Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mein Virenprogramm springt ständig an

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.04.2015, 18:46   #1
nadineo2403
 
Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



Hallo.

Ich bin überhaupt kein Computerexperte und hoffe doch sehr das ihr mir hier helfen könnt.
Seit zwei Tagen springt Avast regelmäßig an und sagt er hätte xxxseite blockiert. Das es mal vorkommt okay. Aber alle 15-30 Minuten? Ich habe mir in letzter Zeit nur Picasa Bildbearbeitung) runtergeladen. Aber auch dabei drauf geachtet das ich nichts zusätzliches runterlade. In den Programmen ist auch nichts drin. Adw und Antimalware Programme finden nichts. Nun weiß ich nicht ob ich irgendein Virus drauf habe oder nicht?

Ich habe einen Laptop mit Windows 7. Mehr weiß ich leider nicht :-(

Alt 13.04.2015, 18:47   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 13.04.2015, 19:04   #3
nadineo2403
 
Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



Oh je. Ich hoffe ich poste jetzt das richtige? Wenn nicht bitte nochmal schreiben.
__________________

Alt 13.04.2015, 20:07   #4
nadineo2403
 
Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



War das denn richtig so? Oder muss ich das alles kopieren und einfügen?

Alt 14.04.2015, 10:40   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.04.2015, 11:54   #6
nadineo2403
 
Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Nadin (administrator) on NADIN-PC on 13-04-2015 19:59:53
Running from C:\Users\Nadin\Desktop
Loaded Profiles: Nadin (Available profiles: Nadin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
( ) C:\Windows\System32\lxczcoms.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-10-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Run: [Alamandi tray notifier] => C:\Program Files (x86)\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Run: [Hoolapp Android] => "C:\Users\Nadin\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\MountPoints2: {1c20f21a-91eb-11e4-8f79-206a8a1e498a} - F:\Startme.exe
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\MountPoints2: {32481fd8-015a-11e2-af54-206a8a1e498a} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\MountPoints2: {32481ff0-015a-11e2-af54-206a8a1e498a} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Nadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\Nadin\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Users\Nadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1892582679-3047668497-1527463922-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-30] (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Nadin\AppData\Roaming\Mozilla\Firefox\Profiles\ljye4qdy.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter4\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1892582679-3047668497-1527463922-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nadin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-03-09] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Nadin\AppData\Roaming\Mozilla\Firefox\Profiles\ljye4qdy.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-11]
FF Extension: Adblock Plus - C:\Users\Nadin\AppData\Roaming\Mozilla\Firefox\Profiles\ljye4qdy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter4\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-30]
FF HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-11]

