Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: WicaInventory.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.12.2014, 11:34   #1
MathiasZ
 
WicaInventory.exe - Standard

WicaInventory.exe



Hallo und guten Tag.

Seit dem heutigen Rechnerstart meldet mir Avast die Datei "WicaInventory.ex" als Bedrohung.

Mein Betriebssystem ist Win7 Professional 32 Bit.

Danke für die Hilfe im Voraus.

Viele Grüße
Mathias



FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by KerMa (administrator) on KERMA-PC on 07-12-2014 11:13:27
Running from C:\Users\KerMa\Desktop
Loaded Profile: KerMa (Available profiles: KerMa & Admin & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_239_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\MountPoints2: {04f18f47-9a9a-11e1-8861-0019662b4ca8} - H:\LGAutoRun.exe
HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\MountPoints2: {71ce90b4-ea98-11e0-867a-0019662b4ca8} - H:\LGAutoRun.exe
HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\MountPoints2: {a9fd9411-d364-11df-98df-0019662b4ca8} - H:\LGAutoRun.exe
HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\MountPoints2: {ad5721a6-9aa1-11e1-9069-0019662b4ca8} - F:\LGAutoRun.exe
HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\MountPoints2: {d1050bae-d825-11df-88aa-0019662b4ca8} - H:\LGAutoRun.exe
Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk
ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2235;https=127.0.0.1:2235
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x757589A8B75FCB01
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> DefaultScope {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\KerMa\AppData\Roaming\Mozilla\Firefox\Profiles\xssqguqz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> c:\users\admin\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> c:\users\admin\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.660 -> c:\users\admin\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-29]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-21] (Avast Software)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [321776 2013-01-30] (Logitech, Inc.)
R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-03-19] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-03-19] ()
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2010-01-14] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [25376 2010-01-14] (Windows (R) Codename Longhorn DDK provider)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2014-11-21] (Avast Software)
S3 aaudstum; \??\C:\Users\KerMa\AppData\Local\Temp\aaudstum.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 11:13 - 2014-12-07 11:13 - 00014765 _____ () C:\Users\KerMa\Desktop\FRST.txt
2014-12-07 11:13 - 2014-12-07 11:13 - 00000000 ____D () C:\FRST
2014-12-07 11:04 - 2014-12-07 11:04 - 01111040 _____ (Farbar) C:\Users\KerMa\Desktop\FRST.exe
2014-12-05 20:09 - 2014-12-05 20:09 - 00200668 _____ () C:\Users\KerMa\Desktop\FRITZ.Box Fon WLAN 7270 v2 54.05.54_05.12.14_2009.export
2014-12-02 17:40 - 2014-12-02 17:40 - 15161139 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 02.12.2014(2).hds
2014-12-02 16:42 - 2014-12-02 16:42 - 15095556 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 02.12.2014.hds
2014-12-01 18:27 - 2014-12-01 18:27 - 15021739 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 01.12.2014.hds
2014-11-30 17:13 - 2014-11-30 17:13 - 14997107 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 30.11.2014(2).hds
2014-11-30 16:10 - 2014-11-30 16:10 - 14919274 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 30.11.2014.hds
2014-11-29 18:32 - 2014-11-29 18:32 - 14861957 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 29.11.2014(2).hds
2014-11-29 14:15 - 2014-11-29 14:15 - 14685287 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 29.11.2014.hds
2014-11-29 08:01 - 2014-11-29 08:01 - 00000199 _____ () C:\Windows\system32\2014-11-29-07-01-38.005-AvastVBoxSVC.exe-2268.log
2014-11-28 16:23 - 2014-11-28 16:24 - 00305064 _____ () C:\Users\KerMa\Desktop\support FRITZ.Box Fon WLAN 7270 v2 54.05.54_28.11.14_1623.txt
2014-11-28 10:14 - 2014-11-28 10:14 - 00000199 _____ () C:\Windows\system32\2014-11-28-09-14-32.095-AvastVBoxSVC.exe-2356.log
2014-11-25 10:15 - 2014-11-25 10:15 - 00000249 _____ () C:\Windows\system32\2014-11-25-09-15-05.025-aswFe.exe-4424.log
2014-11-25 09:56 - 2014-11-25 10:14 - 00000249 _____ () C:\Windows\system32\2014-11-25-08-56-24.032-aswFe.exe-3484.log
2014-11-25 09:56 - 2014-11-25 09:56 - 00000199 _____ () C:\Windows\system32\2014-11-25-08-56-08.047-AvastVBoxSVC.exe-5512.log
2014-11-22 11:44 - 2014-11-22 11:44 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-44-04.089-aswFe.exe-5932.log
2014-11-22 11:26 - 2014-11-22 11:43 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-26-56.055-aswFe.exe-728.log
2014-11-22 11:26 - 2014-11-22 11:26 - 00000199 _____ () C:\Windows\system32\2014-11-22-10-26-40.079-AvastVBoxSVC.exe-3656.log
2014-11-22 11:06 - 2014-11-22 11:07 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-22 10:58 - 2014-11-23 07:22 - 00010558 _____ () C:\Windows\PFRO.log
2014-11-21 14:06 - 2014-11-21 14:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-21 14:05 - 2014-11-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-19 09:26 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:26 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-16 03:12 - 2014-11-16 03:12 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Macromedia
2014-11-16 00:41 - 2014-11-16 00:41 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-16 00:41 - 2014-11-16 00:41 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\Users\KerMa\AppData\Local\NVIDIA
2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-15 00:09 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Floodlight Games
2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\ProgramData\Floodlight Games
2014-11-12 11:32 - 2014-11-12 11:32 - 00000000 __SHD () C:\Users\KerMa\AppData\Local\EmieBrowserModeList
2014-11-12 09:07 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 09:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:07 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:07 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:06 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 09:06 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:06 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 09:06 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 09:06 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 09:06 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 09:06 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:06 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:06 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 09:06 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:06 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:06 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 09:06 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 09:06 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 09:06 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:06 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:06 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 09:06 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:06 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:06 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:06 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 09:06 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:06 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 09:06 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:06 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:06 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:06 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 09:06 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 09:06 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 09:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:06 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:06 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:06 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:06 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:06 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:05 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:05 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:05 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 07:15 - 2014-12-07 10:36 - 00003100 _____ () C:\Windows\setupact.log
2014-11-11 07:15 - 2014-11-11 07:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-11 07:14 - 2014-11-12 11:26 - 00284168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 00:38 - 2014-11-11 00:38 - 00061288 _____ () C:\Users\KerMa\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 11:08 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-07 11:08 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-07 11:02 - 2012-04-04 07:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-07 10:55 - 2010-04-27 22:17 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Skype
2014-12-07 10:42 - 2014-05-20 19:56 - 01440714 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 10:38 - 2014-02-15 01:50 - 00000000 ___RD () C:\Users\KerMa\Dropbox
2014-12-07 10:38 - 2014-02-15 01:48 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Dropbox
2014-12-07 10:37 - 2010-04-29 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-07 10:36 - 2012-09-05 14:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-07 10:36 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 03:16 - 2010-04-29 13:08 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-07 02:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-02 17:40 - 2013-12-10 15:03 - 00000000 ____D () C:\QuickImmobilie 2014
2014-11-30 17:14 - 2013-02-27 08:55 - 00000000 ____D () C:\Users\KerMa\Desktop\Damo
2014-11-26 19:02 - 2012-04-04 07:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-26 19:02 - 2011-05-16 08:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 15:42 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-22 11:07 - 2013-02-06 14:00 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Google
2014-11-22 11:07 - 2010-03-27 19:05 - 00000000 ____D () C:\Program Files\Google
2014-11-22 11:03 - 2010-03-13 23:37 - 00000000 ____D () C:\Users\KerMa\Desktop\Tools
2014-11-21 14:05 - 2014-05-01 09:17 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-21 14:05 - 2013-12-20 11:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-21 14:05 - 2013-03-15 23:38 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-21 14:05 - 2013-03-15 23:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-21 14:05 - 2012-02-25 17:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-21 14:05 - 2011-03-29 14:44 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-21 14:05 - 2010-03-13 22:52 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-21 14:05 - 2010-03-13 22:51 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-16 00:41 - 2014-01-16 12:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-15 19:52 - 2014-02-15 01:50 - 00001025 _____ () C:\Users\KerMa\Desktop\Dropbox.lnk
2014-11-15 19:52 - 2014-02-15 01:49 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 00:10 - 2012-09-05 14:48 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-15 00:10 - 2010-03-13 23:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-12 14:45 - 2013-10-10 15:48 - 00000000 ____D () C:\Windows\rescache
2014-11-12 14:02 - 2011-07-22 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-11-12 14:00 - 2014-05-23 11:36 - 00000000 ____D () C:\Program Files\DEUTSCHLAND SPIELT
2014-11-12 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-12 11:24 - 2014-04-30 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-12 11:19 - 2013-08-13 08:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 11:17 - 2010-03-13 22:11 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-08 01:59 - 2011-02-09 22:08 - 00000000 ____D () C:\Users\KerMa\Desktop\Saab

