe"
sh=2CC3CFC835012E5F8AA0235ABF75A14CB47321D5 ft=1 fh=49b4f9c6c90b39f9 vn="Win32/MCH potenziell unsichere Anwendung" ac=I fn="K:\Atelcosicherungen\070321\Daten_neu\Downloads\sonstiges\kisi2010.exe"
sh=BE5FE051F7DA02EBDFD730674FB9A4A49E664297 ft=1 fh=8778415b62d78a6c vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="K:\Atelcosicherungen\070321\Daten_neu\Downloads\sonstiges\Xvid-1.2.2-07062009.exe"
sh=6444A2F950F0CD8D5945373C8A5DC1FD299DF708 ft=1 fh=bfbde6b098028e56 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="K:\Atelcosicherungen\070321\Daten_neu\Musik\Theorie\Klavierkurs\Downloads\Klavierakkorde.exe"
sh=D9730C5400B014A430A5F608BE4AAF631122D10B ft=1 fh=973e8761a43b9766 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="K:\Atelcosicherungen\Laufwerk F\downloads\video_deluxe_mx_201mb_d.exe"
sh=15779A83152DB723FC94C3A9C1D054CC55E88414 ft=1 fh=68ba20b51425ebf1 vn="Variante von Win32/Toolbar.Funmoods.D evtl. unerwünschte Anwendung" ac=I fn="K:\Sicherung_4gamez_2013_08_26\Downloads\agsetup183se.exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="K:\Sicherung_4gamez_2013_08_26\Downloads\ccsetup402.exe"
sh=395E3E02F1AC37B9D9247B251C68FF8BE87EB9FD ft=0 fh=0000000000000000 vn="Variante von Win32/LoadTubes.C evtl. unerwünschte Anwendung" ac=I fn="L:\BERNDS-LAPTOP\Backup Set 2013-03-07 201510\Backup Files 2013-03-07 201510\Backup files 1.zip"
sh=2DD65710F06DAAC5F757394DA383EB0B6CF78829 ft=0 fh=0000000000000000 vn="Variante von Win32/BSDownloader evtl. unerwünschte Anwendung" ac=I fn="L:\BERNDS-LAPTOP\Backup Set 2013-03-07 201510\Backup Files 2013-03-07 201510\Backup files 3.zip"
sh=DCC6D8E5C51D0FCF9427A526A48F465100074F89 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="L:\BERNDS-LAPTOP\Backup Set 2013-03-07 201510\Backup Files 2013-03-07 201510\Backup files 4.zip"
sh=2941BCCCEAEACE98C96B536B06D11DF529C21292 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="L:\BERNDS-LAPTOP\Backup Set 2013-03-07 201510\Backup Files 2013-03-07 201510\Backup files 5.zip"
sh=3C7AEFF057E2012760A4A5BA3F6D2F3A9A7441D3 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="L:\BERNDS-LAPTOP\Backup Set 2013-03-07 201510\Backup Files 2013-03-07 201510\Backup files 17.zip"
sh=B6A4F13AE1C0452F24FEA5A54AC61B88213CB92C ft=1 fh=bc29891845965f1c vn="Variante von Win32/BSDownloader evtl. unerwünschte Anwendung" ac=I fn="L:\BERNDS-LAPTOP\Downloads\Afreecodec_downloader_For_MIDI_TO_MP3.exe"
sh=1DFC5F6F64CB56D04C3EEA5DA32EC43E58EB72A7 ft=1 fh=29ea6a66be887c11 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="L:\BERNDS-LAPTOP\Downloads\ashampoo_winoptimizer_6_6.60_7593.exe"
sh=66C853785EBFCE37C080E90F61705EC6D5CE1787 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="L:\BERNDS-LAPTOP\Downloads\PDFXVwer.zip"
sh=99FEC27BB98B14B25E69224640376206F5D8A2BF ft=1 fh=0824ed92bb07e41c vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="L:\BERNDS-LAPTOP\Downloads\PDFXVwer\PDFXVwer.exe"
sh=393BA758A9A668CF199606C2DA3D028FB4809574 ft=1 fh=8852912e32564913 vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung" ac=I fn="L:\System Volume Information\_restore{FF10CB1D-8945-40F2-90E5-9CED966EEF20}\RP642\A0208951.exe"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="L:\Sicherung_C_2013_04_05\VideoConverter\VideoConverter.exe"
sh=F9AA6150C80A867F668929852764339622A9EADB ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Funmoods.D evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-05-02 173710\Backup Files 2014-05-02 173710\Backup files 4.zip"
sh=C9C8530CFA6364E489095E19CCE084C45641C264 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-05-02 173710\Backup Files 2014-05-02 173710\Backup files 5.zip"
sh=C527783F9A7D8A3B703CFF4159A25C75E2531D05 ft=0 fh=0000000000000000 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-05-02 173710\Backup Files 2014-05-02 173710\Backup files 7.zip"
sh=827819F51CFF781831E52D87DA417982FD1D5C5C ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-05-02 173710\Backup Files 2014-05-02 173710\Backup files 23.zip"
sh=5C1704A760DA6053031CB6657E7254DB25087AF9 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-05-04 191423\Backup Files 2014-05-04 191423\Backup files 2.zip"
sh=B1A8B7FFD27BF4312F541533E1CFB30FEACE7BCC ft=0 fh=0000000000000000 vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-05-04 191423\Backup Files 2014-05-25 191224\Backup files 1.zip"
sh=5D24E64486B91923709088482F6AF7D16E124F2E ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.JP evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-05-04 191423\Backup Files 2014-05-25 191224\Backup files 2.zip"
sh=0E6A9F2A8617C74BE858B39AA167F50DA6F8D844 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-07-20 194139\Backup Files 2014-07-20 194139\Backup files 6.zip"
sh=673016C00551AC7458F968BE2CE90A49F61497AB ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.JP evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-07-20 194139\Backup Files 2014-07-20 194139\Backup files 7.zip"