Chrome: 
=======
CHR Profile: C:\Users\Nadin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-15]
CHR Extension: (Google Wallet) - C:\Users\Nadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-30] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-30] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-04] () [File not signed]
U3 avx1r9ko; C:\Windows\System32\Drivers\avx1r9ko.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 19:59 - 2015-04-13 20:00 - 00020106 _____ () C:\Users\Nadin\Desktop\FRST.txt
2015-04-13 19:59 - 2015-04-13 19:59 - 02096640 _____ (Farbar) C:\Users\Nadin\Desktop\FRST64.exe
2015-04-13 19:59 - 2015-04-13 19:59 - 00000000 ____D () C:\FRST
2015-04-13 19:29 - 2015-04-13 19:29 - 00011663 _____ () C:\Users\Nadin\Desktop\attach.txt
2015-04-13 19:29 - 2015-04-13 19:28 - 00024930 _____ () C:\Users\Nadin\Desktop\dds.txt
2015-04-13 19:26 - 2015-04-13 19:26 - 00688992 ____R (Swearware) C:\Users\Nadin\Desktop\dds.com
2015-04-13 19:11 - 2015-04-13 19:12 - 00000000 ____D () C:\AdwCleaner
2015-04-13 17:47 - 2015-04-13 17:47 - 02217984 _____ () C:\Users\Nadin\Downloads\adwcleaner_4.201.exe
2015-04-06 09:47 - 2015-04-06 09:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 09:47 - 2015-04-06 09:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-01 21:58 - 2015-04-01 21:58 - 00374930 _____ () C:\Users\Nadin\Documents\hüttensee.wlmp
2015-03-29 19:54 - 2015-03-29 20:00 - 00000000 ___HD () C:\Users\Nadin\Downloads\.picasaoriginals
2015-03-29 19:51 - 2015-03-29 20:08 - 00000889 ____H () C:\Users\Nadin\Downloads\.picasa.ini
2015-03-29 18:40 - 2015-03-29 18:40 - 00001114 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-03-29 18:40 - 2015-03-29 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-03-29 18:39 - 2015-03-29 18:39 - 17385800 _____ (Google Inc.) C:\Users\Nadin\Downloads\picasa39-setup.exe
2015-03-29 18:20 - 2015-03-29 18:20 - 00003285 _____ () C:\Users\Nadin\AppData\Local\recently-used.xbel
2015-03-29 17:51 - 2015-03-29 18:24 - 00000000 ____D () C:\Users\Nadin\AppData\Local\gtk-2.0
2015-03-29 17:46 - 2015-03-29 18:42 - 00000000 ____D () C:\Users\Nadin\.gimp-2.8
2015-03-29 17:46 - 2015-03-29 17:46 - 00000000 ____D () C:\Users\Nadin\AppData\Local\gegl-0.2
2015-03-29 17:38 - 2015-03-29 17:39 - 91670064 _____ (The GIMP Team ) C:\Users\Nadin\Downloads\gimp-2.8.14-setup.exe
2015-03-26 10:32 - 2015-03-26 10:32 - 06006105 _____ () C:\Users\Nadin\Documents\Noa einschulung.odt
2015-03-23 13:15 - 2015-04-11 12:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 20:14 - 2015-03-22 20:14 - 02171392 _____ () C:\Users\Nadin\Downloads\adwcleaner_4.112.exe
2015-03-22 19:22 - 2015-03-22 19:22 - 00003148 _____ () C:\Windows\System32\Tasks\{A5678DA7-750B-4858-9AA0-D076CA18120C}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 19:56 - 2012-10-14 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 19:48 - 2014-05-09 20:50 - 01864945 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 19:15 - 2015-01-31 20:30 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 18:02 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 18:02 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 17:59 - 2010-10-13 13:03 - 00710150 _____ () C:\Windows\system32\perfh007.dat
2015-04-13 17:59 - 2010-10-13 13:03 - 00154554 _____ () C:\Windows\system32\perfc007.dat
2015-04-13 17:59 - 2009-07-14 07:13 - 01649556 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 17:55 - 2015-01-31 20:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 17:54 - 2014-12-27 14:09 - 00004695 _____ () C:\Windows\setupact.log
2015-04-13 17:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 07:19 - 2010-12-20 13:19 - 00000000 ____D () C:\Users\Nadin\AppData\Local\Adobe
2015-04-12 06:38 - 2014-07-30 21:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-11 12:49 - 2015-02-12 14:00 - 00011270 _____ () C:\Windows\PFRO.log
2015-04-11 12:49 - 2012-06-03 10:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-11 12:48 - 2010-12-24 13:48 - 00234886 _____ () C:\Windows\wininit.ini
2015-04-11 09:38 - 2014-06-02 18:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 18:41 - 2010-12-19 14:04 - 00000000 ____D () C:\Users\Nadin\AppData\Local\Google
2015-03-29 18:40 - 2010-04-12 22:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-29 17:47 - 2010-12-19 13:56 - 00000000 ____D () C:\Users\Nadin
2015-03-22 20:23 - 2014-05-07 20:17 - 00000981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-22 20:23 - 2012-06-03 10:03 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-22 20:23 - 2010-12-19 13:57 - 00000999 _____ () C:\Users\Nadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-19 16:04 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2012-08-22 17:47 - 2012-08-22 18:40 - 0009234 _____ () C:\Users\Nadin\AppData\Roaming\nadin.xml
2011-10-04 15:59 - 2011-10-04 15:59 - 0000239 _____ () C:\Users\Nadin\AppData\Roaming\prefsdb.dat
2012-08-22 17:43 - 2012-08-22 18:40 - 0001042 _____ () C:\Users\Nadin\AppData\Roaming\users.xml
2010-12-26 14:34 - 2010-12-26 14:34 - 0000000 _____ () C:\Users\Nadin\AppData\Roaming\wklnhst.dat
2014-01-20 16:52 - 2014-01-20 16:52 - 0009216 _____ () C:\Users\Nadin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-17 10:28 - 2011-04-17 10:28 - 0000093 _____ () C:\Users\Nadin\AppData\Local\fusioncache.dat
2015-03-29 18:20 - 2015-03-29 18:20 - 0003285 _____ () C:\Users\Nadin\AppData\Local\recently-used.xbel
2014-05-11 11:18 - 2014-05-11 11:18 - 0000085 ___SH () C:\ProgramData\.zreglib
2010-10-13 03:18 - 2010-10-13 03:22 - 0007832 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-04-12 22:39 - 2010-01-27 16:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-05-02 12:47 - 2014-07-04 10:10 - 0012177 _____ () C:\ProgramData\hpzinstall.log
2011-01-04 19:47 - 2011-01-04 19:48 - 0000091 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Nadin\AppData\Local\Temp\BackupSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 14:38