Files to move or delete:
====================
C:\Users\Admin\autoplaylist.dat
C:\Users\Admin\cddbcontrol.dll
C:\Users\Admin\cddblink.dll
C:\Users\Admin\cddbmusicid.dll
C:\Users\Admin\convert.exe
C:\Users\Admin\dbghelp.dll
C:\Users\Admin\dunzip32.dll
C:\Users\Admin\fixrjb.exe
C:\Users\Admin\hxaudiodevicehook.dll
C:\Users\Admin\ierjplug.dll
C:\Users\Admin\keys.dat
C:\Users\Admin\mc_enc_mp4v.dll
C:\Users\Admin\mmcdda32.dll
C:\Users\Admin\rdsf3260.dll
C:\Users\Admin\realconverter.exe
C:\Users\Admin\realjbox.exe
C:\Users\Admin\realplay.exe
C:\Users\Admin\realshare.exe
C:\Users\Admin\realtrimmer.exe
C:\Users\Admin\recordingmanager.exe
C:\Users\Admin\rjbres.dll
C:\Users\Admin\rjdlg.dll
C:\Users\Admin\rjprog.dll
C:\Users\Admin\rjwmapln.dll
C:\Users\Admin\rndevicedbbuilder.exe
C:\Users\Admin\rpau3260.dll
C:\Users\Admin\rphelperapp.exe
C:\Users\Admin\rpplugprot.dll
C:\Users\Admin\rpshell.dll
C:\Users\Admin\rpshellsearch.dll
C:\Users\Admin\rpwa3260.dll
C:\Users\Admin\strs23.dat
C:\Users\Admin\strs26.dat
C:\Users\Admin\tnetdtct.dll
C:\Users\Admin\tpasdk.dll
C:\Users\Admin\tsasdk.dll
C:\Users\Admin\wmdmhelper.dll
C:\Users\Public\AlexaNSISPlugin.2816.dll


Some content of TEMP:
====================
C:\Users\KerMa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpggeldt.dll
C:\Users\KerMa\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\KerMa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\KerMa\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 14:41

==================== End Of Log ============================
         
--- --- ---

Code:
ATTFilter
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2014 01
Ran by KerMa at 2014-12-07 11:14:16
Running from C:\Users\KerMa\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Age of Pirates 2: City of Abandoned Ships ver.1.3.0 (HKLM\...\Age of Pirates 2: City of Abandoned Ships_is1) (Version:  - Playlogic Entertainment, Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.2.0.7 - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version:  - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DEUTSCHLAND SPIELT GAME CENTER (HKLM\...\DSGPlayer) (Version: 1.2010.6.23 - INTENIUM GmbH)
Diablo II (HKLM\...\Diablo II) (Version:  - Blizzard Entertainment)
Die Ritter (HKLM\...\Die Ritter) (Version: 1.0.0.0 - INTENIUM GmbH)
Divinity II - Ego Draconis (HKLM\...\Divinity II - Ego Draconis_is1) (Version:  - dtp)
Drakensang - Am Fluss der Zeit (HKLM\...\Drakensang_TRoT_is1) (Version:  - dtp)
Dropbox (HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EasyCash&Tax 1.50 (HKLM\...\EasyCash&Tax_is1) (Version:  - tm)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 2.50 - Philipp Winterberg)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.1 (HKLM\...\{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}) (Version: 2.1.2111 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
Microsoft Word 2000 (HKLM\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 33.1.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero BackItUp 4 Essentials (HKLM\...\{4e73cd5a-a2a4-4f66-b9cc-15c2345867c3}) (Version:  - Nero AG)
NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
QuickImmobilie 2014 - Service Pack 3 (HKLM\...\{919BCC78-42C6-4833-BF5A-0EAFA4BC10E2}) (Version: 14.03 - Haufe-Lexware Real Estate AG)
QuickImmobilie 2014 - Service Pack 6 (HKLM\...\{8794A9B4-F237-4993-8C2C-BDAC978AEDAB}) (Version: 14.06 - Haufe-Lexware Real Estate AG)
QuickImmobilie 2014 - Service Pack 7 (HKLM\...\{CD5EF74F-8C53-4B00-9EE9-E6F6DC357B3E}) (Version: 14.07 - Haufe-Lexware Real Estate AG)
QuickImmobilie 2014 (HKLM\...\{B76C08EE-3D8B-4029-AC5E-5ECE72E72B95}) (Version: 14.0.0 - Haufe-Lexware Real Estate AG)
QuickImmobilie Deluxe 2009 (HKLM\...\QuickImmobilie Deluxe 2009) (Version:  - Lexware GmbH & Co. KG (Vertrieb) / Enwickelt von Software24.com GmbH)
QuickImmobilie Deluxe 2009 (Version: 7.0 - Lexware GmbH & Co. KG (Vertrieb) / Enwickelt von Software24.com GmbH) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
RealUpgrade 1.0 (Version: 1.0.0 - RealNetworks, Inc.) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Special Enquiry Detail: Mord in New York (HKLM\...\Special Enquiry Detail: Mord in New York) (Version: 1.0.0.0 - INTENIUM GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab for Intel (HKLM\...\{F7FC9307-374E-4017-8E9D-DE1154780480}) (Version: 4.1.66.0 - Husdawg, LLC)
The Witcher (HKLM\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
The Witcher 2 Enhanced Edition Version 3.0 (HKLM\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
Two Worlds (HKLM\...\Two Worlds) (Version: 1.7.0 - )
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\EasyBits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\EasyBits GO\ezGameXN.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

12-11-2014 10:15:21 Windows Update
12-11-2014 13:01:39 Time Machine wurde entfernt.
14-11-2014 23:04:18 Windows Update
16-11-2014 18:00:23 Windows-Sicherung
18-11-2014 09:43:23 Windows Update
19-11-2014 12:54:15 Windows Update
21-11-2014 13:04:14 avast! antivirus system restore point
23-11-2014 18:00:30 Windows-Sicherung
25-11-2014 11:57:44 Windows Update
30-11-2014 18:00:21 Windows-Sicherung
02-12-2014 14:42:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A87BA60-831D-46A7-A32F-189BC5356ED3} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {1BAE9847-FB97-461E-B7C7-464168A24BCE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-547636488-2336383340-334652843-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {25CC16F6-A102-4932-8819-002E1D4F6FE6} - System32\Tasks\{7ECC9814-3AA6-48F6-BDA0-2E36CA6BEE01} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {3874BF4A-0684-4A2F-9B2A-A1F8B1B92AC5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {4AB86BB2-AA5F-43AD-974E-63B6C1E43AB1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-547636488-2336383340-334652843-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {55643421-89FC-4891-A9A4-9FEF1B706E6E} - System32\Tasks\Freemium1ClickMaint => C:\Program Files\Covus Freemium\Free System Utilities\1Click.exe
Task: {606863B2-9577-40FB-ABB7-CE2D011AC12D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {6748B5B0-9515-487E-809A-1387B3353A93} - System32\Tasks\4645 => Wscript.exe C:\Users\KerMa\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {7A2FCC5F-0436-4C90-A68F-37C3632391EA} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {99C2555A-5A7A-48FC-8479-7B0F54392C0A} - System32\Tasks\{30D8FD50-2776-43B4-BE61-FD435A12D2EA} => C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.exe
Task: {A70A13F3-9467-46D4-9349-F62845F220FB} - System32\Tasks\Backweb Online Aktualisierung => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Task: {AEDB053C-2557-4039-B85D-CEE6B08F4BDA} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {B4F782AA-12FD-4AB1-AB29-B17BC5E5EFF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {DC2D8C2C-0D5F-4D19-ADDB-9D2B8782871D} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Task: {E0DDF15B-8E9A-4D1E-BF64-CE34A67C0F1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {EA90B48E-2C94-4E20-B0DF-1D4EA6B162AC} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {ECACDB34-A367-4373-8889-66AE6FD82010} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-06 19:50 - 2014-12-06 19:50 - 02905088 _____ () C:\Program Files\Alwil Software\Avast5\defs\14120601\algo.dll
2014-12-07 10:37 - 2014-12-07 10:37 - 02905088 _____ () C:\Program Files\Alwil Software\Avast5\defs\14120700\algo.dll
2012-09-05 14:50 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2011-10-07 10:41 - 2011-10-07 10:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2014-11-21 14:05 - 2014-11-21 14:05 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-12-07 10:37 - 2014-12-07 10:37 - 00043008 _____ () c:\users\kerma\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpggeldt.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\KerMa\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:109734F6
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2701CA70
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:51E66512
AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7
AlternateDataStreams: C:\ProgramData\TEMP:6E65510A
AlternateDataStreams: C:\ProgramData\TEMP:79A7F369
AlternateDataStreams: C:\ProgramData\TEMP:8AE92FD3
AlternateDataStreams: C:\ProgramData\TEMP:94B25DF5
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:C0BCE04B
AlternateDataStreams: C:\ProgramData\TEMP:C8E3A625
AlternateDataStreams: C:\ProgramData\TEMP:D6D084A5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: TkBellExe => "c:\users\admin\update\realsched.exe"  -osboot

========================= Accounts: ==========================

Admin (S-1-5-21-547636488-2336383340-334652843-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-547636488-2336383340-334652843-500 - Administrator - Disabled)
ASPNET (S-1-5-21-547636488-2336383340-334652843-1005 - Limited - Enabled)
Gast (S-1-5-21-547636488-2336383340-334652843-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-547636488-2336383340-334652843-1003 - Limited - Enabled)
KerMa (S-1-5-21-547636488-2336383340-334652843-1000 - Administrator - Enabled) => C:\Users\KerMa
UpdatusUser (S-1-5-21-547636488-2336383340-334652843-1007 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2014 00:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x94c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (12/05/2014 09:52:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233
Name des fehlerhaften Moduls: nvd3dum.dll, Version: 9.18.13.4052, Zeitstempel: 0x53b44304
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0075514c
ID des fehlerhaften Prozesses: 0x2310
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (11/28/2014 04:43:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wlmail.exe, Version 14.0.8089.726 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1de4