sh=FEFCC7239E7EDABB296327BFE769ADBF11914B21 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-09-28 190001\Backup Files 2014-10-05 190001\Backup files 5.zip"
sh=DF5C3F5688FF81FEBCD71A7ED2EFD57564B1F82D ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.JP evtl. unerwünschte Anwendung" ac=I fn="L:\B-AZO-N\Backup Set 2014-09-28 190001\Backup Files 2014-10-05 190001\Backup files 6.zip"
sh=B6A4F13AE1C0452F24FEA5A54AC61B88213CB92C ft=1 fh=bc29891845965f1c vn="Variante von Win32/BSDownloader evtl. unerwünschte Anwendung" ac=I fn="L:\Downloads\Afreecodec_downloader_For_MIDI_TO_MP3.exe"
sh=1DFC5F6F64CB56D04C3EEA5DA32EC43E58EB72A7 ft=1 fh=29ea6a66be887c11 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="L:\Downloads\ashampoo_winoptimizer_6_6.60_7593.exe"
sh=A0867E6C018019D4E76B0DA3E067413C1E9193D5 ft=1 fh=25de646db16c1e53 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="L:\Downloads\ashampoo_burning_studio_6_free_6.83_4312.exe"
sh=D3B5FBA9DE00F4D903159B41C79A09C9657F7A0C ft=1 fh=bb1c307affdfbbb0 vn="Variante von Win32/InstallCore.AX evtl. unerwünschte Anwendung" ac=I fn="L:\Downloads\DownloadAcceleratorSetup.exe"
sh=DF03019EA4962809E1AE99549D8A650DDE8DE9B6 ft=1 fh=f4bae2cd41aaec6e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="L:\Downloads\ashampoo_burning_studio_6_free_6.81_3639.exe"
sh=F72D97BC3ED3EEB1E2619AD43959F9FEA5F567DD ft=1 fh=97ab1c07516baf5c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="L:\Downloads\OrbitDownloaderSetup.exe"
sh=99FEC27BB98B14B25E69224640376206F5D8A2BF ft=1 fh=0824ed92bb07e41c vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="L:\Downloads\PDFXVwer207.exe"
sh=9D244250DB3F0C616C567DB7C305413F87554F47 ft=1 fh=8e5b14649c939d1f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="L:\Downloads\ashampoo_snap_5_5.1.5_12197.exe"
sh=ACA3551D677477970EE249900FC6C51FA0E39945 ft=1 fh=d4c9c8069ee6d111 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="L:\Downloads\SweetHome3D-3.7-windows-oc.exe"
sh=15779A83152DB723FC94C3A9C1D054CC55E88414 ft=1 fh=68ba20b51425ebf1 vn="Variante von Win32/Toolbar.Funmoods.D evtl. unerwünschte Anwendung" ac=I fn="L:\Downloads\Download grosser PC\agsetup183se.exe"
sh=15779A83152DB723FC94C3A9C1D054CC55E88414 ft=1 fh=68ba20b51425ebf1 vn="Variante von Win32/Toolbar.Funmoods.D evtl. unerwünschte Anwendung" ac=I fn="L:\Sicherung_C_2014_05_02\Downloads\agsetup183se.exe"
sh=2FEB417894E6C5E60BB62DDB12511A67D41D6646 ft=1 fh=422245aca42721c5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="L:\Sicherung_C_2014_05_02\Downloads\avc-558-free.exe"
sh=14810DC56829DCAB9AD47499BB60466043E148DD ft=1 fh=e9ecc738542a5ba4 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="L:\Sicherung_C_2014_05_02\Downloads\FreemakeVideoConverterSetup_4.1.3.15.exe"
sh=563E1B707747F87BD96829B81E92CA1EE04E83FD ft=1 fh=421b349ff9c9cc9b vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="L:\Sicherung_C_2014_05_02\Downloads\freeocr422.exe"
sh=1F086C18C59F6F0CBE7C0A03C111F4F5B43DDCDB ft=1 fh=f9b46d7c76787cfa vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="L:\Sicherung_C_2014_05_02\Downloads\FreeYouTubeDownload-3.2.20.1230.exe"
sh=9DF97B417C53958902D1876867B1B5233E107868 ft=1 fh=b6fea5969f17fc17 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="L:\Sicherung_C_2014_05_02\Downloads\m4a-to-mp3-81converter.exe"
sh=72082AACD426490FFD3E6D50AAF9FFF1E355CDCE ft=1 fh=5191f77b348dd238 vn="Win32/WinloadSDA.C evtl. unerwünschte Anwendung" ac=I fn="L:\Sicherung_C_2014_05_02\Downloads\MS-Flight-Simulator-X-Setup.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Java 7 Update 60  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox (33.0) 
 Mozilla Thunderbird (31.2.0) 
 Google Chrome 38.0.2125.101  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Bernd (administrator) on B-AZO-N on 24-10-2014 11:10:20
Running from C:\Users\Bernd\Downloads
Loaded Profile: Bernd (Available profiles: Bernd & Arbeitskonto Bernd & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Windows\System32\atwtusb.exe
() C:\Windows\System32\atwtusb.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\System32\WTMKM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Bernd\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MacrokeyManager] => C:\Windows\system32\WTMKM.exe [7329792 2011-06-01] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2005-05-23] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-12-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Startup: C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zenimax-Startprogramm.lnk
ShortcutTarget: Zenimax-Startprogramm.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe (ZeniMax Online Studios)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0120EC90DE5BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @numfum.com/JSJS,version=0.6.3.1 -> C:\Program Files (x86)\Joystick Plugin\npjoystick.dll (Numfum Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npjoystick.dll (Numfum Ltd)
FF SearchPlugin: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-27]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-21]