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Nadin at 2015-04-13 20:01:00
Running from C:\Users\Nadin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.184.610 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.184.610 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.5.0715 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{19C5B2DA-1CF9-0274-94AF-84783471FF83}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DivxToDVD 0.5.2b (HKLM-x32\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Empires Dawn of the Modern World (HKLM-x32\...\Empires Dawn of the Modern World) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free DVD Video Burner version 3.2.8.327 (HKLM-x32\...\Free DVD Video Burner_is1) (Version: 3.2.8.327 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.06 - Acer Inc.)
League of Light: Die Heilerin Sammleredition (HKLM-x32\...\BFG-League of Light - Die Heilerin Sammleredition) (Version:  - )
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook.de (HKLM-x32\...\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.2.3-754 - myphotobook GmbH)
myphotobook.de (x32 Version: 1.2.3 - myphotobook GmbH) Hidden
Myths of the World: Schwarze Rose Sammleredition (HKLM-x32\...\BFG-Myths of the World - Schwarze Rose Sammleredition) (Version:  - )
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OneClickRoot (HKLM-x32\...\OneClickRoot) (Version: 1.0 - OneClickRoot)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SecondLifeViewer2 (remove only) (HKLM-x32\...\SecondLifeViewer2) (Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3013 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-03-2015 18:28:35 Uniblue SpeedUpMyPC installation
22-03-2015 18:29:41 Uniblue DriverScanner installation
24-03-2015 13:13:18 Windows Update
29-03-2015 14:32:19 Windows Update
03-04-2015 09:25:34 Windows Update
06-04-2015 09:45:45 Windows Update
10-04-2015 19:19:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C4A2F5D-7486-4BB0-86B5-39982EA5EC11} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {14B9054C-19D7-4ABF-A462-91BB82490589} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {16FC1F95-5727-413A-BE36-67467F54057B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-30] (AVAST Software)
Task: {17CAD760-A1B8-4318-AC78-2C7FB66EAB37} - System32\Tasks\{02CFE003-DC52-49F4-A403-43DAB3E8EEE2} => pcalua.exe -a "F:\Dokumente und Einstellungen\Rene\Eigene Dateien\Nero 8\Installation\Setup\UninstallNero.exe" -d "F:\Dokumente und Einstellungen\Rene\Eigene Dateien\Nero 8\Installation\Setup"
Task: {17E2F743-C9E2-44AA-AF24-F7FF3F352387} - System32\Tasks\{B919C388-69E6-4912-A7D2-631587827BC8} => pcalua.exe -a C:\Users\Nadin\Downloads\mystery-age-die-dunklen-priester_s2_l2_gF5993T1L2_d1154161229.exe -d C:\Users\Nadin\Downloads
Task: {1902DE73-62BE-4704-8C68-36A911B47AB2} - System32\Tasks\{6BA3C2C1-633A-4511-BA24-F769E18D4E9E} => pcalua.exe -a F:\setup_vmc_lite.exe -d F:\ -c /checkApplicationPresence
Task: {1AED0626-F1B6-4BA4-B40C-4B764527C5AB} - System32\Tasks\{7392D5BC-3432-487E-8E39-D9DC71F81E98} => pcalua.exe -a C:\Users\Nadin\Downloads\phantasmat-sammleredition_s2_l2_gF6117T1L2_d1169005085.exe -d C:\Users\Nadin\Downloads
Task: {25877D01-764D-4AA3-8AF6-043610BF0DC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
Task: {2EBCD357-D090-4FBB-9B32-91CB350BF9FE} - System32\Tasks\{BAF74A58-2761-43C4-9472-A273C22BB7FA} => pcalua.exe -a C:\Users\Nadin\Downloads\victorian-mysteries-die-frau-in-weiss_s2_l2_gF6544T1L2_d1147404997.exe -d C:\Users\Nadin\Downloads
Task: {4ED6D7F0-A8C7-4C3C-870B-24B92A0CC320} - System32\Tasks\{2A752EAC-F213-41FC-8966-29856400A74E} => pcalua.exe -a C:\Users\Nadin\Downloads\time-mysteries-das-erbe_s2_l2_gF5985T1L2_d1177978090.exe -d C:\Users\Nadin\Downloads
