Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleitet.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.11.2014, 20:15   #1
__daniel
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Hallo, seid etwa 2 Wochen öffnen sich ca. alle 10 Minuten Webseiten wie z.B. addcash.com , tuneup.com.
Als Browser benutzte ich Google Chrome mit dem Addon Adblock Plus.


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:41 on 11/11/2014 (Daniel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-




\Windows\system32\MRT.exe
2014-10-13 18:21 - 2013-05-23 12:45 - 00000000 ____D () C:\ProgramData\Origin

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Daniel\AppData\Local\Temp\sfareca00001.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:15

==================== End Of Log ============================





(HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8079.17 MB
Available physical RAM: 5566.52 MB
Total Pagefile: 16156.52 MB
Available Pagefile: 13243.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:4.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:566.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 61D1FDAA)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9072F7AD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-11 19:47:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 M4-CT128M4SSD2 rev.040H 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\SysWOW64\ntdll.dll!LdrAccessResource 00000000775e1fc0 5 bytes JMP 000000010051c7a0
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\SysWOW64\ntdll.dll!LdrFindResource_U 00000000775e1fdd 5 bytes JMP 000000010051c710
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\USER32.dll!LoadStringW 0000000075a78eb9 5 bytes JMP 000000010051c6b0
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\USER32.dll!LoadStringA 0000000075a7db21 5 bytes JMP 000000010051c620
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\kernel32.dll

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???t?????r????*??|?????????????n????.NT??????????????????k???????s??????????????t????t??nk??usbccgp???????????????????????~??~???\???????N??????t????? ???#?????r?????s???????????????????????????.??????????????????t???system32\drivers\msahci.sys??????j?j?o?o?j?r?j???r??.NT?????????????????? ???????????????????????????????$??? ???????n?????r?????r??????????x?????????????????????????????????????????????????T??r????????h?????\SystemRoot\system32\DRIVERS\gagp30kx.sys?????x??r?? ???????e????Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms??????????r??????p???PnP Filter???????r?r?r?r?r?r?r????N??r???????????d??agp.inf_amd64_neutral_22cdceb61fbafb43??????? ???????r???????????r?????????????? ????????????????r??????????? ???????n?????s?????s?0??????$?????????c???@gpapi.dll,-112??????r???s?s?s???r???s??????????????????@s??????p???ProfSvc_Group?????X??s????????h?????%windir%\system32\svchost.exe -k GPSvcGroup??????? ??s?????????n????@gpapi.dll,-113?????????????????? ???s??????????????LocalSystem????????????????
Reg HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???j?k????X??l???4??????? "??j???e??????? ??? j?????????????????????????????????oem27.inf???????????System32\Drivers\dfsc.sys???drmkaud?????????????avkmgr???????j???n????????????????????????????t? ? ????:??????0?g?4???????????????????????????-???9???d?j?j?k?k???k???k?k?k???j?j?????????j?????????e??????????????????s?????volsnap???????????????<????????g??????????????????????N??k????????D????? oem31.inf???????ro????X??l??? ??????? ???????j?????j?????/?,??(?????????????????????????HIDClass????*pnp0c02????0 1 2 3 4???mshdc.inf???? ???????j?????j???????3???????????????????????????????j????? ???????j???????????j?3?????????????????????y?????????????????????????j?????j?k?l??????????????????????.NT?????Cisco??????j????????? ???????j?????????????,?????????????????f???j?jc.???j??? ???????j?????j???????0??L????????? ??????????????j???j???j??g%;I??? ???????j?????j???????0????????????&???????????????????????? ???????j?????j???????0????????????????????? ???????j???????????f?0?????????????????????????????????????????j?????????

---- EOF - GMER 2.1 ----

Alt 11.11.2014, 20:32   #2
Warlord711
/// TB-Ausbilder
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Hallo __daniel



Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Hier findest du die Anleitung für Hilfesuchende
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Bitte poste die Logs erneut wie oben beschrieben.

Die sind so momentan unvollständig/nicht lesbar.
__________________

__________________

Alt 11.11.2014, 20:44   #3
__daniel
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Hallo, Timo