Chrome: 
=======
CHR StartupUrls: Default -> "https://de.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-11]
CHR Extension: (Google Drive) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-11]
CHR Extension: (Google-Suche) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-11]
CHR Extension: (Avast Online Security) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-11]
CHR Extension: (Google Wallet) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-11]
CHR Extension: (Google Mail) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-06-27] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-11] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] () [File not signed]
R2 WTService; C:\Windows\system32\atwtusb.exe [916992 2011-04-27] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-27] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-27] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-06-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-27] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 tmnsusbser; C:\Windows\System32\DRIVERS\tmnsusbser.sys [124416 2010-04-21] (Wireless Device)
S3 tmusbnet; C:\Windows\System32\DRIVERS\tmusbnet.sys [129024 2010-04-20] (QUALCOMM Incorporated)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 10:02 - 2014-10-24 11:09 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Notepad++
2014-10-24 09:20 - 2014-10-24 09:21 - 00854448 _____ () C:\Users\Bernd\Downloads\SecurityCheck.exe
2014-10-23 22:29 - 2014-10-23 22:29 - 02347384 _____ (ESET) C:\Users\Bernd\Downloads\esetsmartinstaller_deu.exe
2014-10-23 22:29 - 2014-10-23 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-23 12:31 - 2014-10-23 12:31 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-23 12:30 - 2014-10-23 12:30 - 00244408 _____ () C:\Users\Arbeitskonto Bernd\Downloads\Firefox Setup Stub 33.0.exe
2014-10-22 23:00 - 2014-10-22 23:00 - 00050815 _____ () C:\Users\Bernd\Desktop\FRST.txt
2014-10-22 22:59 - 2014-10-22 22:59 - 00000000 ____D () C:\Users\Bernd\Downloads\FRST-OlderVersion
2014-10-22 22:57 - 2014-10-22 22:57 - 00001639 _____ () C:\Users\Bernd\Desktop\JRT.txt
2014-10-22 22:48 - 2014-10-22 22:48 - 01706144 _____ (Thisisu) C:\Users\Bernd\Downloads\JRT.exe
2014-10-22 22:37 - 2014-10-22 22:37 - 01962496 _____ () C:\Users\Bernd\Downloads\AdwCleaner_4.001.exe
2014-10-22 10:11 - 2014-10-22 10:11 - 00025938 _____ () C:\ComboFix.txt
2014-10-22 09:49 - 2014-10-22 09:49 - 05584933 ____R (Swearware) C:\Users\Bernd\Downloads\ComboFix.exe
2014-10-22 09:36 - 2014-10-22 09:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bernd\Downloads\revosetup95.exe
2014-10-21 13:22 - 2014-10-21 13:23 - 00046218 _____ () C:\Users\Bernd\Downloads\Addition.txt
2014-10-21 13:21 - 2014-10-24 11:10 - 00024604 _____ () C:\Users\Bernd\Downloads\FRST.txt
2014-10-21 13:21 - 2014-10-22 22:59 - 02112000 _____ (Farbar) C:\Users\Bernd\Downloads\FRST64.exe
2014-10-21 13:11 - 2014-10-21 13:12 - 00038487 _____ () C:\Users\Arbeitskonto Bernd\Downloads\Addition.txt
2014-10-21 13:10 - 2014-10-21 13:12 - 00049228 _____ () C:\Users\Arbeitskonto Bernd\Downloads\FRST.txt
2014-10-21 13:10 - 2014-10-21 13:10 - 02110976 _____ (Farbar) C:\Users\Arbeitskonto Bernd\Downloads\FRST64.exe
2014-10-21 11:48 - 2014-10-21 11:48 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Logishrd
2014-10-21 11:45 - 2014-10-22 22:44 - 00021462 _____ () C:\Windows\PFRO.log
2014-10-21 11:37 - 2014-10-21 11:37 - 00001422 _____ () C:\Users\Bernd\Desktop\HitmanPro_20141021_1137.log
2014-10-21 11:31 - 2014-10-21 11:31 - 00003140 _____ () C:\Windows\System32\Tasks\{CE6ADC54-06A9-4B64-BD63-A202F0D090A8}
2014-10-21 11:30 - 2014-10-21 11:30 - 17703272 _____ (Adobe Systems Inc.) C:\Users\Bernd\Downloads\AdobeAIRInstaller.exe
2014-10-21 11:12 - 2014-10-21 11:12 - 00000756 _____ () C:\Windows\LkmdfCoInst.log
2014-10-21 11:12 - 2014-10-21 11:12 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Logishrd
2014-10-21 11:11 - 2014-10-21 11:12 - 00013373 _____ () C:\Windows\LDPINST.LOG
2014-10-20 17:54 - 2014-10-24 09:14 - 00001098 _____ () C:\Windows\setupact.log
2014-10-20 17:54 - 2014-10-20 17:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-20 14:07 - 2014-10-20 14:07 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthPluginSetup (1).exe
2014-10-20 14:03 - 2014-10-20 14:03 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3 (2).exe
2014-10-20 14:03 - 2014-10-20 14:03 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3 (1).exe
2014-10-20 13:59 - 2014-10-20 13:59 - 00000000 ____D () C:\Program Files (x86)\Joystick Plugin
2014-10-20 13:58 - 2014-10-20 13:58 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3.exe
2014-10-20 13:16 - 2014-10-20 13:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\WorldofTanks
2014-10-20 13:16 - 2014-10-20 13:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Sparta
2014-10-20 13:15 - 2014-10-20 13:15 - 00000000 ____D () C:\Users\Bernd\AppData\Local\GGEmpire
2014-10-20 13:14 - 2014-10-20 13:14 - 00712240 _____ ( ) C:\Users\Arbeitskonto Bernd\Downloads\FileOpenerSetup.exe
2014-10-20 13:12 - 2014-10-20 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-10-20 13:12 - 2014-10-20 13:12 - 00002216 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-10-20 13:11 - 2014-10-20 13:11 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthSetup.exe
2014-10-19 15:35 - 2014-10-19 15:35 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthPluginSetup.exe
2014-10-16 22:59 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 22:59 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 22:59 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 22:59 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 22:59 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 22:59 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 22:59 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 22:59 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 22:59 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 22:59 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 22:59 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 22:59 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 22:59 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 22:59 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 22:59 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 22:59 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 22:59 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 22:59 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 22:59 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 22:59 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 22:59 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 22:59 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 22:59 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 22:59 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 22:59 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 22:59 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 22:59 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 22:59 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 22:59 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 22:59 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 22:59 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 22:59 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 22:59 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 22:59 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 22:59 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 22:59 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 22:59 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 22:59 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 22:59 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 22:59 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 22:59 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 22:59 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 22:59 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 22:59 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 22:59 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 22:59 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 22:59 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 22:59 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 22:59 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 22:59 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 22:59 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 22:59 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 22:59 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 22:59 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 22:58 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 22:58 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 22:58 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 22:58 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 22:58 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 22:58 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 22:58 - 2014-08-29 04:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 22:58 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 22:58 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 22:58 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 22:58 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 22:58 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 22:58 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 22:58 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 22:58 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 22:58 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 22:58 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 22:49 - 2014-10-17 00:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-15 17:07 - 2014-10-15 17:07 - 00306160 _____ () C:\Users\Arbeitskonto Bernd\Downloads\Bartender4-4.6.1.zip