Startzeit: 01d00b1ff555b121

Endzeit: 23

Anwendungspfad: C:\Program Files\Windows Live\Mail\wlmail.exe

Berichts-ID: 5b1ccb94-7715-11e4-a2e3-0019662b4ca8

Error: (11/28/2014 04:28:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wlmail.exe, Version 14.0.8089.726 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: fd0

Startzeit: 01d00aeb851d92b3

Endzeit: 55

Anwendungspfad: C:\Program Files\Windows Live\Mail\wlmail.exe

Berichts-ID: 22f4cbc6-7713-11e4-a2e3-0019662b4ca8

Error: (11/28/2014 00:26:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059c5f
ID des fehlerhaften Prozesses: 0xe90
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (11/27/2014 11:48:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xccc
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (11/21/2014 02:04:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {3f4bfed5-cabb-4dff-aa53-5daf5a0029cd}

Error: (11/05/2014 04:47:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 680

Startzeit: 01cff908ce7f881e

Endzeit: 39

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 14778f34-6503-11e4-9a1b-0019662b4ca8

Error: (11/04/2014 10:39:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wlmail.exe, Version 14.0.8089.726 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ac8

Startzeit: 01cff812fed3fddd

Endzeit: 15

Anwendungspfad: C:\Program Files\Windows Live\Mail\wlmail.exe

Berichts-ID: 812eb751-6406-11e4-a819-0019662b4ca8

Error: (11/02/2014 08:08:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WINWORD.EXE, Version 9.0.0.2823 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 478c

Startzeit: 01cff6d04ab55724

Endzeit: 24

Anwendungspfad: C:\Program Files\Microsoft Office\Office\WINWORD.EXE

Berichts-ID: 91657b03-62c3-11e4-af3d-0019662b4ca8


System errors:
=============
Error: (12/07/2014 10:38:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/07/2014 10:38:37 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/07/2014 10:37:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/07/2014 10:37:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/07/2014 10:37:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/07/2014 10:37:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/07/2014 10:37:49 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/07/2014 10:36:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (12/06/2014 07:30:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/06/2014 07:30:15 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (12/06/2014 00:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17420545ad233unknown0.0.0.000000000c00000050000000094c01d01120bc8120e2C:\Program Files\Internet Explorer\iexplore.exeunknown084509cb-7d3b-11e4-bf46-0019662b4ca8

Error: (12/05/2014 09:52:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17420545ad233nvd3dum.dll9.18.13.405253b44304c00000050075514c231001d010c470175106C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\nvd3dum.dll9f5fb876-7cc0-11e4-b18e-0019662b4ca8

Error: (11/28/2014 04:43:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wlmail.exe14.0.8089.7261de401d00b1ff555b12123C:\Program Files\Windows Live\Mail\wlmail.exe5b1ccb94-7715-11e4-a2e3-0019662b4ca8

Error: (11/28/2014 04:28:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wlmail.exe14.0.8089.726fd001d00aeb851d92b355C:\Program Files\Windows Live\Mail\wlmail.exe22f4cbc6-7713-11e4-a2e3-0019662b4ca8

Error: (11/28/2014 00:26:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17420545ad233ntdll.dll6.1.7601.18247521ea91cc000000500059c5fe9001d00a12e0a0c666C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld052664a-768c-11e4-a3a9-0019662b4ca8

Error: (11/27/2014 11:48:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17420545ad233unknown0.0.0.000000000c000000500000000ccc01d00a12e3c1dc86C:\Program Files\Internet Explorer\iexplore.exeunknown853e069f-7687-11e4-a3a9-0019662b4ca8

Error: (11/21/2014 02:04:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {3f4bfed5-cabb-4dff-aa53-5daf5a0029cd}

Error: (11/05/2014 04:47:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756768001cff908ce7f881e39C:\Windows\Explorer.EXE14778f34-6503-11e4-9a1b-0019662b4ca8

Error: (11/04/2014 10:39:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wlmail.exe14.0.8089.726ac801cff812fed3fddd15C:\Program Files\Windows Live\Mail\wlmail.exe812eb751-6406-11e4-a819-0019662b4ca8

Error: (11/02/2014 08:08:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE9.0.0.2823478c01cff6d04ab5572424C:\Program Files\Microsoft Office\Office\WINWORD.EXE91657b03-62c3-11e4-af3d-0019662b4ca8


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 64%
Total physical RAM: 2047.3 MB
Available physical RAM: 736.16 MB
Total Pagefile: 4094.61 MB
Available Pagefile: 2462.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.35 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:129.05 GB) (Free:10.32 GB) NTFS
Drive e: (Volume) (Fixed) (Total:103.64 GB) (Free:98.47 GB) NTFS
Drive f: (Lexar) (Removable) (Total:3.73 GB) (Free:0.01 GB) NTFS
Drive g: (VERBATIM) (Fixed) (Total:298.02 GB) (Free:100.29 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 836A44E5)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=129 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=103.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: EA7D0047)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C)

==================== End Of Log ============================
         

Geändert von MathiasZ (07.12.2014 um 12:04 Uhr)

Alt 07.12.2014, 11:51   #2
schrauber
/// the machine
/// TB-Ausbilder
 

WicaInventory.exe - Standard

WicaInventory.exe



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 07.12.2014, 12:26   #3
MathiasZ
 
WicaInventory.exe - Standard

WicaInventory.exe



Hallo schrauber,

zunächst mal herzlichen Dank für die superschnelle Reaktion!

Hier das Log von Combofix


Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 14-12-07.01 - KerMa 07.12.2014  12:10:11.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2047.1058 [GMT 1:00]
ausgeführt von:: c:\users\KerMa\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KerMa\GoToAssistDownloadHelper.exe
c:\users\Public\AlexaNSISPlugin.2816.dll
c:\windows\IsUn0407.exe
G:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-11-07 bis 2014-12-07  ))))))))))))))))))))))))))))))
.
.
2014-12-07 10:13 . 2014-12-07 10:15	--------	d-----w-	C:\FRST
2014-12-05 12:56 . 2014-11-02 04:17	8941456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE17DFCC-EC4E-45E9-AE93-4A9930C2ABFB}\mpengine.dll
2014-11-22 10:06 . 2014-11-22 10:07	--------	d-----w-	c:\windows\system32\vbox
2014-11-21 14:18 . 2014-11-21 14:19	--------	d-----w-	c:\users\KerMa\AppData\Local\ElevatedDiagnostics
2014-11-21 13:06 . 2014-11-21 13:05	291352	----a-w-	c:\windows\system32\aswBoot.exe
2014-11-21 13:05 . 2014-11-21 13:05	43152	----a-w-	c:\windows\avastSS.scr
2014-11-19 08:26 . 2014-11-11 02:44	186880	----a-w-	c:\windows\system32\pku2u.dll
2014-11-19 08:26 . 2014-11-11 02:44	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-11-16 02:12 . 2014-11-16 02:12	--------	d-----w-	c:\users\KerMa\AppData\Local\Macromedia
2014-11-14 23:15 . 2014-11-14 23:15	--------	d-----w-	c:\users\KerMa\AppData\Local\NVIDIA
2014-11-14 23:09 . 2014-07-02 17:39	609240	----a-w-	c:\windows\system32\nvStreaming.exe
2014-11-12 13:04 . 2014-11-12 13:04	--------	d-----w-	c:\users\KerMa\AppData\Roaming\Floodlight Games
2014-11-12 13:04 . 2014-11-12 13:04	--------	d-----w-	c:\programdata\Floodlight Games
2014-11-12 10:32 . 2014-11-12 10:32	--------	d-sh--w-	c:\users\KerMa\AppData\Local\EmieBrowserModeList
2014-11-12 08:06 . 2014-11-05 17:50	203776	----a-w-	c:\windows\system32\aepdu.dll
2014-11-12 08:05 . 2014-11-06 03:13	501248	----a-w-	c:\windows\system32\vbscript.dll
2014-11-12 08:05 . 2014-11-06 02:21	4298240	----a-w-	c:\windows\system32\jscript9.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 18:02 . 2012-04-04 06:34	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-11-26 18:02 . 2011-05-16 07:03	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-21 13:05 . 2013-12-20 10:55	91496	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-11-21 13:05 . 2014-05-01 08:17	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-11-21 13:05 . 2013-03-15 22:38	206248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-11-21 13:05 . 2013-03-15 22:38	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-11-21 13:05 . 2012-02-25 16:52	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-11-21 13:05 . 2010-03-13 21:52	422760	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-11-21 13:05 . 2010-03-13 21:51	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-11-21 13:05 . 2011-03-29 13:44	787800	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-11-04 13:30 . 2010-03-13 20:47	229000	------w-	c:\windows\system32\MpSigStub.exe
2014-10-20 09:57 . 2014-08-09 12:59	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-09-25 01:40 . 2014-10-01 06:43	519680	----a-w-	c:\windows\system32\qdvd.dll
2014-09-09 21:47 . 2014-09-24 06:03	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-21 13:05	723976	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-11-21 5225064]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-19 1795872]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
.
c:\users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
Windows Live Mail.lnk - c:\program files\Windows Live\Mail\wlmail.exe [2009-7-26 112464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03	66328	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-09-12 09:43	959176	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 11:02	79400	----a-w-	c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-07-15 13:04	273544	----a-w-	c:\users\Admin\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-11-21 91496]
R3 aaudstum;aaudstum;c:\users\KerMa\AppData\Local\Temp\aaudstum.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [2014-11-21 3192344]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 40736]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 25376]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 40736]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-21 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-21 422760]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-21 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-21 70384]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [2013-01-30 321776]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 33056]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [2014-11-21 218192]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-09-02 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-09-02 12184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:02]
.
2014-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 09:05]
.
2014-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 09:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://msn.de/
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\KerMa\AppData\Roaming\Mozilla\Firefox\Profiles\xssqguqz.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-B2C_AGENT - c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-547636488-2336383340-334652843-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:5a,b8,91,45,ed,c0,42,e8,1a,80,25,68,41,0f,3d,32,4a,55,e1,d3,a9,ba,f2,
   e7,e2,6a,80,f9,00,fa,cb,8f,f4,b0,46,21,db,d6,a4,32,82,86,d2,c1,60,5a,46,f1,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-07  12:20:48
ComboFix-quarantined-files.txt  2014-12-07 11:20
.
Vor Suchlauf: 9.999.507.456 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 10.063.691.776 Bytes frei
.
- - End Of File - - 3D354C1EE4EF6B79624DA1E6FD1A0A2B
         