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:41 on 11/11/2014 (Daniel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014
Ran by Daniel (administrator) on DANIEL-PC on 11-11-2014 19:42:17
Running from C:\Users\Daniel\Desktop
Loaded Profile: Daniel (Available profiles: Daniel)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(hxxp://lucky-tab.com/) C:\Program Files (x86)\LuckyTab\LuckyTab.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(Akamai Technologies, Inc.) C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4012539905-1109816757-4069706532-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4012539905-1109816757-4069706532-1000\...\MountPoints2: {63a11b51-41a1-11e4-bc84-bc5ff46d02f3} - G:\LG_PC_Programs.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x78BE8013E620CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {6AA2E278-57AC-4eec-B4D9-6E5E050B7521} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> E:\Spiele\Uplay\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yoobio.com/?r=hp
CHR StartupUrls: Default -> "https://www.youtube.com/feed/subscriptions"
CHR DefaultSearchKeyword: Default -> startpage.com_
CHR DefaultSearchURL: Default -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch
CHR DefaultSuggestURL: Default -> https://startpage.com/cgi-bin/csuggest?output=json&pl=chrome&lang=deutsch&query={searchTerms}
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Adblock Plus) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-30]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag264.sys [29696 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-12-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-12-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 PCASp60; System32\Drivers\PCASp60.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP2\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 19:42 - 2014-11-11 19:42 - 00017464 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-11-11 19:42 - 2014-11-11 19:42 - 00000000 ____D () C:\FRST
2014-11-11 19:41 - 2014-11-11 19:41 - 00000474 _____ () C:\Users\Daniel\Desktop\defogger_disable.log
2014-11-11 19:39 - 2014-11-11 19:39 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-11-09 14:49 - 2014-11-09 14:49 - 02115584 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-11-09 14:49 - 2014-11-09 14:49 - 00380416 _____ () C:\Users\Daniel\Desktop\Gmer-19357.exe
2014-11-09 14:48 - 2014-11-09 14:48 - 00050477 _____ () C:\Users\Daniel\Desktop\Defogger.exe
2014-11-04 16:22 - 2014-11-04 16:22 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-11-04 16:22 - 2014-11-04 16:22 - 00000000 ____D () C:\Users\Daniel\AppData\Local\PDF24
2014-11-04 16:22 - 2014-11-04 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-11-04 16:22 - 2014-11-04 16:22 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-11-04 15:47 - 2014-11-11 19:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 15:47 - 2014-11-04 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-04 15:47 - 2014-11-04 15:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-04 15:47 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-04 15:47 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-04 15:47 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-03 18:12 - 2014-11-03 18:12 - 00036700 _____ () C:\Users\Daniel\Documents\cc_20141103_181209.reg
2014-11-03 16:04 - 2014-11-03 16:04 - 00001344 _____ () C:\Windows\system32\RaCoInst.log
2014-11-03 16:03 - 2012-12-19 04:16 - 04133888 ____R (ASUSTek COMPUTER INC.) C:\Windows\SysWOW64\AInst5090x.exe
2014-11-03 16:03 - 2012-12-19 04:07 - 00001546 ____R () C:\Windows\SysWOW64\WLU5090.cfgx
2014-11-03 16:03 - 2012-08-17 15:31 - 01733216 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28ux.sys
2014-11-03 16:03 - 2011-12-26 03:57 - 00327008 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
2014-11-03 16:03 - 2011-12-26 03:57 - 00014119 _____ () C:\Windows\system32\RaCoInst.dat
2014-10-31 16:14 - 2014-11-10 16:47 - 00000000 ____D () C:\Users\Daniel\Desktop\johanna
2014-10-28 17:12 - 2014-10-28 17:12 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Avira
2014-10-28 17:12 - 2014-10-28 17:11 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-28 17:10 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-28 17:10 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-28 17:10 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-28 17:04 - 2014-11-08 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-28 17:04 - 2014-11-08 15:54 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-28 17:04 - 2014-10-28 17:10 - 00000000 ____D () C:\ProgramData\Avira
2014-10-28 16:55 - 2014-10-28 16:55 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Avg2013
2014-10-27 13:55 - 2014-10-27 13:55 - 00009554 _____ () C:\Windows\patsearch.bin
2014-10-27 13:55 - 2014-10-27 13:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-27 13:54 - 2014-10-27 15:57 - 00003210 _____ () C:\Windows\System32\Tasks\YourFileDownloader Installer Starter
2014-10-27 13:54 - 2014-10-27 13:54 - 00003404 _____ () C:\Windows\System32\Tasks\LuckyTab
2014-10-27 13:54 - 2014-10-27 13:54 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2014-10-27 13:54 - 2014-10-27 13:54 - 00000000 ____D () C:\Program Files (x86)\LuckyTab
2014-10-23 15:11 - 2014-10-23 15:11 - 00213060 _____ () C:\Program Files\DesktopOK_x64.zip
2014-10-22 22:52 - 2014-10-22 22:52 - 00000000 ____D () C:\ProgramData\ATI
2014-10-22 22:52 - 2014-10-22 22:52 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-22 22:52 - 2014-10-22 22:52 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-10-22 22:51 - 2014-10-22 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-10-22 22:51 - 2014-10-22 22:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-10-22 22:49 - 2014-10-22 22:51 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-22 22:40 - 2014-10-22 22:40 - 00055860 _____ () C:\Windows\SysWOW64\CCCInstall_201410222340459610.log
2014-10-22 22:23 - 2014-10-22 22:23 - 00000000 ____D () C:\Program Files\AMD
2014-10-18 15:56 - 2014-11-09 02:00 - 00147540 _____ () C:\Windows\PFRO.log
2014-10-18 15:56 - 2014-10-18 15:56 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-17 22:37 - 2014-10-17 22:37 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Downloaded Installations
2014-10-17 22:37 - 2014-10-17 22:37 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-10-17 22:34 - 2014-10-17 22:34 - 00056720 _____ () C:\Windows\SysWOW64\CCCInstall_201410172334044671.log
2014-10-17 22:33 - 2014-11-11 18:55 - 00009672 _____ () C:\Windows\setupact.log
2014-10-17 22:33 - 2014-10-17 22:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-17 22:32 - 2014-11-08 15:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-17 22:32 - 2014-10-22 22:51 - 00000000 ____D () C:\Program Files\ATI
2014-10-17 17:14 - 2014-10-17 17:14 - 00462880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 15:47 - 2014-10-17 15:47 - 00117840 _____ () C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-17 14:20 - 2014-10-17 14:20 - 00001011 _____ () C:\Users\Daniel\Desktop\SpeedFan.lnk
2014-10-16 21:23 - 2014-10-17 21:17 - 00000208 _____ () C:\Users\Daniel\Desktop\PAYDAY The Heist.url
2014-10-15 12:24 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 12:24 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 12:24 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 12:24 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 12:24 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 12:24 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 12:24 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 12:24 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 12:24 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 12:24 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 12:24 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 12:24 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 12:24 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 12:24 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 12:24 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 12:24 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 12:24 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 12:24 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 12:24 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 12:24 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 12:24 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 12:24 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 12:24 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 12:24 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 12:24 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 12:24 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 12:24 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 12:24 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 12:24 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 12:24 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 12:24 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 12:24 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 12:24 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 12:24 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 12:24 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 12:24 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 12:24 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 12:24 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 12:24 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 12:24 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 12:24 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 12:24 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 12:24 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 12:24 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 12:24 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 12:24 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 12:24 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 12:24 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 12:24 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 12:24 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 12:24 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 12:24 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 12:24 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 12:24 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 12:24 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 12:24 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 12:24 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 12:24 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 12:24 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 12:24 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 12:24 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 12:24 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 12:24 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 12:24 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 12:24 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 12:24 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 12:24 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 12:24 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 12:24 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 12:24 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 12:24 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 12:24 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 12:24 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 12:24 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 12:24 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 12:24 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 12:24 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 12:24 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 12:24 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 12:24 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 12:24 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 12:24 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 12:24 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 12:24 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 12:24 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 12:24 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 12:24 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 12:24 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 12:24 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 12:24 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 12:24 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 12:24 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 12:24 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 12:24 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 12:24 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 12:23 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 12:23 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 12:23 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 12:23 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 12:23 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 12:23 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 12:23 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 12:23 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 12:23 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 12:23 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 12:23 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 12:23 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 12:23 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 12:23 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 12:23 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 12:23 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 12:23 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 12:23 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 12:23 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 12:23 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 12:23 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 12:23 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 12:23 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 12:23 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 12:23 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 12:23 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 19:41 - 2013-03-14 21:26 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\NetSpeedMonitor
2014-11-11 19:39 - 2013-03-14 11:28 - 00000000 ____D () C:\Users\Daniel
2014-11-11 19:02 - 2013-03-14 20:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 19:02 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:02 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:00 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-11 19:00 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-11 19:00 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 18:55 - 2013-03-14 21:39 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-11-11 18:55 - 2013-03-14 20:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 18:55 - 2013-03-14 12:46 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-11-11 18:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 16:53 - 2013-05-25 15:36 - 01827091 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 00:44 - 2014-10-10 15:44 - 00000000 ____D () C:\Users\Daniel\Desktop\Thomas
2014-11-10 00:43 - 2013-03-16 23:22 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc
2014-11-04 15:43 - 2014-06-12 12:39 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-11-03 16:03 - 2013-10-01 14:58 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-11-03 16:03 - 2013-03-14 12:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-30 01:03 - 2013-03-14 20:04 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 17:04 - 2013-08-20 11:56 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Mozilla
2014-10-28 16:55 - 2013-03-15 23:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-27 15:36 - 2013-08-08 19:02 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-10-23 15:57 - 2013-03-14 20:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 15:57 - 2013-03-14 20:00 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 22:52 - 2013-03-14 12:23 - 00000000 ____D () C:\ProgramData\AMD
2014-10-22 22:50 - 2013-03-27 18:22 - 00000000 ____D () C:\AMD
2014-10-18 15:08 - 2014-03-31 20:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-18 14:47 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-17 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 14:20 - 2013-03-14 21:39 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-10-15 17:37 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-15 15:37 - 2014-05-08 17:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 15:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 15:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 14:02 - 2013-07-11 13:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 14:00 - 2013-03-16 20:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 18:21 - 2013-05-23 12:45 - 00000000 ____D () C:\ProgramData\Origin