2014-10-15 17:07 - 2014-10-15 17:07 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Downloads\Bartender4-4.6.1
2014-10-14 13:12 - 2014-10-14 13:12 - 00225679 _____ () C:\Users\Bernd\Documents\report.txt
2014-10-14 13:04 - 2014-10-14 13:05 - 106224784 _____ (Flexera Software) C:\Users\Arbeitskonto Bernd\Downloads\Install_ESO(1).exe
2014-10-06 09:57 - 2014-10-13 19:25 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Awesomium
2014-10-06 09:45 - 2014-10-06 09:45 - 00002075 _____ () C:\Users\Arbeitskonto Bernd\Desktop\eso - Verknüpfung.lnk
2014-10-06 09:38 - 2014-10-06 09:38 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\Elder Scrolls Online
2014-10-06 08:13 - 2014-10-14 13:20 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Awesomium
2014-10-06 08:00 - 2014-10-06 08:00 - 00000000 ____D () C:\Users\Bernd\Documents\Elder Scrolls Online
2014-10-06 08:00 - 2014-10-06 08:00 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-10-05 20:25 - 2014-10-14 13:08 - 00001251 _____ () C:\Users\Bernd\Desktop\The Elder Scrolls Online.lnk
2014-10-05 20:25 - 2014-10-05 20:25 - 00000000 ____D () C:\Windows\jre
2014-10-05 20:25 - 2014-10-05 20:25 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2014-10-05 20:24 - 2014-10-14 13:07 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-10-05 20:24 - 2014-10-05 20:25 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2014-10-05 20:23 - 2014-10-05 20:23 - 00000000 ___HD () C:\Users\Bernd\InstallAnywhere
2014-10-05 20:21 - 2014-10-05 20:23 - 106224784 _____ (Flexera Software) C:\Users\Arbeitskonto Bernd\Downloads\Install_ESO.exe
2014-10-01 09:14 - 2014-10-01 09:15 - 03589024 _____ (Blizzard Entertainment) C:\Users\Arbeitskonto Bernd\Downloads\Diablo-III-Setup-deDE.exe
2014-10-01 07:52 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 07:52 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 10:36 - 2014-09-30 10:36 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\Diablo III
2014-09-29 22:48 - 2014-09-29 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-29 22:46 - 2014-09-30 10:35 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-28 14:22 - 2014-09-28 15:19 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\My Kindle Content
2014-09-28 14:22 - 2014-09-28 14:22 - 00002295 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Kindle.lnk
2014-09-28 14:22 - 2014-09-28 14:22 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-09-28 14:21 - 2014-09-28 14:22 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Amazon
2014-09-28 14:21 - 2014-09-28 14:21 - 38157960 _____ (Amazon.com) C:\Users\Arbeitskonto Bernd\Downloads\KindleForPC-installer.exe
2014-09-27 18:56 - 2014-10-23 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-27 09:22 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-27 09:22 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 11:10 - 2014-03-21 00:45 - 00000000 ____D () C:\FRST
2014-10-24 11:09 - 2013-08-08 13:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 10:22 - 2014-07-11 12:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 09:22 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 09:22 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 09:17 - 2013-04-15 07:54 - 01539940 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 09:16 - 2014-07-11 12:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 09:16 - 2014-04-13 17:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 09:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 09:14 - 2009-07-14 04:34 - 00000595 _____ () C:\Windows\win.ini
2014-10-24 02:00 - 2013-08-28 15:34 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Adobe
2014-10-23 22:27 - 2013-04-15 17:46 - 00702640 _____ () C:\Windows\system32\perfh007.dat
2014-10-23 22:27 - 2013-04-15 17:46 - 00150280 _____ () C:\Windows\system32\perfc007.dat
2014-10-23 22:27 - 2009-07-14 07:13 - 01628108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-23 22:26 - 2014-05-07 15:47 - 00000000 ___RD () C:\Users\Arbeitskonto Bernd\Dropbox
2014-10-23 20:09 - 2014-05-07 15:44 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox
2014-10-23 20:08 - 2013-08-08 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-23 16:14 - 2014-08-25 22:39 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Battle.net
2014-10-23 12:31 - 2014-04-22 13:27 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-23 09:25 - 2014-05-01 09:52 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Adobe
2014-10-22 22:43 - 2014-04-19 16:41 - 00000000 ____D () C:\AdwCleaner
2014-10-22 10:12 - 2014-04-18 19:21 - 00000000 ____D () C:\Qoobox
2014-10-22 10:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-22 10:01 - 2013-04-15 08:08 - 00000000 ____D () C:\ProgramData\Temp
2014-10-22 09:37 - 2014-04-18 19:15 - 00001268 _____ () C:\Users\Bernd\Desktop\Revo Uninstaller.lnk
2014-10-22 09:37 - 2014-04-18 19:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-21 23:40 - 2014-06-27 14:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-21 23:38 - 2014-04-13 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-21 23:38 - 2014-04-13 17:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-21 23:38 - 2013-08-28 13:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-21 17:56 - 2014-05-05 08:54 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\CutePDF Writer
2014-10-21 17:53 - 2014-07-09 17:58 - 00000132 _____ () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-10-21 14:03 - 2013-08-28 08:01 - 00000806 _____ () C:\Windows\ulead32.ini
2014-10-21 11:22 - 2014-03-22 10:53 - 00000586 _____ () C:\Windows\system32\.crusader
2014-10-21 11:20 - 2014-07-11 12:04 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 11:12 - 2013-12-26 23:00 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-10-21 11:12 - 2013-12-26 23:00 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-10-21 11:12 - 2013-12-26 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-10-21 11:11 - 2013-12-26 22:59 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-10-21 11:10 - 2013-12-26 22:59 - 00000000 ____D () C:\ProgramData\Logishrd
2014-10-20 23:15 - 2013-04-15 08:13 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-20 20:51 - 2013-08-28 13:22 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-10-20 19:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 19:27 - 2013-08-28 15:33 - 00000000 ____D () C:\Users\Bernd
2014-10-20 13:19 - 2014-05-02 16:59 - 00001139 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Mozilla Firefox.lnk
2014-10-20 13:12 - 2013-09-17 08:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Google
2014-10-20 13:12 - 2013-08-28 13:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-20 10:01 - 2013-08-08 13:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 10:01 - 2013-08-08 13:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 10:01 - 2013-08-08 13:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-19 15:17 - 2014-07-11 12:02 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 15:17 - 2014-07-11 12:02 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 10:57 - 2013-08-28 08:01 - 00000000 ____D () C:\Windows\ulead.dat
2014-10-18 10:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 21:19 - 2014-05-01 09:52 - 00000000 ____D () C:\Users\Arbeitskonto Bernd
2014-10-17 07:35 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 07:34 - 2009-07-14 06:45 - 05140888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 07:32 - 2014-05-06 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 00:44 - 2013-08-08 13:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 00:39 - 2013-08-27 13:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 00:29 - 2013-08-27 13:51 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 07:21 - 2013-08-29 15:34 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-10-15 12:56 - 2014-08-25 22:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-11 16:54 - 2013-08-28 15:31 - 00000034 _____ () C:\Windows\cdplayer.ini
2014-10-05 14:35 - 2014-07-12 19:46 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\flightgear.org
2014-10-02 15:53 - 2013-08-08 13:13 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 11:11 - 2014-06-08 11:16 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-04-13 17:42 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2013-08-28 13:07 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 09:23 - 2014-03-31 10:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-27 09:17 - 2014-05-07 15:47 - 00001059 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Dropbox.lnk
2014-09-27 09:17 - 2014-05-07 15:46 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\Arbeitskonto Bernd\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyejbmt.dll
C:\Users\Bernd\AppData\Local\temp\Quarantine.exe
C:\Users\Bernd\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 16:15