--- --- --- A36C5E4F47E84449FF07ED3517B43A31
__________________

Alt 08.12.2014, 10:42   #4
schrauber
/// the machine
/// TB-Ausbilder
 

WicaInventory.exe - Standard

WicaInventory.exe



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.12.2014, 16:06   #5
MathiasZ
 
WicaInventory.exe - Standard

WicaInventory.exe



Alles ist durchgelaufen.
JRT habe ich versehentlich im ersten Durchlauf nicht im Admin-Modus laufen lassen.
Die jrt.txt wies jedoch zwei Registryeinträge als gelöscht aus.
Einen verwaisten mit Bezug auf den IE und einen weiteren.
Beim zweiten Durchlauf von JRT wurde das erste Textfile gelöscht.

Bereits seit den ersten Maßnahmen gestern hat AVAST keine Bedrohung mehr gemeldet.
Jedoch werden die Icons auf dem Desktop nicht mehr richtig dargestellt.


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08.12.2014
Suchlauf-Zeit: 15:07:15
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.08.04
Rootkit Datenbank: v2014.12.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: KerMa

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 390402
Verstrichene Zeit: 11 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.104 - Bericht erstellt am 08/12/2014 um 15:26:20
# Aktualisiert 05/12/2014 von Xplode
# Database : 2014-12-08.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : KerMa - KERMA-PC
# Gestartet von : C:\Users\KerMa\Desktop\AdwCleaner_4.104.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\KerMa\AppData\Roaming\Security System 2

***** [ Tasks ] *****

Task Gelöscht : Software Updater Ui
Task Gelöscht : Software Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKCU\Software\IM

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1.1 (x86 de)


*************************

AdwCleaner[R4].txt - [1226 octets] - [08/12/2014 15:24:07]
AdwCleaner[S3].txt - [1147 octets] - [08/12/2014 15:26:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1207 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x86
Ran by KerMa on 08.12.2014 at 15:48:22,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.12.2014 at 15:51:05,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by KerMa (administrator) on KERMA-PC on 08-12-2014 15:51:37
Running from C:\Users\KerMa\Desktop
Loaded Profile: KerMa (Available profiles: KerMa & Admin & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk
ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-547636488-2336383340-334652843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2235;https=127.0.0.1:2235
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x757589A8B75FCB01
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> DefaultScope {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\KerMa\AppData\Roaming\Mozilla\Firefox\Profiles\xssqguqz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> c:\users\admin\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> c:\users\admin\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.660 -> c:\users\admin\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-29]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-21] (Avast Software)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [321776 2013-01-30] (Logitech, Inc.)
R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-03-19] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-03-19] ()
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2010-01-14] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [25376 2010-01-14] (Windows (R) Codename Longhorn DDK provider)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2014-11-21] (Avast Software)
S3 aaudstum; \??\C:\Users\KerMa\AppData\Local\Temp\aaudstum.sys [X]
S3 catchme; \??\C:\Users\KerMa\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 15:51 - 2014-12-08 15:51 - 00000625 _____ () C:\Users\KerMa\Desktop\JRT.txt
2014-12-08 15:37 - 2014-12-08 15:37 - 00000000 ____D () C:\Windows\ERUNT
2014-12-08 15:35 - 2014-12-08 15:35 - 01707646 _____ (Thisisu) C:\Users\KerMa\Desktop\JRT.exe
2014-12-08 15:33 - 2014-12-08 15:33 - 00001287 _____ () C:\Users\KerMa\Desktop\AdwCleaner[S3].txt
2014-12-08 15:23 - 2014-12-08 15:26 - 00000000 ____D () C:\AdwCleaner
2014-12-08 15:23 - 2014-12-08 15:23 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 15:22 - 2014-12-08 15:22 - 02153472 _____ () C:\Users\KerMa\Desktop\AdwCleaner_4.104.exe
2014-12-08 15:20 - 2014-12-08 15:20 - 00001203 _____ () C:\Users\KerMa\Desktop\mbam.txt
2014-12-08 15:06 - 2014-12-08 15:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 15:06 - 2014-12-08 15:06 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-12-08 15:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-08 15:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-08 15:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-08 15:05 - 2014-12-08 15:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\KerMa\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-07 14:42 - 2014-12-07 14:42 - 00000000 ____D () C:\Users\KerMa\Desktop\Quick Immo - DaSi
2014-12-07 12:40 - 2014-12-07 12:41 - 00000000 ___SD () C:\ComboFix
2014-12-07 12:07 - 2014-12-07 12:41 - 00000000 ____D () C:\Qoobox
2014-12-07 12:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-07 12:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-07 12:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-07 12:06 - 2014-12-07 12:19 - 00000000 ____D () C:\Windows\erdnt
2014-12-07 12:04 - 2014-12-07 12:04 - 05600430 ____R (Swearware) C:\Users\KerMa\Desktop\ComboFix.exe
2014-12-07 11:14 - 2014-12-07 11:15 - 00049223 _____ () C:\Users\KerMa\Desktop\Addition.txt
2014-12-07 11:13 - 2014-12-08 15:51 - 00014079 _____ () C:\Users\KerMa\Desktop\FRST.txt
2014-12-07 11:13 - 2014-12-08 15:51 - 00000000 ____D () C:\FRST
2014-12-07 11:04 - 2014-12-07 11:04 - 01111040 _____ (Farbar) C:\Users\KerMa\Desktop\FRST.exe
2014-12-05 20:09 - 2014-12-05 20:09 - 00200668 _____ () C:\Users\KerMa\Desktop\FRITZ.Box Fon WLAN 7270 v2 54.05.54_05.12.14_2009.export
2014-11-29 08:01 - 2014-11-29 08:01 - 00000199 _____ () C:\Windows\system32\2014-11-29-07-01-38.005-AvastVBoxSVC.exe-2268.log
2014-11-28 16:23 - 2014-11-28 16:24 - 00305064 _____ () C:\Users\KerMa\Desktop\support FRITZ.Box Fon WLAN 7270 v2 54.05.54_28.11.14_1623.txt
2014-11-28 10:14 - 2014-11-28 10:14 - 00000199 _____ () C:\Windows\system32\2014-11-28-09-14-32.095-AvastVBoxSVC.exe-2356.log
2014-11-25 10:15 - 2014-11-25 10:15 - 00000249 _____ () C:\Windows\system32\2014-11-25-09-15-05.025-aswFe.exe-4424.log
2014-11-25 09:56 - 2014-11-25 10:14 - 00000249 _____ () C:\Windows\system32\2014-11-25-08-56-24.032-aswFe.exe-3484.log
2014-11-25 09:56 - 2014-11-25 09:56 - 00000199 _____ () C:\Windows\system32\2014-11-25-08-56-08.047-AvastVBoxSVC.exe-5512.log
2014-11-22 11:44 - 2014-11-22 11:44 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-44-04.089-aswFe.exe-5932.log
2014-11-22 11:26 - 2014-11-22 11:43 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-26-56.055-aswFe.exe-728.log
2014-11-22 11:26 - 2014-11-22 11:26 - 00000199 _____ () C:\Windows\system32\2014-11-22-10-26-40.079-AvastVBoxSVC.exe-3656.log
2014-11-22 11:06 - 2014-11-22 11:07 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-22 10:58 - 2014-12-08 15:28 - 00011682 _____ () C:\Windows\PFRO.log
2014-11-21 14:06 - 2014-11-21 14:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-21 14:05 - 2014-11-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-19 09:26 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:26 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-16 03:12 - 2014-11-16 03:12 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Macromedia
2014-11-16 00:41 - 2014-11-16 00:41 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-16 00:41 - 2014-11-16 00:41 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\Users\KerMa\AppData\Local\NVIDIA
2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-15 00:09 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Floodlight Games
2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\ProgramData\Floodlight Games
2014-11-12 11:32 - 2014-11-12 11:32 - 00000000 __SHD () C:\Users\KerMa\AppData\Local\EmieBrowserModeList
2014-11-12 09:07 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 09:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:07 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:07 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:06 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 09:06 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:06 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 09:06 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 09:06 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 09:06 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 09:06 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:06 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:06 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 09:06 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:06 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:06 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 09:06 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 09:06 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 09:06 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:06 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:06 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 09:06 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:06 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:06 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:06 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 09:06 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:06 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 09:06 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:06 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:06 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:06 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 09:06 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 09:06 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 09:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:06 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:06 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:06 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:06 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:06 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:05 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:05 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:05 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 07:15 - 2014-12-08 15:45 - 00003436 _____ () C:\Windows\setupact.log
2014-11-11 07:15 - 2014-11-11 07:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-11 07:14 - 2014-11-12 11:26 - 00284168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 00:38 - 2014-11-11 00:38 - 00061288 _____ () C:\Users\KerMa\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 15:47 - 2010-04-27 22:17 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Skype
2014-12-08 15:46 - 2014-02-15 01:50 - 00000000 ___RD () C:\Users\KerMa\Dropbox
2014-12-08 15:46 - 2014-02-15 01:48 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Dropbox
2014-12-08 15:45 - 2012-09-05 14:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-08 15:45 - 2010-04-29 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 15:45 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-08 15:44 - 2014-05-20 19:56 - 01485629 _____ () C:\Windows\WindowsUpdate.log
2014-12-08 15:35 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 15:35 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-08 15:16 - 2010-04-29 13:08 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 15:02 - 2012-04-04 07:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 12:22 - 2013-12-10 15:03 - 00000000 ____D () C:\QuickImmobilie 2014
2014-12-08 12:17 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-07 17:18 - 2011-06-15 22:04 - 00020480 ___SH () C:\Users\KerMa\Thumbs.db
2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-07 12:19 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-07 12:18 - 2010-03-13 21:34 - 00000000 ____D () C:\Users\KerMa
2014-12-07 02:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-30 17:14 - 2013-02-27 08:55 - 00000000 ____D () C:\Users\KerMa\Desktop\Damo
2014-11-26 19:02 - 2012-04-04 07:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-26 19:02 - 2011-05-16 08:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-22 11:07 - 2013-02-06 14:00 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Google
2014-11-22 11:07 - 2010-03-27 19:05 - 00000000 ____D () C:\Program Files\Google
2014-11-22 11:03 - 2010-03-13 23:37 - 00000000 ____D () C:\Users\KerMa\Desktop\Tools
2014-11-21 14:05 - 2014-05-01 09:17 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-21 14:05 - 2013-12-20 11:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-21 14:05 - 2013-03-15 23:38 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-21 14:05 - 2013-03-15 23:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-21 14:05 - 2012-02-25 17:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-21 14:05 - 2011-03-29 14:44 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-21 14:05 - 2010-03-13 22:52 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-21 14:05 - 2010-03-13 22:51 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-16 00:41 - 2014-01-16 12:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-15 19:52 - 2014-02-15 01:50 - 00001025 _____ () C:\Users\KerMa\Desktop\Dropbox.lnk
2014-11-15 19:52 - 2014-02-15 01:49 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 00:10 - 2012-09-05 14:48 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-15 00:10 - 2010-03-13 23:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-12 14:45 - 2013-10-10 15:48 - 00000000 ____D () C:\Windows\rescache
2014-11-12 14:02 - 2011-07-22 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-11-12 14:00 - 2014-05-23 11:36 - 00000000 ____D () C:\Program Files\DEUTSCHLAND SPIELT
2014-11-12 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-12 11:24 - 2014-04-30 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-12 11:19 - 2013-08-13 08:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 11:17 - 2010-03-13 22:11 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-08 01:59 - 2011-02-09 22:08 - 00000000 ____D () C:\Users\KerMa\Desktop\Saab