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Daniel\AppData\Local\Temp\sfareca00001.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:15

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014
Ran by Daniel at 2014-11-11 19:42:36
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{BCDAC9A6-1D7E-719C-81EA-C093C14A75FA}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ASUS USB-N53 Utility (HKLM-x32\...\{E3D76EEB-4512-4FCF-B71B-5802DDC6B3C0}) (Version: 1.0.16.0000 - ASUS)
ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.7.0 - ASUS)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham Asylum Game of the Year Edition (HKLM-x32\...\{CFABC775-5386-4BA5-86B4-505BBD36E812}) (Version: 1.0.0.0 - Square Enix Limited)
Beyond Good & Evil (HKLM-x32\...\Steam App 15130) (Version:  - Ubisoft)
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG6400 series Benutzerregistrierung (HKLM-x32\...\Canon MG6400 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG6400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6400_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - )
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version:  - Rising Star Games)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
ENSLAVED™: Odyssey to the West™ Premium Edition (HKLM-x32\...\Steam App 245280) (Version:  - Ninja Theory)
Fallout 3 (HKCU\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.00 - Ubisoft)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Formex (HKLM-x32\...\{9F1883AF-32C6-4E3A-92FF-D5D84CD565E0}) (Version: 1.00.0000 - Media Soft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Killer is Dead (HKLM-x32\...\Steam App 261110) (Version:  - KADOKAWA GAMES / GRASSHOPPER MANUFACTURE)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{E19B628D-A9BC-4519-B1D4-4C8C09074F7F}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
MetalGearSolid2 Substance (HKLM-x32\...\{2184D9EA-4E5B-43FD-914E-4563CF028C94}) (Version: 1.00.000 - )
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - THQ)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.0.0.1980 - Electronic Arts, Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PC VGA Camer@ Plus  (HKLM-x32\...\InstallShield_{73C2BB36-ABE5-4E02-A043-E6C0F91A3E2C}) (Version: 1.0.0.19 - Ihr Firmenname)
PC VGA Camer@ Plus  (x32 Version: 1.0.0.19 - Ihr Firmenname) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version:  - Piranha Bytes)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{F42826B8-2A6D-43C9-9334-2F49FFDB7348}) (Version: 2.0.0.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Cat Lady version 1.2 (English Standard + OST) (HKLM-x32\...\{CD7D62AC-058F-4782-B9D0-C4B4DAF0E219}_is1) (Version: 1.2 (English Standard + OST) - Screen 7)
The Void (HKLM-x32\...\The Void_is1) (Version:  - )
The Witcher 2 Enhanced Edition Version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
The Witcher Enhanced Edition Version 1.6 (HKLM-x32\...\The Witcher Enhanced Edition_is1) (Version: 1.6 - CD Projekt RED)
The Witcher Grafikmods 1.0 (HKLM-x32\...\The Witcher Grafikmods_is1) (Version:  - )
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Ys Origin (HKLM-x32\...\Steam App 207350) (Version:  - Nihon Falcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-11-2014 16:59:21 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1318CBB2-3D1E-4B09-9A92-394511C948B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-14] (Google Inc.)
Task: {23EC19C3-3B19-4891-B98F-2460AF504FD5} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
Task: {3E6E9A69-FAB5-46C0-871E-CDD7DDA7899F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {3F3C8C8D-04FA-4D74-963B-E3219D7F5652} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\Daniel\AppData\Local\Temp\YourFileDownloaderm7s9BY3cye.exe <==== ATTENTION
Task: {6A3D5377-9BA0-42C1-B66D-C459A61A8F1B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {70E595B3-3196-4701-97D3-43BA7DF8726F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {81361B7F-9619-4FE5-B511-9B62DC8574F2} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2014-10-27] (hxxp://lucky-tab.com/) <==== ATTENTION
Task: {B5597D1B-A25C-496E-91BA-0837987D09C8} - System32\Tasks\CCleanerSkipUAC => E:\Programme\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {C68E5368-2593-4A10-A7A6-47F15FC6D32F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-14] (Google Inc.)
Task: {CF677BAC-9933-4CA1-AEBC-2BCF960ED2C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {D80DED82-014D-46CC-B5B7-840AB9CA6374} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {DF910EB0-5C3F-4183-91B7-6C118A953068} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2014-03-31 20:38 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-03-14 12:46 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-08-11 13:07 - 2014-08-11 13:07 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2013-03-14 12:40 - 2012-05-21 03:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-16 21:08 - 2014-08-26 19:59 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2014-08-11 13:07 - 2014-08-11 13:07 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-10-30 01:03 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-30 01:03 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-30 01:03 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-30 01:03 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-11-11 18:55 - 2014-11-11 18:55 - 00158720 _____ () C:\Users\Daniel\AppData\Local\Temp\sfareca00001.dll
2014-10-27 15:59 - 2014-11-11 18:55 - 00192512 _____ () C:\Users\Daniel\AppData\Local\Temp\sfamcc00001.dll
2013-03-14 12:46 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Daniel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: EADM => "E:\Spiele\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg:  Malwarebytes Anti-Malware  (cleanup) => "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware "
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: RGSC => E:\Spiele\Rockstar Games\Social Club\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: Steam => "E:\Spiele\Steam\Steam.exe" -silent
MSCONFIG\startupreg: VirtualCloneDrive => "E:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-4012539905-1109816757-4069706532-500 - Administrator - Disabled)
Daniel (S-1-5-21-4012539905-1109816757-4069706532-1000 - Administrator - Enabled) => C:\Users\Daniel
Gast (S-1-5-21-4012539905-1109816757-4069706532-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4012539905-1109816757-4069706532-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2014 03:42:58 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Daniel-PC)
Description: Die Anwendung oder der Dienst "PDF Architect 2 Creator" konnte nicht neu gestartet werden.