==================== End Of Log ============================

--- --- ---

schrauber · 24.10.2014, 18:16

Bitte mal nen Screenshot von der Meldung

Böni · 24.10.2014, 18:34

wie gesagt scheinbar nur beim Anmelden als Admistrator ...

schrauber · 25.10.2014, 14:30

FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles.

Böni · 25.10.2014, 14:50

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014
Ran by Bernd (administrator) on B-AZO-N on 25-10-2014 15:43:30
Running from C:\Users\Bernd\Downloads
Loaded Profiles: Bernd & Arbeitskonto Bernd (Available profiles: Bernd & Arbeitskonto Bernd & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Windows\System32\atwtusb.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
() C:\Windows\System32\WTMKM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Ashampoo Media GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
(Dropbox, Inc.) C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Utils\WowBrowserProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Windows\System32\atwtusb.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\System32\WTMKM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Ashampoo Media GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Bernd\Downloads\FRST64 (2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2010-01-12] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MacrokeyManager] => C:\Windows\system32\WTMKM.exe [7329792 2011-06-01] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2005-05-23] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-12-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3047158342-991607282-2163248425-1006\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe [3860304 2013-10-29] (Ashampoo Media GmbH & Co. KG)
HKU\S-1-5-21-3047158342-991607282-2163248425-1370\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe [3860304 2013-10-29] (Ashampoo Media GmbH & Co. KG)
Startup: C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zenimax-Startprogramm.lnk
ShortcutTarget: Zenimax-Startprogramm.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe (ZeniMax Online Studios)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0120EC90DE5BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @numfum.com/JSJS,version=0.6.3.1 -> C:\Program Files (x86)\Joystick Plugin\npjoystick.dll (Numfum Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npjoystick.dll (Numfum Ltd)
FF SearchPlugin: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\jrweuwgo.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-27]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-21]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome: 
=======
CHR StartupUrls: Default -> "https://de.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-11]
CHR Extension: (Google Drive) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-11]
CHR Extension: (Google-Suche) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-11]
CHR Extension: (Avast Online Security) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-11]
CHR Extension: (Google Wallet) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-11]
CHR Extension: (Google Mail) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-06-27] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-11] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] () [File not signed]
R2 WTService; C:\Windows\system32\atwtusb.exe [916992 2011-04-27] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-27] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-27] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-06-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-27] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-10-25] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 tmnsusbser; C:\Windows\System32\DRIVERS\tmnsusbser.sys [124416 2010-04-21] (Wireless Device)
S3 tmusbnet; C:\Windows\System32\DRIVERS\tmusbnet.sys [129024 2010-04-20] (QUALCOMM Incorporated)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 15:43 - 2014-10-25 15:43 - 02112512 _____ (Farbar) C:\Users\Bernd\Downloads\FRST64 (2).exe
2014-10-25 15:42 - 2014-10-25 15:42 - 02110995 _____ (Farbar) C:\Users\Bernd\Downloads\FRST64 (1).exe
2014-10-24 10:02 - 2014-10-24 11:09 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Notepad++
2014-10-24 09:20 - 2014-10-24 09:21 - 00854448 _____ () C:\Users\Bernd\Downloads\SecurityCheck.exe
2014-10-23 22:29 - 2014-10-23 22:29 - 02347384 _____ (ESET) C:\Users\Bernd\Downloads\esetsmartinstaller_deu.exe
2014-10-23 22:29 - 2014-10-23 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-23 12:31 - 2014-10-23 12:31 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-23 12:30 - 2014-10-23 12:30 - 00244408 _____ () C:\Users\Arbeitskonto Bernd\Downloads\Firefox Setup Stub 33.0.exe
2014-10-22 23:00 - 2014-10-22 23:00 - 00050815 _____ () C:\Users\Bernd\Desktop\FRST.txt
2014-10-22 22:59 - 2014-10-25 15:40 - 00000000 ____D () C:\Users\Bernd\Downloads\FRST-OlderVersion
2014-10-22 22:57 - 2014-10-22 22:57 - 00001639 _____ () C:\Users\Bernd\Desktop\JRT.txt
2014-10-22 22:48 - 2014-10-22 22:48 - 01706144 _____ (Thisisu) C:\Users\Bernd\Downloads\JRT.exe
2014-10-22 22:37 - 2014-10-22 22:37 - 01962496 _____ () C:\Users\Bernd\Downloads\AdwCleaner_4.001.exe
2014-10-22 10:11 - 2014-10-22 10:11 - 00025938 _____ () C:\ComboFix.txt
2014-10-22 09:49 - 2014-10-22 09:49 - 05584933 ____R (Swearware) C:\Users\Bernd\Downloads\ComboFix.exe
2014-10-22 09:36 - 2014-10-22 09:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bernd\Downloads\revosetup95.exe
2014-10-21 13:22 - 2014-10-21 13:23 - 00046218 _____ () C:\Users\Bernd\Downloads\Addition.txt
2014-10-21 13:21 - 2014-10-25 15:44 - 00028100 _____ () C:\Users\Bernd\Downloads\FRST.txt
2014-10-21 13:21 - 2014-10-25 15:40 - 02112395 _____ (Farbar) C:\Users\Bernd\Downloads\FRST64.exe
2014-10-21 13:11 - 2014-10-21 13:12 - 00038487 _____ () C:\Users\Arbeitskonto Bernd\Downloads\Addition.txt
2014-10-21 13:10 - 2014-10-21 13:12 - 00049228 _____ () C:\Users\Arbeitskonto Bernd\Downloads\FRST.txt
2014-10-21 13:10 - 2014-10-21 13:10 - 02110976 _____ (Farbar) C:\Users\Arbeitskonto Bernd\Downloads\FRST64.exe
2014-10-21 11:48 - 2014-10-21 11:48 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Logishrd
2014-10-21 11:45 - 2014-10-22 22:44 - 00021462 _____ () C:\Windows\PFRO.log
2014-10-21 11:37 - 2014-10-21 11:37 - 00001422 _____ () C:\Users\Bernd\Desktop\HitmanPro_20141021_1137.log
2014-10-21 11:31 - 2014-10-21 11:31 - 00003140 _____ () C:\Windows\System32\Tasks\{CE6ADC54-06A9-4B64-BD63-A202F0D090A8}
2014-10-21 11:30 - 2014-10-21 11:30 - 17703272 _____ (Adobe Systems Inc.) C:\Users\Bernd\Downloads\AdobeAIRInstaller.exe
2014-10-21 11:12 - 2014-10-21 11:12 - 00000756 _____ () C:\Windows\LkmdfCoInst.log
2014-10-21 11:12 - 2014-10-21 11:12 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Logishrd
2014-10-21 11:11 - 2014-10-21 11:12 - 00013373 _____ () C:\Windows\LDPINST.LOG
2014-10-20 17:54 - 2014-10-25 11:26 - 00001490 _____ () C:\Windows\setupact.log
2014-10-20 17:54 - 2014-10-20 17:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-20 14:07 - 2014-10-20 14:07 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthPluginSetup (1).exe
2014-10-20 14:03 - 2014-10-20 14:03 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3 (2).exe
2014-10-20 14:03 - 2014-10-20 14:03 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3 (1).exe
2014-10-20 13:59 - 2014-10-20 13:59 - 00000000 ____D () C:\Program Files (x86)\Joystick Plugin
2014-10-20 13:58 - 2014-10-20 13:58 - 00111586 _____ (Numfum Ltd) C:\Users\Arbeitskonto Bernd\Downloads\installer-0.6.3.exe
2014-10-20 13:16 - 2014-10-20 13:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\WorldofTanks
2014-10-20 13:16 - 2014-10-20 13:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Sparta
2014-10-20 13:15 - 2014-10-20 13:15 - 00000000 ____D () C:\Users\Bernd\AppData\Local\GGEmpire
2014-10-20 13:14 - 2014-10-20 13:14 - 00712240 _____ ( ) C:\Users\Arbeitskonto Bernd\Downloads\FileOpenerSetup.exe
2014-10-20 13:12 - 2014-10-20 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-10-20 13:12 - 2014-10-20 13:12 - 00002216 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-10-20 13:11 - 2014-10-20 13:11 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthSetup.exe
2014-10-19 15:35 - 2014-10-19 15:35 - 00880272 _____ (Google Inc.) C:\Users\Arbeitskonto Bernd\Downloads\GoogleEarthPluginSetup.exe
2014-10-16 22:59 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 22:59 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 22:59 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 22:59 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 22:59 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 22:59 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 22:59 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 22:59 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 22:59 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 22:59 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 22:59 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 22:59 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 22:59 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 22:59 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 22:59 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 22:59 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 22:59 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 22:59 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 22:59 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 22:59 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 22:59 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 22:59 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 22:59 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 22:59 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 22:59 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 22:59 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 22:59 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 22:59 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 22:59 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 22:59 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 22:59 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 22:59 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 22:59 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 22:59 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 22:59 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 22:59 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 22:59 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 22:59 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 22:59 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 22:59 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 22:59 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 22:59 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 22:59 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 22:59 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 22:59 