Files to move or delete:
====================
C:\Users\Admin\autoplaylist.dat
C:\Users\Admin\cddbcontrol.dll
C:\Users\Admin\cddblink.dll
C:\Users\Admin\cddbmusicid.dll
C:\Users\Admin\convert.exe
C:\Users\Admin\dbghelp.dll
C:\Users\Admin\dunzip32.dll
C:\Users\Admin\fixrjb.exe
C:\Users\Admin\hxaudiodevicehook.dll
C:\Users\Admin\ierjplug.dll
C:\Users\Admin\keys.dat
C:\Users\Admin\mc_enc_mp4v.dll
C:\Users\Admin\mmcdda32.dll
C:\Users\Admin\rdsf3260.dll
C:\Users\Admin\realconverter.exe
C:\Users\Admin\realjbox.exe
C:\Users\Admin\realplay.exe
C:\Users\Admin\realshare.exe
C:\Users\Admin\realtrimmer.exe
C:\Users\Admin\recordingmanager.exe
C:\Users\Admin\rjbres.dll
C:\Users\Admin\rjdlg.dll
C:\Users\Admin\rjprog.dll
C:\Users\Admin\rjwmapln.dll
C:\Users\Admin\rndevicedbbuilder.exe
C:\Users\Admin\rpau3260.dll
C:\Users\Admin\rphelperapp.exe
C:\Users\Admin\rpplugprot.dll
C:\Users\Admin\rpshell.dll
C:\Users\Admin\rpshellsearch.dll
C:\Users\Admin\rpwa3260.dll
C:\Users\Admin\strs23.dat
C:\Users\Admin\strs26.dat
C:\Users\Admin\tnetdtct.dll
C:\Users\Admin\tpasdk.dll
C:\Users\Admin\tsasdk.dll
C:\Users\Admin\wmdmhelper.dll


Some content of TEMP:
====================
C:\Users\KerMa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyppvsa.dll
C:\Users\KerMa\AppData\Local\Temp\Quarantine.exe
C:\Users\KerMa\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 14:41

==================== End Of Log ============================
         
--- --- ---


Alt 09.12.2014, 11:40   #6
schrauber
/// the machine
/// TB-Ausbilder
 

WicaInventory.exe - Standard

WicaInventory.exe




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> WicaInventory.exe

Alt 09.12.2014, 23:49   #7
MathiasZ
 
WicaInventory.exe - Standard

WicaInventory.exe



Puh ... ESET hat ewig gebraucht ...

Noch Probleme? - Ja.
ESET hat zwar Bedrohungen festgestellt, aber keine entfernt.