Error: (10/22/2014 10:52:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Kdbsync.exe, Version: 0.0.0.0, Zeitstempel: 0x50b434c3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00576a08
ID des fehlerhaften Prozesses: 0xbf4
Startzeit der fehlerhaften Anwendung: 0xKdbsync.exe0
Pfad der fehlerhaften Anwendung: Kdbsync.exe1
Pfad des fehlerhaften Moduls: Kdbsync.exe2
Berichtskennung: Kdbsync.exe3

Error: (10/22/2014 10:47:33 PM) (Source: MsiInstaller) (EventID: 11730) (User: Daniel-PC)
Description: Produkt: AMD Catalyst Install Manager -- Fehler 1730. Sie müssen über Administratorrechte verfügen, um diese Anwendung entfernen zu können. Melden Sie sich als Administrator an oder wenden Sie sich an den technischen Support, um Unterstützung zu erhalten.

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (11/04/2014 09:07:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\RAIHV.dll
Fehlercode: 126

Error: (11/04/2014 07:00:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\RAIHV.dll
Fehlercode: 126

Error: (11/04/2014 03:36:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\RAIHV.dll
Fehlercode: 126

Error: (11/04/2014 03:23:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\RAIHV.dll
Fehlercode: 126

Error: (11/03/2014 06:43:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\RAIHV.dll
Fehlercode: 126

Error: (11/03/2014 06:18:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\RAIHV.dll
Fehlercode: 126

Error: (11/03/2014 06:12:39 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (11/03/2014 05:17:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\RAIHV.dll
Fehlercode: 126

Error: (11/03/2014 04:42:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\RAIHV.dll
Fehlercode: 126

Error: (11/03/2014 03:55:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\RAIHV.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (11/04/2014 03:42:58 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Daniel-PC)
Description: 0creator-ws.exePDF Architect 2 Creator03026217819800

Error: (10/22/2014 10:52:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Kdbsync.exe0.0.0.050b434c3unknown0.0.0.000000000c000000500576a08bf401cfee426c10b530C:\Program Files (x86)\AMD AVT\bin\Kdbsync.exeunknowna9ea7a35-5a35-11e4-96e7-bc5ff46d02f3