Task: {5095F4B8-DB14-42A9-A0E2-7813487CE795} - System32\Tasks\{1503EE6E-38E0-43DE-AA42-631BD99967FA} => pcalua.exe -a C:\Users\Nadin\Downloads\weihnachtswunderland_s2_l2_gF6075T1L2_d1152482049.exe -d C:\Users\Nadin\Downloads
Task: {54DF47E3-60AD-48DB-BBCD-0EB6632ED0C5} - System32\Tasks\{3EDCDF00-86DE-455F-839A-F6CB93EB6659} => pcalua.exe -a D:\setup\rsrc\Autorun.exe -d D:\
Task: {5FFE1ECF-8B26-416E-87A9-B8D5C844A637} - System32\Tasks\{B697F77B-215F-4C66-BCBC-44221D6A3CFE} => pcalua.exe -a "F:\Dokumente und Einstellungen\Rene\Eigene Dateien\Nero 8\Installation\Setup\NeroDelTmp.exe" -d "F:\Dokumente und Einstellungen\Rene\Eigene Dateien\Nero 8\Installation\Setup"
Task: {60795A96-5CE8-4CE4-8384-67785877BE1E} - System32\Tasks\{0C62270D-6856-4927-8336-D7DC746568FC} => pcalua.exe -a C:\PROGRA~2\ACTIVI~1\EMPIRE~1\Uninstall\Unwise.exe -c /u C:\PROGRA~2\ACTIVI~1\EMPIRE~1\Uninstall\Install.log
Task: {60E89A77-C14F-4530-82AB-1D3396EE422E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {66909364-9324-4B9D-9399-DA4E66DB55F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {76B51E5A-765E-4BB6-B077-C7F670B47E71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {7C434305-33DF-4677-B958-F557446273C2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {96C4B697-8150-44B3-A06C-56DA512962B1} - System32\Tasks\{A5678DA7-750B-4858-9AA0-D076CA18120C} => pcalua.exe -a C:\Users\Nadin\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=tugs
Task: {A4D34581-5FAC-405E-AFDE-38DC1BB21086} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AD1A00B9-BF37-4E99-A84F-E28FEBA82670} - System32\Tasks\avastBCLRestartS-1-5-21-1892582679-3047668497-1527463922-1000 => Firefox.exe 
Task: {B662EA85-7C73-48C6-B0F2-A58B67F2B959} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
Task: {B8937F67-19A0-4418-8A51-4908BBE52792} - System32\Tasks\{46BB07A7-FF5E-4FFF-9326-F98058BA6166} => pcalua.exe -a C:\Users\Nadin\Downloads\samantha-swift-and-the-hidden-roses-of-athena_s2_l2_gF2686T1L2_d1147404767.exe -d C:\Users\Nadin\Downloads
Task: {D03BDD86-B591-40D6-8360-EA78F74B08F7} - System32\Tasks\AdobeAAMUpdater-1.0-Nadin-PC-Nadin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {D38D3F59-951B-466A-BA08-A8CC2ECAAF94} - System32\Tasks\{71A6C8AB-60CE-4342-96D5-8BD297124E73} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {F8CEB7A4-07E8-4BC8-80DC-B6ECC553A3B5} - System32\Tasks\{2C1F26EB-1B62-4AE4-B2D5-A2F3B4186E92} => pcalua.exe -a C:\Users\Nadin\Downloads\farm-tribe_s2_l2_gF6576T1L2_d1191159044.exe -d C:\Users\Nadin\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-12-30 19:40 - 2010-03-15 12:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-10-13 03:17 - 2010-10-13 03:17 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-03-26 10:41 - 2010-03-26 10:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-13 03:16 - 2010-10-13 03:16 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-30 21:12 - 2014-07-30 21:13 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-04-13 16:08 - 2015-04-13 16:08 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15041301\algo.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2011-01-17 17:19 - 2011-02-08 16:22 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-07-30 21:13 - 2014-07-30 21:13 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-05 05:56 - 2015-02-05 05:56 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:012BC84F
AlternateDataStreams: C:\ProgramData\Temp:014BC3B4
AlternateDataStreams: C:\ProgramData\Temp:01690B01
AlternateDataStreams: C:\ProgramData\Temp:0205B36B
AlternateDataStreams: C:\ProgramData\Temp:021496FB
AlternateDataStreams: C:\ProgramData\Temp:02B823FE
AlternateDataStreams: C:\ProgramData\Temp:02CC0035
AlternateDataStreams: C:\ProgramData\Temp:02F30776
AlternateDataStreams: C:\ProgramData\Temp:036AA5DD
AlternateDataStreams: C:\ProgramData\Temp:03D08225
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:041C0562
AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:04B1A0AC
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:04EAB86F
AlternateDataStreams: C:\ProgramData\Temp:0696EC8E
AlternateDataStreams: C:\ProgramData\Temp:073139EC
AlternateDataStreams: C:\ProgramData\Temp:07C99568
AlternateDataStreams: C:\ProgramData\Temp:07CBFAD5
AlternateDataStreams: C:\ProgramData\Temp:081C427E
AlternateDataStreams: C:\ProgramData\Temp:084612C9
AlternateDataStreams: C:\ProgramData\Temp:08767DE0
AlternateDataStreams: C:\ProgramData\Temp:0915A718
AlternateDataStreams: C:\ProgramData\Temp:092BD83A
AlternateDataStreams: C:\ProgramData\Temp:09629F6E
AlternateDataStreams: C:\ProgramData\Temp:097C4B7D
AlternateDataStreams: C:\ProgramData\Temp:09AEED56
AlternateDataStreams: C:\ProgramData\Temp:0A701F26
AlternateDataStreams: C:\ProgramData\Temp:0AD90625
AlternateDataStreams: C:\ProgramData\Temp:0B79AB8D
AlternateDataStreams: C:\ProgramData\Temp:0BACBDD9
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A
AlternateDataStreams: C:\ProgramData\Temp:0BCD47A5
AlternateDataStreams: C:\ProgramData\Temp:0C2A17F2
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0C988F7D
AlternateDataStreams: C:\ProgramData\Temp:0C98AF11
AlternateDataStreams: C:\ProgramData\Temp:0CEE6109
AlternateDataStreams: C:\ProgramData\Temp:0D52F295
AlternateDataStreams: C:\ProgramData\Temp:0EBD727C
AlternateDataStreams: C:\ProgramData\Temp:0ED1C542
AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:109734F6
AlternateDataStreams: C:\ProgramData\Temp:10B970A9
AlternateDataStreams: C:\ProgramData\Temp:10CB85CA
AlternateDataStreams: C:\ProgramData\Temp:10D45FC3
AlternateDataStreams: C:\ProgramData\Temp:114C90CA
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:115EA582
AlternateDataStreams: C:\ProgramData\Temp:120B3AFD
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:122B409D
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:124B94C0
AlternateDataStreams: C:\ProgramData\Temp:126591AF
AlternateDataStreams: C:\ProgramData\Temp:128B55C8
AlternateDataStreams: C:\ProgramData\Temp:12D21A9A
AlternateDataStreams: C:\ProgramData\Temp:13019F4B
AlternateDataStreams: C:\ProgramData\Temp:1309637A
AlternateDataStreams: C:\ProgramData\Temp:13CDB0E0
AlternateDataStreams: C:\ProgramData\Temp:1416AAA6
AlternateDataStreams: C:\ProgramData\Temp:14362DF8
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:15734396
AlternateDataStreams: C:\ProgramData\Temp:15752405
AlternateDataStreams: C:\ProgramData\Temp:159A493A
AlternateDataStreams: C:\ProgramData\Temp:1604D047
AlternateDataStreams: C:\ProgramData\Temp:164561C8
AlternateDataStreams: C:\ProgramData\Temp:164FA86E
AlternateDataStreams: C:\ProgramData\Temp:169E7AC5
AlternateDataStreams: C:\ProgramData\Temp:16F4BC64
AlternateDataStreams: C:\ProgramData\Temp:178093AE
AlternateDataStreams: C:\ProgramData\Temp:17F7AEA3
AlternateDataStreams: C:\ProgramData\Temp:183A9046
AlternateDataStreams: C:\ProgramData\Temp:18B241CC
AlternateDataStreams: C:\ProgramData\Temp:18B5F839
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51
AlternateDataStreams: C:\ProgramData\Temp:18E4BF6C
AlternateDataStreams: C:\ProgramData\Temp:193CB03B
AlternateDataStreams: C:\ProgramData\Temp:195E8317
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1A5822A3
AlternateDataStreams: C:\ProgramData\Temp:1B3549F2
AlternateDataStreams: C:\ProgramData\Temp:1B389835
AlternateDataStreams: C:\ProgramData\Temp:1B9E79B3
AlternateDataStreams: C:\ProgramData\Temp:1C201DEB
AlternateDataStreams: C:\ProgramData\Temp:1CD511E5
AlternateDataStreams: C:\ProgramData\Temp:1D5FADCD
AlternateDataStreams: C:\ProgramData\Temp:1E288DA3
AlternateDataStreams: C:\ProgramData\Temp:1E2D49E0
AlternateDataStreams: C:\ProgramData\Temp:1E942FB9
AlternateDataStreams: C:\ProgramData\Temp:1EC13383
AlternateDataStreams: C:\ProgramData\Temp:1EE5EBCB