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e590bbeed30d734494ac201cd6fa5258
# engine=21467
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-09 10:03:42
# local_time=2014-12-09 11:03:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 54064 169793813 0 0
# scanned=193158
# found=20
# cleaned=0
# scan_time=39078
sh=A742B89CBE6E6F412CA683AC410D86B1C9EE2EB3 ft=1 fh=f77f10cc038156f9 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-547636488-2336383340-334652843-1000\$RJXJL6Y\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=462E2C3E4B67402CAD749DE2F77DB4E6CCBF1A8D ft=0 fh=0000000000000000 vn="HTML/Phishing.Agent.A Trojaner" ac=I fn="G:\KERMA-PC\Backup Set 2012-08-14 172916\Backup Files 2012-09-23 190001\Backup files 1.zip"
sh=B5E07F7531212FB1FB7A656AE8580AB5668A688D ft=0 fh=0000000000000000 vn="HTML/Phishing.Agent.A Trojaner" ac=I fn="G:\KERMA-PC\Backup Set 2012-10-07 190005\Backup Files 2012-11-04 190002\Backup files 1.zip"
sh=E24964A451174E90CEF07B8E20E9E7A1B7974C48 ft=0 fh=0000000000000000 vn="HTML/Phishing.Agent.A Trojaner" ac=I fn="G:\KERMA-PC\Backup Set 2012-10-07 190005\Backup Files 2012-11-11 190001\Backup files 1.zip"
sh=9179B5C0417DBC934A17D362174F898558166D33 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-01-13 190002\Backup Files 2013-02-10 190003\Backup files 4.zip"
sh=BCB36343B898DAEE49C8D6DC4D3F6A11DC6030D4 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-03-10 190003\Backup Files 2013-03-10 190003\Backup files 22.zip"
sh=C464CC35FBDC3CAB8D3A6B870745EFDC1079311C ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-04-28 190002\Backup Files 2013-04-28 190002\Backup files 22.zip"
sh=D0F0A8DEDD9CE827C1876B3468621CF1AA460208 ft=0 fh=0000000000000000 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-04-28 190002\Backup Files 2013-05-19 190002\Backup files 1.zip"
sh=6C822D7B3CA09F1D316592CCE96A58D3980DA452 ft=0 fh=0000000000000000 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-04-28 190002\Backup Files 2013-05-26 190001\Backup files 1.zip"
sh=0FADDB49084CB15AB7D1976536B680A8D04C3B1E ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-1723.KH Trojaner" ac=I fn="G:\KERMA-PC\Backup Set 2013-04-28 190002\Backup Files 2013-06-11 082032\Backup files 1.zip"
sh=5A39DDC53A3BFD0E1C98B0AF1F7731233876963C ft=0 fh=0000000000000000 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-06-16 190004\Backup Files 2013-06-16 190004\Backup files 3.zip"
sh=957B0D031257F6440A9D9F1EA94DA5980616419D ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-06-16 190004\Backup Files 2013-06-16 190004\Backup files 23.zip"
sh=CFDDEE53DEE08D703B80B9A46F1E608ECEAC339F ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-08-11 190002\Backup Files 2013-08-11 190002\Backup files 26.zip"
sh=962EB734481EFDAEFDDEE609F143C3C3787AA26F ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-10-20 190002\Backup Files 2013-10-20 190002\Backup files 33.zip"
sh=ADDEC0E977DAD1EEF427ACC654AFD102E5C31A25 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-01-05 190005\Backup Files 2014-01-05 190005\Backup files 35.zip"
sh=DAEF67288F47AAEEE5BC2372B8DF1A634B8B89FB ft=0 fh=0000000000000000 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-01-05 190005\Backup Files 2014-01-19 190003\Backup files 1.zip"
sh=DF2236FB60F6F364B8EA522A9D89FD83F76F4667 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-03-30 190002\Backup Files 2014-03-30 190002\Backup files 38.zip"
sh=9CA68624696E89AD57FB59E4B1E5E64EA278F2BE ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-06-15 190004\Backup Files 2014-06-15 190004\Backup files 38.zip"
sh=E22A3DD8628F87CE303F0925311AF13370840851 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-08-31 190003\Backup Files 2014-08-31 190003\Backup files 39.zip"
sh=AC1056969EE191616552D0DC0F15456EB30B46F1 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-11-16 190003\Backup Files 2014-11-16 190003\Backup files 40.zip"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 67  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	15.0.0.239  
 Adobe Reader XI  
 Mozilla Firefox (33.1.1) 
````````Process Check: objlist.exe by Laurent````````  
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by KerMa (administrator) on KERMA-PC on 09-12-2014 23:37:34
Running from C:\Users\KerMa\Desktop
Loaded Profile: KerMa (Available profiles: KerMa & Admin & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Dropbox, Inc.) C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk
ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-547636488-2336383340-334652843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2235;https=127.0.0.1:2235
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x757589A8B75FCB01
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> DefaultScope {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\KerMa\AppData\Roaming\Mozilla\Firefox\Profiles\xssqguqz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> c:\users\admin\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> c:\users\admin\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.660 -> c:\users\admin\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-29]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-21] (Avast Software)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [321776 2013-01-30] (Logitech, Inc.)
R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-03-19] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-03-19] ()
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2010-01-14] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [25376 2010-01-14] (Windows (R) Codename Longhorn DDK provider)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2014-11-21] (Avast Software)
S3 aaudstum; \??\C:\Users\KerMa\AppData\Local\Temp\aaudstum.sys [X]
S3 catchme; \??\C:\Users\KerMa\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 23:37 - 2014-12-09 23:37 - 00000873 _____ () C:\Users\KerMa\Desktop\checkup.txt
2014-12-09 23:34 - 2014-12-09 23:34 - 00852490 _____ () C:\Users\KerMa\Desktop\SecurityCheck.exe
2014-12-09 12:08 - 2014-12-09 12:08 - 00000000 ____D () C:\Program Files\ESET
2014-12-09 12:04 - 2014-12-09 12:04 - 02347384 _____ (ESET) C:\Users\KerMa\Desktop\esetsmartinstaller_deu.exe
2014-12-08 15:51 - 2014-12-08 15:51 - 00000625 _____ () C:\Users\KerMa\Desktop\JRT.txt
2014-12-08 15:37 - 2014-12-08 15:37 - 00000000 ____D () C:\Windows\ERUNT
2014-12-08 15:35 - 2014-12-08 15:35 - 01707646 _____ (Thisisu) C:\Users\KerMa\Desktop\JRT.exe
2014-12-08 15:33 - 2014-12-08 15:33 - 00001287 _____ () C:\Users\KerMa\Desktop\AdwCleaner[S3].txt
2014-12-08 15:23 - 2014-12-08 15:26 - 00000000 ____D () C:\AdwCleaner
2014-12-08 15:23 - 2014-12-08 15:23 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 15:22 - 2014-12-08 15:22 - 02153472 _____ () C:\Users\KerMa\Desktop\AdwCleaner_4.104.exe
2014-12-08 15:20 - 2014-12-08 15:20 - 00001203 _____ () C:\Users\KerMa\Desktop\mbam.txt
2014-12-08 15:06 - 2014-12-08 15:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 15:06 - 2014-12-08 15:06 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-12-08 15:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-08 15:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-08 15:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-08 15:05 - 2014-12-08 15:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\KerMa\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-07 14:42 - 2014-12-07 14:42 - 00000000 ____D () C:\Users\KerMa\Desktop\Quick Immo - DaSi
2014-12-07 12:40 - 2014-12-07 12:41 - 00000000 ___SD () C:\ComboFix
2014-12-07 12:07 - 2014-12-07 12:41 - 00000000 ____D () C:\Qoobox
2014-12-07 12:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-07 12:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-07 12:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-07 12:06 - 2014-12-07 12:19 - 00000000 ____D () C:\Windows\erdnt
2014-12-07 12:04 - 2014-12-07 12:04 - 05600430 ____R (Swearware) C:\Users\KerMa\Desktop\ComboFix.exe
2014-12-07 11:14 - 2014-12-07 11:15 - 00049223 _____ () C:\Users\KerMa\Desktop\Addition.txt
2014-12-07 11:13 - 2014-12-09 23:37 - 00013981 _____ () C:\Users\KerMa\Desktop\FRST.txt
2014-12-07 11:13 - 2014-12-09 23:37 - 00000000 ____D () C:\FRST
2014-12-07 11:04 - 2014-12-07 11:04 - 01111040 _____ (Farbar) C:\Users\KerMa\Desktop\FRST.exe
2014-12-05 20:09 - 2014-12-05 20:09 - 00200668 _____ () C:\Users\KerMa\Desktop\FRITZ.Box Fon WLAN 7270 v2 54.05.54_05.12.14_2009.export
2014-11-29 08:01 - 2014-11-29 08:01 - 00000199 _____ () C:\Windows\system32\2014-11-29-07-01-38.005-AvastVBoxSVC.exe-2268.log
2014-11-28 16:23 - 2014-11-28 16:24 - 00305064 _____ () C:\Users\KerMa\Desktop\support FRITZ.Box Fon WLAN 7270 v2 54.05.54_28.11.14_1623.txt
2014-11-28 10:14 - 2014-11-28 10:14 - 00000199 _____ () C:\Windows\system32\2014-11-28-09-14-32.095-AvastVBoxSVC.exe-2356.log
2014-11-25 10:15 - 2014-11-25 10:15 - 00000249 _____ () C:\Windows\system32\2014-11-25-09-15-05.025-aswFe.exe-4424.log
2014-11-25 09:56 - 2014-11-25 10:14 - 00000249 _____ () C:\Windows\system32\2014-11-25-08-56-24.032-aswFe.exe-3484.log
2014-11-25 09:56 - 2014-11-25 09:56 - 00000199 _____ () C:\Windows\system32\2014-11-25-08-56-08.047-AvastVBoxSVC.exe-5512.log
2014-11-22 11:44 - 2014-11-22 11:44 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-44-04.089-aswFe.exe-5932.log
2014-11-22 11:26 - 2014-11-22 11:43 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-26-56.055-aswFe.exe-728.log
2014-11-22 11:26 - 2014-11-22 11:26 - 00000199 _____ () C:\Windows\system32\2014-11-22-10-26-40.079-AvastVBoxSVC.exe-3656.log
2014-11-22 11:06 - 2014-11-22 11:07 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-22 10:58 - 2014-12-08 15:28 - 00011682 _____ () C:\Windows\PFRO.log
2014-11-21 14:06 - 2014-11-21 14:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-21 14:05 - 2014-11-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-19 09:26 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:26 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-16 03:12 - 2014-11-16 03:12 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Macromedia
2014-11-16 00:41 - 2014-11-16 00:41 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-16 00:41 - 2014-11-16 00:41 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\Users\KerMa\AppData\Local\NVIDIA
2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-15 00:09 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Floodlight Games
2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\ProgramData\Floodlight Games
2014-11-12 11:32 - 2014-11-12 11:32 - 00000000 __SHD () C:\Users\KerMa\AppData\Local\EmieBrowserModeList
2014-11-12 09:07 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 09:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:07 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:07 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:06 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 09:06 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:06 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 09:06 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 09:06 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 09:06 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 09:06 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:06 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:06 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 09:06 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:06 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:06 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 09:06 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 09:06 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 09:06 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:06 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:06 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 09:06 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:06 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:06 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:06 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 09:06 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:06 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 09:06 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:06 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:06 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:06 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 09:06 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 09:06 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 09:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:06 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:06 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:06 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:06 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:06 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:05 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:05 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:05 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 07:15 - 2014-12-09 08:54 - 00003548 _____ () C:\Windows\setupact.log