Error: (10/22/2014 10:47:33 PM) (Source: MsiInstaller) (EventID: 11730) (User: Daniel-PC)
Description: Produkt: AMD Catalyst Install Manager -- Fehler 1730. Sie müssen über Administratorrechte verfügen, um diese Anwendung entfernen zu können. Melden Sie sich als Administrator an oder wenden Sie sich an den technischen Support, um Unterstützung zu erhalten.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/17/2014 05:14:33 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8079.17 MB
Available physical RAM: 5566.52 MB
Total Pagefile: 16156.52 MB
Available Pagefile: 13243.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:4.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:566.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 61D1FDAA)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9072F7AD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-11 19:47:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 M4-CT128M4SSD2 rev.040H 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                       * 9
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\SysWOW64\ntdll.dll!LdrAccessResource                                                        00000000775e1fc0 5 bytes JMP 000000010051c7a0
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\SysWOW64\ntdll.dll!LdrFindResource_U                                                        00000000775e1fdd 5 bytes JMP 000000010051c710
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\USER32.dll!LoadStringW                                                             0000000075a78eb9 5 bytes JMP 000000010051c6b0
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\USER32.dll!LoadStringA                                                             0000000075a7db21 5 bytes JMP 000000010051c620
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                  0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                       * 9
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                   0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                            0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                   0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                            0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                  0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                       0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                  0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                     0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                  0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                            0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LuckyTab\LuckyTab.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                            0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                              0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                              0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                              0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                       * 9
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                 0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                          0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                 0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                          0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                     0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                              0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                   0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                              0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                          0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                          0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                     0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                       0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                     0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                     0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                       * 9
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                        0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                 0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                        0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                 0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                       0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                            0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                     0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                       0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                          0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                       0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                     0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                 0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                 0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                     0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                       0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                     0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                     0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                       * 9
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                        0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                 0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                        0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                 0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                       0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                            0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                     0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                       0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                          0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                       0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                     0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                 0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                 0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000074fe1401 2 bytes JMP 75c6b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000074fe1419 2 bytes JMP 75c6b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000074fe1431 2 bytes JMP 75ce8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          0000000074fe144a 2 bytes CALL 75c448ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                       * 9
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                             0000000074fe14dd 2 bytes JMP 75ce87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      0000000074fe14f5 2 bytes JMP 75ce8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                             0000000074fe150d 2 bytes JMP 75ce8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000074fe1525 2 bytes JMP 75ce8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            0000000074fe153d 2 bytes JMP 75c5fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                 0000000074fe1555 2 bytes JMP 75c668ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          0000000074fe156d 2 bytes JMP 75ce8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000074fe1585 2 bytes JMP 75ce8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                               0000000074fe159d 2 bytes JMP 75ce865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            0000000074fe15b5 2 bytes JMP 75c5fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          0000000074fe15cd 2 bytes JMP 75c6b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      0000000074fe16b2 2 bytes JMP 75ce8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\AVG Secure Search\vprot.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      0000000074fe16bd 2 bytes JMP 75ce85f1 C:\Windows\syswow64\kernel32.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC                                                                          ???t?????r????*??|?????????????n????.NT??????????????????k???????s??????????????t????t??nk??usbccgp???????????????????????~??~???\???????N??????t????????#?????r?????s???????????????????????????.??????????????????t???system32\drivers\msahci.sys??????j?j?o?o?j?r?j???r??.NT?????????????????? ???????????????????????????????$??? ???????n?????r?????r??????????x?????????????????????????????????????????????????T??r????????h?????\SystemRoot\system32\DRIVERS\gagp30kx.sys?????x??r?????????e????Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms??????????r??????p???PnP Filter???????r?r?r?r?r?r?r????N??r???????????d??agp.inf_amd64_neutral_22cdceb61fbafb43??????? ???????r???????????r?????????????? ????????????????r??????????? ???????n?????s?????s?0??????$?????????c???@gpapi.dll,-112??????r???s?s?s???r???s??????????????????@s??????p???ProfSvc_Group?????X??s????????h?????%windir%\system32\svchost.exe -k GPSvcGroup??????? ??s?????????n????@gpapi.dll,-113?????????????????? ???s??????????????LocalSystem????????????????
Reg    HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC                                                                              ???j?k????X??l???4??????? "??j???e??????? ??? j?????????????????????????????????oem27.inf???????????System32\Drivers\dfsc.sys???drmkaud?????????????avkmgr???????j???n????????????????????????????t?? ????:??????0?g?4???????????????????????????-???9???d?j?j?k?k???k???k?k?k???j?j?????????j?????????e??????????????????s?????volsnap???????????????<????????g??????????????????????N??k????????D?????oem31.inf???????ro????X??l??? ??????? ???????j?????j?????/?,??(?????????????????????????HIDClass????*pnp0c02????0 1 2 3 4???mshdc.inf???? ???????j?????j???????3???????????????????????????????j????? ???????j???????????j?3?????????????????????y?????????????????????????j?????j?k?l??????????????????????.NT?????Cisco??????j????????? ???????j?????????????,?????????????????f???j?jc.???j??? ???????j?????j???????0??L????????? ??????????????j???j???j??g%;I??? ???????j?????j???????0????????????&???????????????????????? ???????j?????j???????0????????????????????? ???????j???????????f?0?????????????????????????????????????????j?????????

---- EOF - GMER 2.1 ----
         
__________________

Alt 11.11.2014, 20:52   #4
Warlord711
/// TB-Ausbilder
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 11.11.2014, 21:40   #5
__daniel
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Code:
ATTFilter
# AdwCleaner v4.101 - Bericht erstellt am 11/11/2014 um 21:11:52
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-11.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Daniel - DANIEL-PC
# Gestartet von : C:\Users\Daniel\Desktop\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : vToolbarUpdater18.1.9

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\LuckyTab
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Daniel\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Daniel\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : LuckyTab

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\LuckyTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v