AlternateDataStreams: C:\ProgramData\Temp:1F979A92
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:20ABE827
AlternateDataStreams: C:\ProgramData\Temp:217A2324
AlternateDataStreams: C:\ProgramData\Temp:217A2A36
AlternateDataStreams: C:\ProgramData\Temp:219DB32E
AlternateDataStreams: C:\ProgramData\Temp:220E9B9E
AlternateDataStreams: C:\ProgramData\Temp:2216A431
AlternateDataStreams: C:\ProgramData\Temp:22313216
AlternateDataStreams: C:\ProgramData\Temp:2313511A
AlternateDataStreams: C:\ProgramData\Temp:2339C9FD
AlternateDataStreams: C:\ProgramData\Temp:236FF5C6
AlternateDataStreams: C:\ProgramData\Temp:23834E1E
AlternateDataStreams: C:\ProgramData\Temp:244E4E3A
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:254AD2ED
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:26499772
AlternateDataStreams: C:\ProgramData\Temp:2701CA70
AlternateDataStreams: C:\ProgramData\Temp:274516E7
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:27C3CD07
AlternateDataStreams: C:\ProgramData\Temp:27D1368B
AlternateDataStreams: C:\ProgramData\Temp:282CE153
AlternateDataStreams: C:\ProgramData\Temp:2871B698
AlternateDataStreams: C:\ProgramData\Temp:28819F45
AlternateDataStreams: C:\ProgramData\Temp:28BE9DE0
AlternateDataStreams: C:\ProgramData\Temp:28CDD861
AlternateDataStreams: C:\ProgramData\Temp:29EA7E22
AlternateDataStreams: C:\ProgramData\Temp:29F0CA7D
AlternateDataStreams: C:\ProgramData\Temp:2A874675
AlternateDataStreams: C:\ProgramData\Temp:2ADF9928
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2B40A7DB
AlternateDataStreams: C:\ProgramData\Temp:2B5C4773
AlternateDataStreams: C:\ProgramData\Temp:2BFBA0B7
AlternateDataStreams: C:\ProgramData\Temp:2C399CCA
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2CDB9CA3
AlternateDataStreams: C:\ProgramData\Temp:2E3F04BC
AlternateDataStreams: C:\ProgramData\Temp:2EB79F01
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:2F1D743F
AlternateDataStreams: C:\ProgramData\Temp:2F474C84
AlternateDataStreams: C:\ProgramData\Temp:2F717FB3
AlternateDataStreams: C:\ProgramData\Temp:2F8138B7
AlternateDataStreams: C:\ProgramData\Temp:3086B95F
AlternateDataStreams: C:\ProgramData\Temp:31C9BA96
AlternateDataStreams: C:\ProgramData\Temp:31F2397C
AlternateDataStreams: C:\ProgramData\Temp:32289BE8
AlternateDataStreams: C:\ProgramData\Temp:32AE8659
AlternateDataStreams: C:\ProgramData\Temp:32D2A239
AlternateDataStreams: C:\ProgramData\Temp:32EA849C
AlternateDataStreams: C:\ProgramData\Temp:331B7520
AlternateDataStreams: C:\ProgramData\Temp:331B76C7
AlternateDataStreams: C:\ProgramData\Temp:3393A1CA
AlternateDataStreams: C:\ProgramData\Temp:349E5B74
AlternateDataStreams: C:\ProgramData\Temp:35E8E596
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:366EFA1A
AlternateDataStreams: C:\ProgramData\Temp:370E4EFB
AlternateDataStreams: C:\ProgramData\Temp:3766E957
AlternateDataStreams: C:\ProgramData\Temp:3815BC84
AlternateDataStreams: C:\ProgramData\Temp:384AA0FD
AlternateDataStreams: C:\ProgramData\Temp:393F7B1E
AlternateDataStreams: C:\ProgramData\Temp:3969ACF7
AlternateDataStreams: C:\ProgramData\Temp:398EFF0F
AlternateDataStreams: C:\ProgramData\Temp:39DC8D60
AlternateDataStreams: C:\ProgramData\Temp:3A133158
AlternateDataStreams: C:\ProgramData\Temp:3A4C8FE7
AlternateDataStreams: C:\ProgramData\Temp:3ABC38E6
AlternateDataStreams: C:\ProgramData\Temp:3B07E6F4
AlternateDataStreams: C:\ProgramData\Temp:3B454A5C
AlternateDataStreams: C:\ProgramData\Temp:3BAD65EA
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:3C4BD225
AlternateDataStreams: C:\ProgramData\Temp:3D36932D
AlternateDataStreams: C:\ProgramData\Temp:3D3F1635
AlternateDataStreams: C:\ProgramData\Temp:3D4B733E
AlternateDataStreams: C:\ProgramData\Temp:3D887DCC
AlternateDataStreams: C:\ProgramData\Temp:3D922890
AlternateDataStreams: C:\ProgramData\Temp:3DB6F365