2014-11-11 07:15 - 2014-11-11 07:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-11 07:14 - 2014-11-12 11:26 - 00284168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 00:38 - 2014-11-11 00:38 - 00061288 _____ () C:\Users\KerMa\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 23:16 - 2010-04-29 13:08 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-09 23:02 - 2012-04-04 07:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 18:07 - 2014-05-20 19:56 - 01523083 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 12:09 - 2010-04-27 22:17 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Skype
2014-12-09 09:27 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 09:27 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 08:56 - 2014-02-15 01:50 - 00000000 ___RD () C:\Users\KerMa\Dropbox
2014-12-09 08:56 - 2014-02-15 01:48 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Dropbox
2014-12-09 08:55 - 2010-04-29 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-09 08:54 - 2012-09-05 14:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-09 08:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-08 12:22 - 2013-12-10 15:03 - 00000000 ____D () C:\QuickImmobilie 2014
2014-12-08 12:17 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-07 17:18 - 2011-06-15 22:04 - 00020480 ___SH () C:\Users\KerMa\Thumbs.db
2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-07 12:19 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-07 12:18 - 2010-03-13 21:34 - 00000000 ____D () C:\Users\KerMa
2014-12-07 02:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-30 17:14 - 2013-02-27 08:55 - 00000000 ____D () C:\Users\KerMa\Desktop\Damo
2014-11-26 19:02 - 2012-04-04 07:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-26 19:02 - 2011-05-16 08:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-22 11:07 - 2013-02-06 14:00 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Google
2014-11-22 11:07 - 2010-03-27 19:05 - 00000000 ____D () C:\Program Files\Google
2014-11-22 11:03 - 2010-03-13 23:37 - 00000000 ____D () C:\Users\KerMa\Desktop\Tools
2014-11-21 14:05 - 2014-05-01 09:17 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-21 14:05 - 2013-12-20 11:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-21 14:05 - 2013-03-15 23:38 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-21 14:05 - 2013-03-15 23:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-21 14:05 - 2012-02-25 17:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-21 14:05 - 2011-03-29 14:44 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-21 14:05 - 2010-03-13 22:52 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-21 14:05 - 2010-03-13 22:51 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-16 00:41 - 2014-01-16 12:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-15 19:52 - 2014-02-15 01:50 - 00001025 _____ () C:\Users\KerMa\Desktop\Dropbox.lnk
2014-11-15 19:52 - 2014-02-15 01:49 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 00:10 - 2012-09-05 14:48 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-15 00:10 - 2010-03-13 23:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-12 14:45 - 2013-10-10 15:48 - 00000000 ____D () C:\Windows\rescache
2014-11-12 14:02 - 2011-07-22 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-11-12 14:00 - 2014-05-23 11:36 - 00000000 ____D () C:\Program Files\DEUTSCHLAND SPIELT
2014-11-12 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-12 11:24 - 2014-04-30 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-12 11:19 - 2013-08-13 08:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 11:17 - 2010-03-13 22:11 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Admin\autoplaylist.dat
C:\Users\Admin\cddbcontrol.dll
C:\Users\Admin\cddblink.dll
C:\Users\Admin\cddbmusicid.dll
C:\Users\Admin\convert.exe
C:\Users\Admin\dbghelp.dll
C:\Users\Admin\dunzip32.dll
C:\Users\Admin\fixrjb.exe
C:\Users\Admin\hxaudiodevicehook.dll
C:\Users\Admin\ierjplug.dll
C:\Users\Admin\keys.dat
C:\Users\Admin\mc_enc_mp4v.dll
C:\Users\Admin\mmcdda32.dll
C:\Users\Admin\rdsf3260.dll
C:\Users\Admin\realconverter.exe
C:\Users\Admin\realjbox.exe
C:\Users\Admin\realplay.exe
C:\Users\Admin\realshare.exe
C:\Users\Admin\realtrimmer.exe
C:\Users\Admin\recordingmanager.exe
C:\Users\Admin\rjbres.dll
C:\Users\Admin\rjdlg.dll
C:\Users\Admin\rjprog.dll
C:\Users\Admin\rjwmapln.dll
C:\Users\Admin\rndevicedbbuilder.exe
C:\Users\Admin\rpau3260.dll
C:\Users\Admin\rphelperapp.exe
C:\Users\Admin\rpplugprot.dll
C:\Users\Admin\rpshell.dll
C:\Users\Admin\rpshellsearch.dll
C:\Users\Admin\rpwa3260.dll
C:\Users\Admin\strs23.dat
C:\Users\Admin\strs26.dat
C:\Users\Admin\tnetdtct.dll
C:\Users\Admin\tpasdk.dll
C:\Users\Admin\tsasdk.dll
C:\Users\Admin\wmdmhelper.dll


Some content of TEMP:
====================
C:\Users\KerMa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfwzzbw.dll
C:\Users\KerMa\AppData\Local\Temp\Quarantine.exe
C:\Users\KerMa\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 14:41

==================== End Of Log ============================
         
--- --- ---

Alt 10.12.2014, 19:07   #8
schrauber
/// the machine
/// TB-Ausbilder
 

WicaInventory.exe - Standard

WicaInventory.exe



ESET Funde sind in deinen Backups.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\$RECYCLE.BIN
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-547636488-2336383340-334652843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2235;https=127.0.0.1:2235
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



frisches FRST log bitte.Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.12.2014, 19:24   #9
MathiasZ
 
WicaInventory.exe - Standard

WicaInventory.exe



Ich glaube Du hast es erfolgreich geschafft! :-)

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-12-2014 01
Ran by KerMa at 2014-12-10 19:10:52 Run:1
Running from C:\Users\KerMa\Desktop
Loaded Profiles: KerMa &  (Available profiles: KerMa & Admin & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\$RECYCLE.BIN
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-547636488-2336383340-334652843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2235;https=127.0.0.1:2235
Emptytemp:
*****************

C:\$RECYCLE.BIN => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-547636488-2336383340-334652843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 266.1 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by KerMa (administrator) on KERMA-PC on 10-12-2014 19:21:13
Running from C:\Users\KerMa\Desktop
Loaded Profile: KerMa (Available profiles: KerMa & Admin & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\RunOnce: [Adobe Speed Launcher] => 1418235410
Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk
ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x757589A8B75FCB01
HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> DefaultScope {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\KerMa\AppData\Roaming\Mozilla\Firefox\Profiles\xssqguqz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> c:\users\admin\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> c:\users\admin\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.660 -> c:\users\admin\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-29]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-15]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-21] (Avast Software)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [321776 2013-01-30] (Logitech, Inc.)
R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-03-19] ()
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-03-19] ()
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2010-01-14] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [25376 2010-01-14] (Windows (R) Codename Longhorn DDK provider)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2014-11-21] (Avast Software)
S3 aaudstum; \??\C:\Users\KerMa\AppData\Local\Temp\aaudstum.sys [X]
S3 catchme; \??\C:\Users\KerMa\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 15:26 - 2014-12-10 15:26 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 15:09 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 11:15 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 11:15 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 11:15 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 11:15 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 11:15 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 11:15 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 11:15 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 11:15 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 11:15 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 11:15 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:15 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:15 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 11:15 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:15 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 11:15 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 11:15 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 11:15 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:15 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:15 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 11:15 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:15 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 11:15 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 11:15 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 11:15 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:15 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:15 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:15 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 11:15 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:15 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:15 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:15 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:15 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 11:15 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:15 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 11:15 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:15 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:15 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:15 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 11:15 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 11:15 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 11:14 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 11:14 - 2014-10-30 02:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 11:14 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 11:14 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 11:14 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 11:14 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 11:14 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 11:14 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 23:37 - 2014-12-09 23:37 - 00000873 _____ () C:\Users\KerMa\Desktop\checkup.txt