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 22:59 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 22:59 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 22:59 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 22:59 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 22:59 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 22:59 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 22:59 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 22:59 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 22:59 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 22:59 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 22:59 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 22:59 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 22:58 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 22:58 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 22:58 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 22:58 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 22:58 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 22:58 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 22:58 - 2014-08-29 04:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 22:58 - 2014-08-29 04:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 22:58 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 22:58 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 22:58 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 22:58 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 22:58 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 22:58 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 22:58 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 22:58 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 22:58 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 22:58 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 22:58 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 22:49 - 2014-10-17 00:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-15 17:07 - 2014-10-15 17:07 - 00306160 _____ () C:\Users\Arbeitskonto Bernd\Downloads\Bartender4-4.6.1.zip
2014-10-15 17:07 - 2014-10-15 17:07 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Downloads\Bartender4-4.6.1
2014-10-14 13:12 - 2014-10-14 13:12 - 00225679 _____ () C:\Users\Bernd\Documents\report.txt
2014-10-14 13:04 - 2014-10-14 13:05 - 106224784 _____ (Flexera Software) C:\Users\Arbeitskonto Bernd\Downloads\Install_ESO(1).exe
2014-10-06 09:57 - 2014-10-13 19:25 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Awesomium
2014-10-06 09:45 - 2014-10-06 09:45 - 00002075 _____ () C:\Users\Arbeitskonto Bernd\Desktop\eso - Verknüpfung.lnk
2014-10-06 09:38 - 2014-10-06 09:38 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\Elder Scrolls Online
2014-10-06 08:13 - 2014-10-14 13:20 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Awesomium
2014-10-06 08:00 - 2014-10-06 08:00 - 00000000 ____D () C:\Users\Bernd\Documents\Elder Scrolls Online
2014-10-06 08:00 - 2014-10-06 08:00 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-10-05 20:25 - 2014-10-14 13:08 - 00001251 _____ () C:\Users\Bernd\Desktop\The Elder Scrolls Online.lnk
2014-10-05 20:25 - 2014-10-05 20:25 - 00000000 ____D () C:\Windows\jre
2014-10-05 20:25 - 2014-10-05 20:25 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2014-10-05 20:24 - 2014-10-14 13:07 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-10-05 20:24 - 2014-10-05 20:25 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2014-10-05 20:23 - 2014-10-05 20:23 - 00000000 ___HD () C:\Users\Bernd\InstallAnywhere
2014-10-05 20:21 - 2014-10-05 20:23 - 106224784 _____ (Flexera Software) C:\Users\Arbeitskonto Bernd\Downloads\Install_ESO.exe
2014-10-01 09:14 - 2014-10-01 09:15 - 03589024 _____ (Blizzard Entertainment) C:\Users\Arbeitskonto Bernd\Downloads\Diablo-III-Setup-deDE.exe
2014-10-01 07:52 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 07:52 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 10:36 - 2014-09-30 10:36 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\Diablo III
2014-09-29 22:48 - 2014-09-29 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-29 22:46 - 2014-09-30 10:35 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-28 14:22 - 2014-09-28 15:19 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\Documents\My Kindle Content
2014-09-28 14:22 - 2014-09-28 14:22 - 00002295 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Kindle.lnk
2014-09-28 14:22 - 2014-09-28 14:22 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-09-28 14:21 - 2014-09-28 14:22 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Amazon
2014-09-28 14:21 - 2014-09-28 14:21 - 38157960 _____ (Amazon.com) C:\Users\Arbeitskonto Bernd\Downloads\KindleForPC-installer.exe
2014-09-27 18:56 - 2014-10-23 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-27 09:22 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-27 09:22 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 15:43 - 2014-03-21 00:45 - 00000000 ____D () C:\FRST
2014-10-25 15:42 - 2014-08-25 22:39 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Battle.net
2014-10-25 15:39 - 2014-07-11 12:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-25 15:39 - 2014-04-13 17:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 15:39 - 2009-07-14 04:34 - 00000595 _____ () C:\Windows\win.ini
2014-10-25 15:22 - 2014-07-11 12:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-25 15:18 - 2013-08-08 13:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-25 15:18 - 2013-04-15 07:54 - 01596537 _____ () C:\Windows\WindowsUpdate.log
2014-10-25 11:33 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-25 11:33 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-25 11:27 - 2014-05-07 15:47 - 00000000 ___RD () C:\Users\Arbeitskonto Bernd\Dropbox
2014-10-25 11:27 - 2014-05-07 15:44 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox
2014-10-25 11:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-25 07:06 - 2014-05-01 09:52 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\Adobe
2014-10-24 17:56 - 2014-05-09 10:04 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Audacity
2014-10-24 17:51 - 2013-04-15 17:46 - 00702640 _____ () C:\Windows\system32\perfh007.dat
2014-10-24 17:51 - 2013-04-15 17:46 - 00150280 _____ () C:\Windows\system32\perfc007.dat
2014-10-24 17:51 - 2009-07-14 07:13 - 01628108 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 12:54 - 2014-08-25 22:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-24 02:00 - 2013-08-28 15:34 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Adobe
2014-10-23 20:08 - 2013-08-08 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-23 12:31 - 2014-04-22 13:27 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-22 22:43 - 2014-04-19 16:41 - 00000000 ____D () C:\AdwCleaner
2014-10-22 10:12 - 2014-04-18 19:21 - 00000000 ____D () C:\Qoobox
2014-10-22 10:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-22 10:01 - 2013-04-15 08:08 - 00000000 ____D () C:\ProgramData\Temp
2014-10-22 09:37 - 2014-04-18 19:15 - 00001268 _____ () C:\Users\Bernd\Desktop\Revo Uninstaller.lnk
2014-10-22 09:37 - 2014-04-18 19:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-21 23:40 - 2014-06-27 14:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-21 23:38 - 2014-04-13 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-21 23:38 - 2014-04-13 17:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-21 23:38 - 2013-08-28 13:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-21 17:56 - 2014-05-05 08:54 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Local\CutePDF Writer
2014-10-21 17:53 - 2014-07-09 17:58 - 00000132 _____ () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-10-21 14:03 - 2013-08-28 08:01 - 00000806 _____ () C:\Windows\ulead32.ini
2014-10-21 11:22 - 2014-03-22 10:53 - 00000586 _____ () C:\Windows\system32\.crusader
2014-10-21 11:20 - 2014-07-11 12:04 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 11:12 - 2013-12-26 23:00 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-10-21 11:12 - 2013-12-26 23:00 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-10-21 11:12 - 2013-12-26 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-10-21 11:11 - 2013-12-26 22:59 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-10-21 11:10 - 2013-12-26 22:59 - 00000000 ____D () C:\ProgramData\Logishrd
2014-10-20 23:15 - 2013-04-15 08:13 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-20 20:51 - 2013-08-28 13:22 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-10-20 19:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 19:27 - 2013-08-28 15:33 - 00000000 ____D () C:\Users\Bernd
2014-10-20 13:19 - 2014-05-02 16:59 - 00001139 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Mozilla Firefox.lnk
2014-10-20 13:12 - 2013-09-17 08:16 - 00000000 ____D () C:\Users\Bernd\AppData\Local\Google
2014-10-20 13:12 - 2013-08-28 13:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-20 10:01 - 2013-08-08 13:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 10:01 - 2013-08-08 13:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 10:01 - 2013-08-08 13:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-19 15:17 - 2014-07-11 12:02 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 15:17 - 2014-07-11 12:02 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 10:57 - 2013-08-28 08:01 - 00000000 ____D () C:\Windows\ulead.dat
2014-10-18 10:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 21:19 - 2014-05-01 09:52 - 00000000 ____D () C:\Users\Arbeitskonto Bernd
2014-10-17 07:35 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 07:34 - 2009-07-14 06:45 - 05140888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 07:32 - 2014-05-06 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 00:44 - 2013-08-08 13:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 00:39 - 2013-08-27 13:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 00:29 - 2013-08-27 13:51 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 07:21 - 2013-08-29 15:34 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-10-11 16:54 - 2013-08-28 15:31 - 00000034 _____ () C:\Windows\cdplayer.ini
2014-10-05 14:35 - 2014-07-12 19:46 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\flightgear.org
2014-10-02 15:53 - 2013-08-08 13:13 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 11:11 - 2014-06-08 11:16 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-04-13 17:42 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2013-08-28 13:07 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 09:23 - 2014-03-31 10:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-27 09:17 - 2014-05-07 15:47 - 00001059 _____ () C:\Users\Arbeitskonto Bernd\Desktop\Dropbox.lnk
2014-09-27 09:17 - 2014-05-07 15:46 - 00000000 ____D () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\Arbeitskonto Bernd\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphokvkc.dll
C:\Users\Bernd\AppData\Local\temp\Quarantine.exe
C:\Users\Bernd\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 16:15