-\\ Google Chrome v38.0.2125.111


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [6171 octets] - [11/11/2014 21:10:55]
AdwCleaner[S0].txt - [5916 octets] - [11/11/2014 21:11:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5976 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Daniel on 11.11.2014 at 21:28:47,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.11.2014 at 21:30:27,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 11.11.2014 15:43:46, SYSTEM, DANIEL-PC, Scheduler, Malware Database, 2014.11.10.7, 2014.11.11.4, 
Protection, 11.11.2014 15:43:58, SYSTEM, DANIEL-PC, Protection, Malware Protection, Starting, 
Protection, 11.11.2014 15:43:58, SYSTEM, DANIEL-PC, Protection, Malware Protection, Started, 
Protection, 11.11.2014 15:43:58, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 11.11.2014 15:43:58, SYSTEM, DANIEL-PC, Protection, Refresh, Starting, 
Protection, 11.11.2014 15:43:58, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Started, 
Protection, 11.11.2014 15:43:58, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 11.11.2014 15:43:58, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 11.11.2014 15:44:01, SYSTEM, DANIEL-PC, Protection, Refresh, Success, 
Protection, 11.11.2014 15:44:01, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 11.11.2014 15:44:01, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Started, 
Scan, 11.11.2014 15:48:55, SYSTEM, DANIEL-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 5 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, 
Detection, 11.11.2014 16:48:21, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.cdntraffic.com, 50392, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 11.11.2014 16:48:21, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.cdntraffic.com, 50393, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 11.11.2014 16:48:21, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.cdntraffic.com, 50392, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 11.11.2014 16:48:21, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, IP, 159.253.131.112, cdn.cdntraffic.com, 50400, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 11.11.2014 19:26:15, SYSTEM, DANIEL-PC, Scheduler, Malware Database, 2014.11.11.4, 2014.11.11.7, 
Protection, 11.11.2014 19:26:25, SYSTEM, DANIEL-PC, Protection, Malware Protection, Starting, 
Protection, 11.11.2014 19:26:25, SYSTEM, DANIEL-PC, Protection, Malware Protection, Started, 
Protection, 11.11.2014 19:26:25, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 11.11.2014 19:26:25, SYSTEM, DANIEL-PC, Protection, Refresh, Starting, 
Protection, 11.11.2014 19:26:25, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Started, 
Protection, 11.11.2014 19:26:25, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 11.11.2014 19:26:25, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 11.11.2014 19:26:27, SYSTEM, DANIEL-PC, Protection, Refresh, Success, 
Protection, 11.11.2014 19:26:28, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 11.11.2014 19:26:28, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Started, 
Protection, 11.11.2014 19:39:15, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 11.11.2014 19:39:16, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 11.11.2014 19:39:16, SYSTEM, DANIEL-PC, Protection, Malware Protection, Stopping, 
Protection, 11.11.2014 19:39:16, SYSTEM, DANIEL-PC, Protection, Malware Protection, Stopped, 
Protection, 11.11.2014 20:23:45, SYSTEM, DANIEL-PC, Protection, Malware Protection, Starting, 
Protection, 11.11.2014 20:23:45, SYSTEM, DANIEL-PC, Protection, Malware Protection, Started, 
Protection, 11.11.2014 20:23:45, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 11.11.2014 20:23:45, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Started, 
Scan, 11.11.2014 20:30:01, SYSTEM, DANIEL-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 5 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, 
Protection, 11.11.2014 20:40:04, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 11.11.2014 20:40:04, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 11.11.2014 20:40:04, SYSTEM, DANIEL-PC, Protection, Malware Protection, Stopping, 
Protection, 11.11.2014 20:40:04, SYSTEM, DANIEL-PC, Protection, Malware Protection, Stopped, 
Protection, 11.11.2014 21:21:42, SYSTEM, DANIEL-PC, Protection, Malware Protection, Starting, 
Protection, 11.11.2014 21:21:42, SYSTEM, DANIEL-PC, Protection, Malware Protection, Started, 
Protection, 11.11.2014 21:21:42, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 11.11.2014 21:21:42, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Started, 
Update, 11.11.2014 21:21:50, SYSTEM, DANIEL-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.11.11.1, 
Update, 11.11.2014 21:22:30, SYSTEM, DANIEL-PC, Manual, Malware Database, 2014.9.19.5, 2014.11.11.8, 
Protection, 11.11.2014 21:22:30, SYSTEM, DANIEL-PC, Protection, Refresh, Starting, 
Protection, 11.11.2014 21:22:30, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 11.11.2014 21:22:30, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 11.11.2014 21:22:33, SYSTEM, DANIEL-PC, Protection, Refresh, Success, 
Protection, 11.11.2014 21:22:33, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 11.11.2014 21:22:33, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Started, 
Scan, 11.11.2014 21:26:53, SYSTEM, DANIEL-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 4 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, 
Protection, 11.11.2014 21:28:22, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 11.11.2014 21:28:22, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 11.11.2014 21:28:22, SYSTEM, DANIEL-PC, Protection, Malware Protection, Stopping, 
Protection, 11.11.2014 21:28:23, SYSTEM, DANIEL-PC, Protection, Malware Protection, Stopped, 
Protection, 11.11.2014 21:37:43, SYSTEM, DANIEL-PC, Protection, Malware Protection, Starting, 
Protection, 11.11.2014 21:37:43, SYSTEM, DANIEL-PC, Protection, Malware Protection, Started, 
Protection, 11.11.2014 21:37:43, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 11.11.2014 21:37:43, SYSTEM, DANIEL-PC, Protection, Malicious Website Protection, Started, 