2014-12-09 23:34 - 2014-12-09 23:34 - 00852490 _____ () C:\Users\KerMa\Desktop\SecurityCheck.exe
2014-12-09 12:04 - 2014-12-09 12:04 - 02347384 _____ (ESET) C:\Users\KerMa\Desktop\esetsmartinstaller_deu.exe
2014-12-08 15:51 - 2014-12-08 15:51 - 00000625 _____ () C:\Users\KerMa\Desktop\JRT.txt
2014-12-08 15:37 - 2014-12-08 15:37 - 00000000 ____D () C:\Windows\ERUNT
2014-12-08 15:35 - 2014-12-08 15:35 - 01707646 _____ (Thisisu) C:\Users\KerMa\Desktop\JRT.exe
2014-12-08 15:33 - 2014-12-08 15:33 - 00001287 _____ () C:\Users\KerMa\Desktop\AdwCleaner[S3].txt
2014-12-08 15:23 - 2014-12-08 15:26 - 00000000 ____D () C:\AdwCleaner
2014-12-08 15:23 - 2014-12-08 15:23 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 15:22 - 2014-12-08 15:22 - 02153472 _____ () C:\Users\KerMa\Desktop\AdwCleaner_4.104.exe
2014-12-08 15:20 - 2014-12-08 15:20 - 00001203 _____ () C:\Users\KerMa\Desktop\mbam.txt
2014-12-08 15:06 - 2014-12-08 15:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 15:06 - 2014-12-08 15:06 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-12-08 15:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-08 15:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-08 15:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-08 15:05 - 2014-12-08 15:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\KerMa\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-07 14:42 - 2014-12-07 14:42 - 00000000 ____D () C:\Users\KerMa\Desktop\Quick Immo - DaSi
2014-12-07 12:40 - 2014-12-07 12:41 - 00000000 ___SD () C:\ComboFix
2014-12-07 12:07 - 2014-12-07 12:41 - 00000000 ____D () C:\Qoobox
2014-12-07 12:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-07 12:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-07 12:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-07 12:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-07 12:06 - 2014-12-07 12:19 - 00000000 ____D () C:\Windows\erdnt
2014-12-07 12:04 - 2014-12-07 12:04 - 05600430 ____R (Swearware) C:\Users\KerMa\Desktop\ComboFix.exe
2014-12-07 11:14 - 2014-12-07 11:15 - 00049223 _____ () C:\Users\KerMa\Desktop\Addition.txt
2014-12-07 11:13 - 2014-12-10 19:21 - 00014269 _____ () C:\Users\KerMa\Desktop\FRST.txt
2014-12-07 11:13 - 2014-12-10 19:21 - 00000000 ____D () C:\FRST
2014-12-07 11:04 - 2014-12-07 11:04 - 01111040 _____ (Farbar) C:\Users\KerMa\Desktop\FRST.exe
2014-12-05 20:09 - 2014-12-05 20:09 - 00200668 _____ () C:\Users\KerMa\Desktop\FRITZ.Box Fon WLAN 7270 v2 54.05.54_05.12.14_2009.export
2014-11-29 08:01 - 2014-11-29 08:01 - 00000199 _____ () C:\Windows\system32\2014-11-29-07-01-38.005-AvastVBoxSVC.exe-2268.log
2014-11-28 16:23 - 2014-11-28 16:24 - 00305064 _____ () C:\Users\KerMa\Desktop\support FRITZ.Box Fon WLAN 7270 v2 54.05.54_28.11.14_1623.txt
2014-11-28 10:14 - 2014-11-28 10:14 - 00000199 _____ () C:\Windows\system32\2014-11-28-09-14-32.095-AvastVBoxSVC.exe-2356.log
2014-11-25 10:15 - 2014-11-25 10:15 - 00000249 _____ () C:\Windows\system32\2014-11-25-09-15-05.025-aswFe.exe-4424.log
2014-11-25 09:56 - 2014-11-25 10:14 - 00000249 _____ () C:\Windows\system32\2014-11-25-08-56-24.032-aswFe.exe-3484.log
2014-11-25 09:56 - 2014-11-25 09:56 - 00000199 _____ () C:\Windows\system32\2014-11-25-08-56-08.047-AvastVBoxSVC.exe-5512.log
2014-11-22 11:44 - 2014-11-22 11:44 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-44-04.089-aswFe.exe-5932.log
2014-11-22 11:26 - 2014-11-22 11:43 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-26-56.055-aswFe.exe-728.log
2014-11-22 11:26 - 2014-11-22 11:26 - 00000199 _____ () C:\Windows\system32\2014-11-22-10-26-40.079-AvastVBoxSVC.exe-3656.log
2014-11-22 11:06 - 2014-11-22 11:07 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-22 10:58 - 2014-12-10 19:13 - 00017340 _____ () C:\Windows\PFRO.log
2014-11-21 14:06 - 2014-11-21 14:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-21 14:05 - 2014-11-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-19 09:26 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:26 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-16 03:12 - 2014-11-16 03:12 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Macromedia
2014-11-16 00:41 - 2014-11-16 00:41 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-16 00:41 - 2014-11-16 00:41 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\Users\KerMa\AppData\Local\NVIDIA
2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-15 00:09 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Floodlight Games
2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\ProgramData\Floodlight Games
2014-11-12 11:32 - 2014-11-12 11:32 - 00000000 __SHD () C:\Users\KerMa\AppData\Local\EmieBrowserModeList
2014-11-12 09:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:07 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:07 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:06 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:06 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:06 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:06 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:06 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 07:15 - 2014-12-10 19:13 - 00003772 _____ () C:\Windows\setupact.log
2014-11-11 07:15 - 2014-11-11 07:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-11 07:14 - 2014-11-12 11:26 - 00284168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 00:38 - 2014-11-11 00:38 - 00061288 _____ () C:\Users\KerMa\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 19:16 - 2010-04-29 13:08 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-10 19:15 - 2014-02-15 01:50 - 00000000 ___RD () C:\Users\KerMa\Dropbox
2014-12-10 19:15 - 2014-02-15 01:48 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Dropbox
2014-12-10 19:15 - 2010-04-27 22:17 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Skype
2014-12-10 19:14 - 2014-05-02 09:10 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-10 19:13 - 2012-09-05 14:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-10 19:13 - 2010-04-29 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-10 19:13 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 19:12 - 2014-05-20 19:56 - 01766879 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 19:10 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-10 19:02 - 2012-04-04 07:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 18:16 - 2014-10-12 08:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 16:15 - 2013-10-10 15:48 - 00000000 ____D () C:\Windows\rescache
2014-12-10 16:02 - 2012-04-04 07:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 16:02 - 2011-05-16 08:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 15:35 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 15:35 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 15:26 - 2014-04-30 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 15:02 - 2013-08-13 08:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 15:02 - 2010-03-13 22:11 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 12:22 - 2013-12-10 15:03 - 00000000 ____D () C:\QuickImmobilie 2014
2014-12-08 12:17 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-07 17:18 - 2011-06-15 22:04 - 00020480 ___SH () C:\Users\KerMa\Thumbs.db
2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-07 12:19 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-07 12:18 - 2010-03-13 21:34 - 00000000 ____D () C:\Users\KerMa
2014-12-07 02:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-30 17:14 - 2013-02-27 08:55 - 00000000 ____D () C:\Users\KerMa\Desktop\Damo
2014-11-22 11:07 - 2013-02-06 14:00 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Google
2014-11-22 11:07 - 2010-03-27 19:05 - 00000000 ____D () C:\Program Files\Google
2014-11-22 11:03 - 2010-03-13 23:37 - 00000000 ____D () C:\Users\KerMa\Desktop\Tools
2014-11-21 14:05 - 2014-05-01 09:17 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-21 14:05 - 2013-12-20 11:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-21 14:05 - 2013-03-15 23:38 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-21 14:05 - 2013-03-15 23:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-21 14:05 - 2012-02-25 17:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-21 14:05 - 2011-03-29 14:44 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-21 14:05 - 2010-03-13 22:52 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-21 14:05 - 2010-03-13 22:51 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-16 00:41 - 2014-01-16 12:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-15 19:52 - 2014-02-15 01:50 - 00001025 _____ () C:\Users\KerMa\Desktop\Dropbox.lnk
2014-11-15 19:52 - 2014-02-15 01:49 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 00:10 - 2012-09-05 14:48 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-15 00:10 - 2010-03-13 23:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-12 14:02 - 2011-07-22 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-11-12 14:00 - 2014-05-23 11:36 - 00000000 ____D () C:\Program Files\DEUTSCHLAND SPIELT
2014-11-12 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles

Files to move or delete:
====================
C:\Users\Admin\autoplaylist.dat
C:\Users\Admin\cddbcontrol.dll
C:\Users\Admin\cddblink.dll
C:\Users\Admin\cddbmusicid.dll
C:\Users\Admin\convert.exe
C:\Users\Admin\dbghelp.dll
C:\Users\Admin\dunzip32.dll
C:\Users\Admin\fixrjb.exe
C:\Users\Admin\hxaudiodevicehook.dll
C:\Users\Admin\ierjplug.dll
C:\Users\Admin\keys.dat
C:\Users\Admin\mc_enc_mp4v.dll
C:\Users\Admin\mmcdda32.dll
C:\Users\Admin\rdsf3260.dll
C:\Users\Admin\realconverter.exe
C:\Users\Admin\realjbox.exe
C:\Users\Admin\realplay.exe
C:\Users\Admin\realshare.exe
C:\Users\Admin\realtrimmer.exe
C:\Users\Admin\recordingmanager.exe
C:\Users\Admin\rjbres.dll
C:\Users\Admin\rjdlg.dll
C:\Users\Admin\rjprog.dll
C:\Users\Admin\rjwmapln.dll
C:\Users\Admin\rndevicedbbuilder.exe
C:\Users\Admin\rpau3260.dll
C:\Users\Admin\rphelperapp.exe
C:\Users\Admin\rpplugprot.dll
C:\Users\Admin\rpshell.dll
C:\Users\Admin\rpshellsearch.dll
C:\Users\Admin\rpwa3260.dll
C:\Users\Admin\strs23.dat
C:\Users\Admin\strs26.dat
C:\Users\Admin\tnetdtct.dll
C:\Users\Admin\tpasdk.dll
C:\Users\Admin\tsasdk.dll
C:\Users\Admin\wmdmhelper.dll


Some content of TEMP:
====================
C:\Users\KerMa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwekabk.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 14:41

==================== End Of Log ============================
         
--- --- ---

Alt 11.12.2014, 19:51   #10
schrauber
/// the machine
/// TB-Ausbilder
 

WicaInventory.exe - Standard

WicaInventory.exe



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu WicaInventory.exe
adware, antivirus, canon, chromium, defender, fehlercode 0x5, fehlercode 0xc0000005, fehlercode windows, flash player, freemium, html/phishing.agent.a, java/exploit.cve-2012-1723.kh, pirates, prozessor, security, services.exe, software, spyhunter, spyhunter entfernen, svchost.exe, teredo, this device cannot start. (code10), wickel, win32/adware.1clickdownload.at, win32/complitly.a, win32/packed.autoit.e.gen, win32/systweak.a, windows, windows xp, wscript.exe





Zum Thema WicaInventory.exe - Hallo und guten Tag. Seit dem heutigen Rechnerstart meldet mir Avast die Datei "WicaInventory.ex" als Bedrohung. Mein Betriebssystem ist Win7 Professional 32 Bit. Danke für die Hilfe im Voraus. Viele - WicaInventory.exe...
Archiv
Du betrachtest: WicaInventory.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.