==================== End Of Log ============================

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-10-2014
Ran by Bernd at 2014-10-25 15:44:32
Running from C:\Users\Bernd\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader 8.0 Professional Edition (HKLM-x32\...\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 8.00.1095.4743 - ABBYY Software House)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.5.7828 - CyberLink Corp.) Hidden
Acer Arcade Movie (x32 Version: 9.0.6629 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Edge Animate CC (HKLM-x32\...\{00603DFF-6EC5-4E9E-AB3A-AD4C7D61FF13}) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Edge Code CC (HKLM-x32\...\{55D49B2B-6211-A705-FFDF-2F65E664EA0B}) (Version: 0.95 - Adobe Systems Incorporated)
Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)
Adobe Edge Reflow CC Preview (HKLM-x32\...\{3EF53B20-D3C1-44B1-8DD9-CD51654EB20A}) (Version: 0.27.12254 - Adobe Systems Incorporated)
Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Gaming SDK 1.2 (HKLM-x32\...\{323D371C-CD65-43E2-9E42-BC643F2D4D81}) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Scout CC (HKLM\...\{24CFD7EF-32B7-4FFD-B5A8-B0F129C92D0A}) (Version: 1.1.1.354079 - Adobe Systems Incorporated)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11025 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 6 v.6.0.9 (HKLM-x32\...\{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1) (Version: 6.0.9 - Ashampoo GmbH & Co. KG)
Atlas 0.3.0 (HKLM-x32\...\Atlas_is1) (Version:  - The Atlas Project)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX - Weiteres Material DL_ST7 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST7) (Version:  - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version:  - Canon Inc.)
capella 7 (HKLM-x32\...\{D3873CF8-9608-402B-88AD-D73B5FFAAED8}) (Version: 7.1.23 - capella software AG)
capella melody trainer 1.0 (HKLM-x32\...\{5E46EEBD-257B-4ADE-B7CC-77911364FF70}) (Version: 1.0.6 - capella-software AG)
capella-scan 8.0 (HKLM-x32\...\{776B5EBF-72E9-4FBB-9CAB-F029F7500FFF}) (Version: 8.0.16 - capella-software AG)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Direct MIDI to MP3 Converter Version 7.0.0.0 (HKLM-x32\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
DriverEasy 4.6.3 (HKLM\...\DriverEasy_is1) (Version: 4.6.3.0 - Easeware)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EtikettenAssistent 4.2 (HKLM-x32\...\{9AEF64B1-79A5-4E2F-8FBC-4CA89ECD3595}) (Version: 4.2.1 - HERMA)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FlightGear v2.12.0 (HKLM\...\FlightGear_is1) (Version:  - The FlightGear Team)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free Notes & Office Ink (HKLM-x32\...\{556F2137-B772-43BB-9A45-E0275234DD16}) (Version:   -  )
Free Video Flip and Rotate version 2.1.9.827 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.827 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HERMA Label Designer plus 1.1 (HKLM-x32\...\{7DA64485-2CEE-4F7B-84AB-B287236703B6}) (Version: 1.00.0000 - HERMA GmbH)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InfoBibliothek (HKLM-x32\...\{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}) (Version:  - Akademische Arbeitsgemeinschaft)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Joystick Plug-in (HKLM-x32\...\JSJS) (Version:  - Numfum Ltd)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaShow Espresso (x32 Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X Demo (HKLM-x32\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Müller Foto (HKLM-x32\...\Müller Foto) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Power Presenter RE II (HKLM-x32\...\{8537166B-40F4-4FAE-BAC5-454A4DD773B7}) (Version: 2.59 - Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6024 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secure Banking Version 1.5.2 (HKLM-x32\...\{0BEE0AF9-79F3-4C4F-B374-90C0A16BF294}_is1) (Version: 1.5.2 - Hopfgartner Niklas)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Tablet Driver With Macrokey Manager (HKLM\...\RmTablet) (Version: 4.13 - )
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Ulead COOL 360 1.0 (HKLM-x32\...\{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}) (Version:  - )
Ulead Photo Explorer 8.6 (HKLM-x32\...\{025C3792-E9C6-432A-92C1-661F99D021CA}) (Version: 8.6 - Ulead Systems, Inc.)
Ulead PhotoImpact 11 (HKLM-x32\...\{C8550C86-A712-4219-AD4C-038C9FD1D149}) (Version: 11.0 - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSBoxGO 1.0.0.0 (HKLM-x32\...\XSBoxGO 1.0.0.0) (Version: 1.0.0.0 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3047158342-991607282-2163248425-1370_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-10-2014 20:52:02 Windows Update
16-10-2014 22:29:02 Windows Update
19-10-2014 17:00:13 Windows-Sicherung
20-10-2014 15:51:43 Prüfpunkt von HitmanPro
21-10-2014 08:39:36 Windows Update
21-10-2014 09:22:19 Prüfpunkt von HitmanPro
22-10-2014 07:39:16 Revo Uninstaller's restore point - Extended Update
22-10-2014 07:42:22 Revo Uninstaller's restore point - File Opener Packages
25-10-2014 05:01:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-10-22 10:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {393C5E5A-8BB6-4E6F-BEDA-D2E28F0E81CA} - System32\Tasks\AdobeAAMUpdater-1.0-Power-PC-Power => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {4D93747A-002B-434A-92B6-D73990FFED3F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {59FCA8D3-5D7E-4CE4-90AE-8A20CA468701} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {5A16B89E-1EC3-4A8F-9C55-513953B38E84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {5B175D70-C01E-4544-AAD7-6494F928BBC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-11] (Google Inc.)
Task: {63A3BC64-C05D-4045-8FC2-8EBE32AC2176} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-27] (AVAST Software)
Task: {703A881B-3A5B-4CA9-82BE-D6B8B8958A0F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A64769A7-0A24-4E26-A62C-C1033D14C38A} - System32\Tasks\AdobeAAMUpdater-1.0-Power-PC-Bernd => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {CD47CE63-D672-4A32-91E7-D1603B2E09AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-11] (Google Inc.)
Task: {D6019926-E4D4-4DF9-B9FB-F1C33FEB2B0D} - System32\Tasks\AdobeAAMUpdater-1.0-B-AZO-N-Arbeitskonto Bernd => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {F9584202-43D3-47D3-9729-B41381CD6A37} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-28 00:09 - 2012-07-31 11:31 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2013-04-15 08:09 - 2010-05-13 07:23 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-05-11 18:48 - 2011-04-27 17:23 - 00916992 _____ () C:\Windows\system32\atwtusb.exe