AlternateDataStreams: C:\ProgramData\Temp:3E200C29
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:3F266659
AlternateDataStreams: C:\ProgramData\Temp:401CAF8F
AlternateDataStreams: C:\ProgramData\Temp:404908B5
AlternateDataStreams: C:\ProgramData\Temp:406E0034
AlternateDataStreams: C:\ProgramData\Temp:4157BB05
AlternateDataStreams: C:\ProgramData\Temp:417C2BC3
AlternateDataStreams: C:\ProgramData\Temp:41CB6858
AlternateDataStreams: C:\ProgramData\Temp:4244811A
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:4363DE71
AlternateDataStreams: C:\ProgramData\Temp:43AA121F
AlternateDataStreams: C:\ProgramData\Temp:43CBFAB2
AlternateDataStreams: C:\ProgramData\Temp:43E95997
AlternateDataStreams: C:\ProgramData\Temp:44712999
AlternateDataStreams: C:\ProgramData\Temp:45936E12
AlternateDataStreams: C:\ProgramData\Temp:45A64DE6
AlternateDataStreams: C:\ProgramData\Temp:46283136
AlternateDataStreams: C:\ProgramData\Temp:469B47D8
AlternateDataStreams: C:\ProgramData\Temp:471AD3D0
AlternateDataStreams: C:\ProgramData\Temp:474022C7
AlternateDataStreams: C:\ProgramData\Temp:4762F1D2
AlternateDataStreams: C:\ProgramData\Temp:483AC68A
AlternateDataStreams: C:\ProgramData\Temp:48897D41
AlternateDataStreams: C:\ProgramData\Temp:488F7244
AlternateDataStreams: C:\ProgramData\Temp:48977386
AlternateDataStreams: C:\ProgramData\Temp:489EA5E5
AlternateDataStreams: C:\ProgramData\Temp:490BCC52
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:49B217F7
AlternateDataStreams: C:\ProgramData\Temp:49EB0FDC
AlternateDataStreams: C:\ProgramData\Temp:4A8EB1C4
AlternateDataStreams: C:\ProgramData\Temp:4A906D4A
AlternateDataStreams: C:\ProgramData\Temp:4AC7B5C1
AlternateDataStreams: C:\ProgramData\Temp:4B244549
AlternateDataStreams: C:\ProgramData\Temp:4B7C28B1
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B
AlternateDataStreams: C:\ProgramData\Temp:4C465B13
AlternateDataStreams: C:\ProgramData\Temp:4C5C1DD3
AlternateDataStreams: C:\ProgramData\Temp:4CD3F344
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:4D46D04F
AlternateDataStreams: C:\ProgramData\Temp:4D551822
AlternateDataStreams: C:\ProgramData\Temp:4D8FCBEF
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:4E6B8D68
AlternateDataStreams: C:\ProgramData\Temp:4E79C4F8
AlternateDataStreams: C:\ProgramData\Temp:4EE95FE7
AlternateDataStreams: C:\ProgramData\Temp:4EF94CF3
AlternateDataStreams: C:\ProgramData\Temp:4EFA2FC7
AlternateDataStreams: C:\ProgramData\Temp:4F852702
AlternateDataStreams: C:\ProgramData\Temp:50636E35
AlternateDataStreams: C:\ProgramData\Temp:506698B2
AlternateDataStreams: C:\ProgramData\Temp:50868536
AlternateDataStreams: C:\ProgramData\Temp:5106F19A
AlternateDataStreams: C:\ProgramData\Temp:5133A494
AlternateDataStreams: C:\ProgramData\Temp:5164A01F
AlternateDataStreams: C:\ProgramData\Temp:517EFA90
AlternateDataStreams: C:\ProgramData\Temp:51E66512
AlternateDataStreams: C:\ProgramData\Temp:52641FBE
AlternateDataStreams: C:\ProgramData\Temp:52C24010
AlternateDataStreams: C:\ProgramData\Temp:53B8C5D2
AlternateDataStreams: C:\ProgramData\Temp:53BA2DF6
AlternateDataStreams: C:\ProgramData\Temp:53F09A92
AlternateDataStreams: C:\ProgramData\Temp:54403233
AlternateDataStreams: C:\ProgramData\Temp:5453E5AF
AlternateDataStreams: C:\ProgramData\Temp:553056F1
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:55F44B88
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:569CEE83
AlternateDataStreams: C:\ProgramData\Temp:56C66609
AlternateDataStreams: C:\ProgramData\Temp:56F368C9
AlternateDataStreams: C:\ProgramData\Temp:56FBA78D
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:58B3FE52
AlternateDataStreams: C:\ProgramData\Temp:59465B40
AlternateDataStreams: C:\ProgramData\Temp:59540531
AlternateDataStreams: C:\ProgramData\Temp:5A068EE1
AlternateDataStreams: C:\ProgramData\Temp:5A2E8BBF