(end)
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Daniel (administrator) on DANIEL-PC on 11-11-2014 21:39:24
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available profiles: Daniel)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(Akamai Technologies, Inc.) C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Akamai Technologies, Inc.) C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4012539905-1109816757-4069706532-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4012539905-1109816757-4069706532-1000\...\MountPoints2: {63a11b51-41a1-11e4-bc84-bc5ff46d02f3} - G:\LG_PC_Programs.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x78BE8013E620CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {6AA2E278-57AC-4eec-B4D9-6E5E050B7521} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4012539905-1109816757-4069706532-1000: ubisoft.com/uplaypc -> E:\Spiele\Uplay\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yoobio.com/?r=hp
CHR StartupUrls: Default -> "https://www.youtube.com/feed/subscriptions"
CHR DefaultSearchKeyword: Default -> startpage.com_
CHR DefaultSearchURL: Default -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch
CHR DefaultSuggestURL: Default -> https://startpage.com/cgi-bin/csuggest?output=json&pl=chrome&lang=deutsch&query={searchTerms}
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Adblock Plus) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-30]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag264.sys [29696 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-12-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-12-10] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 PCASp60; System32\Drivers\PCASp60.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP2\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 21:39 - 2014-11-11 21:39 - 00016357 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-11-11 21:39 - 2014-11-11 21:39 - 00000000 ____D () C:\Users\Daniel\Desktop\FRST-OlderVersion
2014-11-11 21:38 - 2014-11-11 21:38 - 00006856 _____ () C:\Users\Daniel\Desktop\mbam.txt
2014-11-11 21:30 - 2014-11-11 21:30 - 00000626 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-11-11 21:26 - 2014-11-11 21:26 - 00000000 _____ () C:\Users\Daniel\Desktop\Neues Textdokument (3).txt
2014-11-11 21:26 - 2014-11-11 21:26 - 00000000 _____ () C:\Users\Daniel\Desktop\Neues Textdokument (2).txt
2014-11-11 21:21 - 2014-11-11 21:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 21:21 - 2014-11-11 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-11 21:21 - 2014-11-11 21:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-11 21:21 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 21:21 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-11 21:21 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-11 21:17 - 2014-11-11 21:20 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-11 21:15 - 2014-11-11 21:15 - 00000000 ____D () C:\Windows\ERUNT
2014-11-11 21:14 - 2014-11-11 21:14 - 01706808 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2014-11-11 21:10 - 2014-11-11 21:34 - 00000000 ____D () C:\AdwCleaner
2014-11-11 21:09 - 2014-11-11 21:10 - 02140160 _____ () C:\Users\Daniel\Desktop\AdwCleaner_4.101.exe
2014-11-11 21:09 - 2014-11-11 21:09 - 00000073 _____ () C:\Users\Daniel\Desktop\c.txt
2014-11-11 19:42 - 2014-11-11 21:39 - 00000000 ____D () C:\FRST
2014-11-11 19:39 - 2014-11-11 19:39 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-11-09 14:49 - 2014-11-11 21:39 - 02116096 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-11-09 14:49 - 2014-11-09 14:49 - 00380416 _____ () C:\Users\Daniel\Desktop\Gmer-19357.exe
2014-11-09 14:48 - 2014-11-09 14:48 - 00050477 _____ () C:\Users\Daniel\Desktop\Defogger.exe
2014-11-04 16:22 - 2014-11-04 16:22 - 00001083 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-11-04 16:22 - 2014-11-04 16:22 - 00000000 ____D () C:\Users\Daniel\AppData\Local\PDF24
2014-11-04 16:22 - 2014-11-04 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-11-04 16:22 - 2014-11-04 16:22 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-11-03 18:12 - 2014-11-03 18:12 - 00036700 _____ () C:\Users\Daniel\Documents\cc_20141103_181209.reg
2014-11-03 16:04 - 2014-11-03 16:04 - 00001344 _____ () C:\Windows\system32\RaCoInst.log
2014-11-03 16:03 - 2012-12-19 04:16 - 04133888 ____R (ASUSTek COMPUTER INC.) C:\Windows\SysWOW64\AInst5090x.exe
2014-11-03 16:03 - 2012-12-19 04:07 - 00001546 ____R () C:\Windows\SysWOW64\WLU5090.cfgx
2014-11-03 16:03 - 2012-08-17 15:31 - 01733216 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28ux.sys
2014-11-03 16:03 - 2011-12-26 03:57 - 00327008 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
2014-11-03 16:03 - 2011-12-26 03:57 - 00014119 _____ () C:\Windows\system32\RaCoInst.dat
2014-10-31 16:14 - 2014-11-10 16:47 - 00000000 ____D () C:\Users\Daniel\Desktop\johanna
2014-10-28 17:12 - 2014-10-28 17:12 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Avira
2014-10-28 17:12 - 2014-10-28 17:11 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-28 17:10 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-28 17:10 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-28 17:10 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-28 17:04 - 2014-11-08 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-28 17:04 - 2014-11-08 15:54 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-28 17:04 - 2014-10-28 17:10 - 00000000 ____D () C:\ProgramData\Avira
2014-10-28 16:55 - 2014-10-28 16:55 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Avg2013
2014-10-27 13:55 - 2014-10-27 13:55 - 00009554 _____ () C:\Windows\patsearch.bin
2014-10-27 13:55 - 2014-10-27 13:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-27 13:54 - 2014-10-27 15:57 - 00003210 _____ () C:\Windows\System32\Tasks\YourFileDownloader Installer Starter
2014-10-23 15:11 - 2014-10-23 15:11 - 00213060 _____ () C:\Program Files\DesktopOK_x64.zip
2014-10-22 22:52 - 2014-10-22 22:52 - 00000000 ____D () C:\ProgramData\ATI
2014-10-22 22:52 - 2014-10-22 22:52 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-22 22:52 - 2014-10-22 22:52 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-10-22 22:51 - 2014-10-22 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-10-22 22:51 - 2014-10-22 22:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-10-22 22:49 - 2014-10-22 22:51 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-22 22:40 - 2014-10-22 22:40 - 00055860 _____ () C:\Windows\SysWOW64\CCCInstall_201410222340459610.log
2014-10-22 22:23 - 2014-10-22 22:23 - 00000000 ____D () C:\Program Files\AMD
2014-10-18 15:56 - 2014-11-11 21:12 - 00147858 _____ () C:\Windows\PFRO.log
2014-10-18 15:56 - 2014-10-18 15:56 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-17 22:37 - 2014-10-17 22:37 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Downloaded Installations
2014-10-17 22:37 - 2014-10-17 22:37 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-10-17 22:34 - 2014-10-17 22:34 - 00056720 _____ () C:\Windows\SysWOW64\CCCInstall_201410172334044671.log
2014-10-17 22:33 - 2014-11-11 21:12 - 00009728 _____ () C:\Windows\setupact.log
2014-10-17 22:33 - 2014-10-17 22:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-17 22:32 - 2014-11-08 15:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-17 22:32 - 2014-10-22 22:51 - 00000000 ____D () C:\Program Files\ATI
2014-10-17 17:14 - 2014-10-17 17:14 - 00462880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 15:47 - 2014-10-17 15:47 - 00117840 _____ () C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-17 14:20 - 2014-10-17 14:20 - 00001011 _____ () C:\Users\Daniel\Desktop\SpeedFan.lnk
2014-10-16 21:23 - 2014-10-17 21:17 - 00000208 _____ () C:\Users\Daniel\Desktop\PAYDAY The Heist.url
2014-10-15 12:24 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 12:24 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 12:24 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 12:24 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 12:24 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 12:24 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 12:24 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 12:24 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 12:24 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 12:24 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 12:24 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 12:24 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 12:24 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 12:24 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 12:24 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 12:24 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 12:24 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 12:24 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 12:24 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 12:24 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 12:24 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 12:24 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 12:24 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 12:24 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 12:24 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 12:24 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 12:24 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 12:24 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 12:24 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 12:24 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 12:24 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 12:24 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 12:24 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 12:24 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 12:24 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 12:24 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 12:24 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 12:24 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 12:24 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 12:24 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 12:24 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 12:24 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 12:24 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 12:24 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 12:24 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 12:24 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 12:24 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 12:24 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 12:24 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 12:24 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 12:24 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 12:24 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 12:24 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 12:24 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 12:24 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 12:24 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 12:24 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 12:24 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 12:24 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 12:24 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 12:24 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 12:24 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 12:24 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 12:24 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 12:24 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 12:24 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 12:24 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 12:24 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 12:24 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 12:24 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 12:24 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 12:24 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 12:24 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 12:24 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 12:24 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 12:24 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 12:24 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 12:24 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 12:24 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 12:24 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 12:24 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 12:24 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 12:24 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 12:24 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 12:24 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 12:24 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 12:24 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 12:24 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 12:24 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 12:24 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 12:24 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 12:24 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 12:24 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 12:24 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 12:24 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 12:24 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 12:24 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 12:24 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 12:23 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 12:23 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 12:23 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 12:23 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 12:23 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 12:23 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 12:23 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 12:23 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 12:23 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 12:23 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 12:23 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 12:23 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 12:23 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 12:23 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 12:23 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 12:23 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 12:23 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 12:23 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 12:23 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 12:23 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 12:23 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 12:23 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 12:23 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 12:23 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 12:23 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 12:23 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 21:39 - 2013-03-14 21:26 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\NetSpeedMonitor
2014-11-11 21:19 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 21:19 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 21:17 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-11 21:17 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-11 21:17 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 21:15 - 2013-05-25 15:36 - 01834896 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 21:12 - 2013-03-14 20:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 21:12 - 2013-03-14 12:46 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-11-11 21:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 21:03 - 2013-03-14 20:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 20:26 - 2013-03-14 21:39 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-11-11 19:39 - 2013-03-14 11:28 - 00000000 ____D () C:\Users\Daniel
2014-11-10 00:44 - 2014-10-10 15:44 - 00000000 ____D () C:\Users\Daniel\Desktop\Thomas
2014-11-10 00:43 - 2013-03-16 23:22 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc
2014-11-04 15:43 - 2014-06-12 12:39 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-11-03 16:03 - 2013-10-01 14:58 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-11-03 16:03 - 2013-03-14 12:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-30 01:03 - 2013-03-14 20:04 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 17:04 - 2013-08-20 11:56 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Mozilla
2014-10-28 16:55 - 2013-03-15 23:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-27 15:36 - 2013-08-08 19:02 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-10-23 15:57 - 2013-03-14 20:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 15:57 - 2013-03-14 20:00 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 22:52 - 2013-03-14 12:23 - 00000000 ____D () C:\ProgramData\AMD
2014-10-22 22:50 - 2013-03-27 18:22 - 00000000 ____D () C:\AMD
2014-10-18 15:08 - 2014-03-31 20:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-18 14:47 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-17 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 14:20 - 2013-03-14 21:39 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-10-15 17:37 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-15 15:37 - 2014-05-08 17:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 15:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 15:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 14:02 - 2013-07-11 13:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 14:00 - 2013-03-16 20:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 18:21 - 2013-05-23 12:45 - 00000000 ____D () C:\ProgramData\Origin

Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\sfamcc00001.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:15

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 12.11.2014, 09:39   #6
Warlord711
/// TB-Ausbilder
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Das Malwarebytes Log ist nicht das richtige. Schau mal im Verlauf->Anwendungsprotokolle->Suchlauf

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Und kurze Info, ob die Werbung/Webseiten noch auftauchen.
__________________
--> Windows 7: Webseiten werden auf Werbung umgeleitet.

Alt 12.11.2014, 16:39   #7
__daniel
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 11.11.2014
Suchlauf-Zeit: 21:22:30
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.11.08
Rootkit Datenbank: v2014.11.11.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Daniel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 313767
Verstrichene Zeit: 4 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         


Code:
ATTFilter
 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java version out of Date! 
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Daniel at 2014-11-12 15:22:38 Run:1
Running from C:\Users\Daniel\Desktop
Loaded Profile: Daniel (Available profiles: Daniel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
emptytemp:
*****************

EmptyTemp: => Removed 749.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b08d6cd2ec80b54b86cf79443c496572
# engine=21056
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-12 03:33:05
# local_time=2014-11-12 04:33:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 11330 4247325 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1297317 167436235 0 0
# scanned=321572
# found=1
# cleaned=0
# scan_time=2889
sh=98372B062B1318EE8BF7BB61CC67551BD269D0B5 ft=1 fh=4adfd060b62bab7d vn="Variante von Win32/LuckyTab.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LuckyTab\LuckyTab.exe.vir"
         

Die Werbung/Webseiten tauchen nicht mehr auf

Alt 12.11.2014, 16:51   #8
Warlord711
/// TB-Ausbilder
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Gut !

Wir sind auch durch, die Logs sind sauber !

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
  • verwende für jede Anwendung und jeden Account ein anderes Passwort
  • ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
  • speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
  • ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
  • benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
  • verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 12.11.2014, 17:11   #9
__daniel
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Vielen Dank, ich werde die Tipps beherzigen

Antwort

Themen zu Windows 7: Webseiten werden auf Werbung umgeleitet.
auf werbung umgeleitet, avg, avira, explorer.exe, fehlercode 0x80070490, fehlercode 0xc0000005, fehlercode 126, fehlercode 28, fehlercode 490@01010004, fehlercode windows, harddisk, registry, secure search, service.exe, services.exe, svchost.exe, system, system32, webseiten werden auf werbung umgeleitet., werbung, win32/luckytab.a, windows, winlogon.exe




Ähnliche Themen: Windows 7: Webseiten werden auf Werbung umgeleitet.


  1. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.07.2015 (8)
  2. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 08.05.2015 (16)
  3. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.04.2015 (31)
  4. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 11.02.2015 (19)
  5. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 23.01.2015 (17)
  6. Windows 8.1: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 13.01.2015 (8)
  7. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 10.01.2015 (10)
  8. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 25.11.2014 (9)
  9. Windows 8: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 01.08.2014 (5)
  10. Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 27.07.2014 (7)
  11. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 19.05.2014 (15)
  12. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 26.04.2014 (4)
  13. Windows 7: Webseiten werden auf Werbung umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (9)
  14. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 07.01.2014 (6)
  15. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.11.2013 (12)
  16. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (3)
  17. Windows 8: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.08.2013 (5)

Zum Thema Windows 7: Webseiten werden auf Werbung umgeleitet. - Hallo, seid etwa 2 Wochen öffnen sich ca. alle 10 Minuten Webseiten wie z.B. addcash.com , tuneup.com. Als Browser benutzte ich Google Chrome mit dem Addon Adblock Plus. defogger_disable by - Windows 7: Webseiten werden auf Werbung umgeleitet....
Archiv
Du betrachtest: Windows 7: Webseiten werden auf Werbung umgeleitet. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.