2014-05-11 18:49 - 2011-06-01 11:47 - 07329792 _____ () C:\Windows\System32\WTMKM.exe
2010-08-04 14:40 - 2010-08-04 14:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-06-27 14:37 - 2014-06-27 14:37 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-25 15:20 - 2014-10-25 15:20 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102500\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-23 11:23 - 2013-09-18 08:45 - 00043344 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\MouseHook.dll
2014-10-25 11:27 - 2014-10-25 11:27 - 00043008 _____ () c:\Users\Arbeitskonto Bernd\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphokvkc.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Arbeitskonto Bernd\AppData\Roaming\Dropbox\bin\libcef.dll
2010-08-04 11:47 - 2010-08-04 11:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2013-08-28 08:01 - 2005-01-04 17:05 - 00028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2014-06-27 14:37 - 2014-06-27 14:37 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2014-10-16 22:49 - 2014-10-16 22:50 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-10-16 22:49 - 2014-10-16 22:50 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-10-16 22:49 - 2014-10-16 22:50 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libcef.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libGLESv2.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00905216 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\platforms\qwindows.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libEGL.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qgif.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qico.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qjpeg.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qmng.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qtiff.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQuick.2\qtquick2plugin.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-10-24 12:54 - 2014-10-24 12:54 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQml\Models.2\modelsplugin.dll
2014-10-19 16:29 - 2014-10-19 16:29 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
2013-08-29 15:36 - 2014-10-16 07:21 - 23950848 _____ () C:\Program Files (x86)\World of Warcraft\Utils\libcef.dll
2014-09-27 18:56 - 2014-10-11 14:53 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-03-13 13:42 - 2013-12-26 11:05 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Power\Documents\Bordkarte X3 2278 _ 13JAN _ CGN - FUE für SLAWINSKI_ELISABETH.eml:OECustomProperty
AlternateDataStreams: C:\Users\Power\Documents\Bordkarte X3 2278 _ 13JAN _ CGN - FUE für ZIEGENER_BERND.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3047158342-991607282-2163248425-500 - Administrator - Disabled)
Arbeitskonto Bernd (S-1-5-21-3047158342-991607282-2163248425-1370 - Limited - Enabled) => C:\Users\Arbeitskonto Bernd
Bernd (S-1-5-21-3047158342-991607282-2163248425-1006 - Administrator - Enabled) => C:\Users\Bernd
Gast (S-1-5-21-3047158342-991607282-2163248425-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3047158342-991607282-2163248425-1368 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2014 11:43:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13229

Error: (10/25/2014 11:43:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13229

Error: (10/25/2014 11:43:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/25/2014 11:43:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12231

Error: (10/25/2014 11:43:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12231

Error: (10/25/2014 11:43:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/25/2014 11:43:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11217

Error: (10/25/2014 11:43:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11217

Error: (10/25/2014 11:43:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/25/2014 11:43:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10218


System errors:
=============
Error: (10/25/2014 03:18:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/25/2014 11:43:06 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (10/24/2014 06:16:13 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (10/23/2014 08:10:25 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (10/23/2014 09:44:09 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-22 10:06:30.995
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-22 10:06:30.618
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 44%
Total physical RAM: 8183.76 MB
Available physical RAM: 4501.2 MB
Total Pagefile: 16365.7 MB
Available Pagefile: 11218.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:962.11 GB) (Free:755.58 GB) NTFS
Drive d: (DATA) (Fixed) (Total:887.14 GB) (Free:885.35 GB) NTFS
Drive l: (VERBATIM HD) (Fixed) (Total:465.65 GB) (Free:219.78 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6E20CE3B)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=962.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=887.1 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 94A56F94)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End Of Log ============================

--- --- ---

schrauber · 26.10.2014, 14:24

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Öffne mal den Task Manager und schau welcher Eintrag weg geht wenn Du das fenster weg klickst.

Böni · 26.10.2014, 15:05

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014
Ran by Bernd at 2014-10-26 15:04:18 Run:3
Running from C:\Users\Bernd\Downloads
Loaded Profiles: Bernd & Arbeitskonto Bernd (Available profiles: Bernd & Arbeitskonto Bernd & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.

==== End of Fixlog ====

Hier noch der weggehende Punkt im Taskmanager:
Setpoint von Logittech (siehe Anhang)

Grüße von Böni

24.10.2014, 18:16	#10
schrauber /// the machine /// TB-Ausbilder	PUP.Optional.Astromenda.A, ~Updater.A und ~FramedDisplay.A sind nicht zu löschen Bitte mal nen Screenshot von der Meldung __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

25.10.2014, 14:30	#12
schrauber /// the machine /// TB-Ausbilder	PUP.Optional.Astromenda.A, ~Updater.A und ~FramedDisplay.A sind nicht zu löschen FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

PUP.Optional.Astromenda.A, ~Updater.A und ~FramedDisplay.A sind nicht zu löschen

Plagegeister aller Art und deren Bekämpfung: PUP.Optional.Astromenda.A, ~Updater.A und ~FramedDisplay.A sind nicht zu löschen