AlternateDataStreams: C:\ProgramData\Temp:5A63CC20
AlternateDataStreams: C:\ProgramData\Temp:5A9F1AE5
AlternateDataStreams: C:\ProgramData\Temp:5ACE199E
AlternateDataStreams: C:\ProgramData\Temp:5B483FBC
AlternateDataStreams: C:\ProgramData\Temp:5C28E25F
AlternateDataStreams: C:\ProgramData\Temp:5C42F64A
AlternateDataStreams: C:\ProgramData\Temp:5C5F2761
AlternateDataStreams: C:\ProgramData\Temp:5C6EBC69
AlternateDataStreams: C:\ProgramData\Temp:5C717402
AlternateDataStreams: C:\ProgramData\Temp:5CBA5665
AlternateDataStreams: C:\ProgramData\Temp:5D10C56A
AlternateDataStreams: C:\ProgramData\Temp:5D351BC6
AlternateDataStreams: C:\ProgramData\Temp:5DB36C47
AlternateDataStreams: C:\ProgramData\Temp:5DB4FD98
AlternateDataStreams: C:\ProgramData\Temp:5E481579
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:5ECEFF17
AlternateDataStreams: C:\ProgramData\Temp:5EFEB6A1
AlternateDataStreams: C:\ProgramData\Temp:5F85EE30
AlternateDataStreams: C:\ProgramData\Temp:5F9C8A89
AlternateDataStreams: C:\ProgramData\Temp:5FA4CB99
AlternateDataStreams: C:\ProgramData\Temp:5FC043A8
AlternateDataStreams: C:\ProgramData\Temp:5FD26EF3
AlternateDataStreams: C:\ProgramData\Temp:607A99D7
AlternateDataStreams: C:\ProgramData\Temp:609CAC7C
AlternateDataStreams: C:\ProgramData\Temp:60E0AB2A
AlternateDataStreams: C:\ProgramData\Temp:611EAF9F
AlternateDataStreams: C:\ProgramData\Temp:612873B2
AlternateDataStreams: C:\ProgramData\Temp:614F17D3
AlternateDataStreams: C:\ProgramData\Temp:61AF2B29
AlternateDataStreams: C:\ProgramData\Temp:62AC0CCE
AlternateDataStreams: C:\ProgramData\Temp:62AF94A0
AlternateDataStreams: C:\ProgramData\Temp:6301CE40
AlternateDataStreams: C:\ProgramData\Temp:63210866
AlternateDataStreams: C:\ProgramData\Temp:63BA523E
AlternateDataStreams: C:\ProgramData\Temp:63C48B80
AlternateDataStreams: C:\ProgramData\Temp:63F8EC77
AlternateDataStreams: C:\ProgramData\Temp:641A21EA
AlternateDataStreams: C:\ProgramData\Temp:64E05835
AlternateDataStreams: C:\ProgramData\Temp:65484F45
AlternateDataStreams: C:\ProgramData\Temp:65C4D44A
AlternateDataStreams: C:\ProgramData\Temp:6684C48E
AlternateDataStreams: C:\ProgramData\Temp:669AB5E1
AlternateDataStreams: C:\ProgramData\Temp:66C764F5
AlternateDataStreams: C:\ProgramData\Temp:66F19688
AlternateDataStreams: C:\ProgramData\Temp:66F7E5A9
AlternateDataStreams: C:\ProgramData\Temp:674893F9
AlternateDataStreams: C:\ProgramData\Temp:67B6E7FA
AlternateDataStreams: C:\ProgramData\Temp:67BA17B9
AlternateDataStreams: C:\ProgramData\Temp:68A41423
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:69FD6BF0
AlternateDataStreams: C:\ProgramData\Temp:6A4DFD85
AlternateDataStreams: C:\ProgramData\Temp:6A6D4AF4
AlternateDataStreams: C:\ProgramData\Temp:6B3B5466
AlternateDataStreams: C:\ProgramData\Temp:6BEADDC0
AlternateDataStreams: C:\ProgramData\Temp:6D208D7A
AlternateDataStreams: C:\ProgramData\Temp:6D65CED0
AlternateDataStreams: C:\ProgramData\Temp:6DD124E2
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E2D80C8
AlternateDataStreams: C:\ProgramData\Temp:6E39144C
AlternateDataStreams: C:\ProgramData\Temp:6ED8B881
AlternateDataStreams: C:\ProgramData\Temp:6F0B6A5A
AlternateDataStreams: C:\ProgramData\Temp:6F39FFF1
AlternateDataStreams: C:\ProgramData\Temp:6FD36C4B
AlternateDataStreams: C:\ProgramData\Temp:702A7F20
AlternateDataStreams: C:\ProgramData\Temp:70BDB805
AlternateDataStreams: C:\ProgramData\Temp:70E897B5
AlternateDataStreams: C:\ProgramData\Temp:710768C7
AlternateDataStreams: C:\ProgramData\Temp:71112705
AlternateDataStreams: C:\ProgramData\Temp:71612023
AlternateDataStreams: C:\ProgramData\Temp:71AEFFEB
AlternateDataStreams: C:\ProgramData\Temp:72449E7D
AlternateDataStreams: C:\ProgramData\Temp:7254CF01
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A
AlternateDataStreams: C:\ProgramData\Temp:737160C1
AlternateDataStreams: C:\ProgramData\Temp:751D6870
AlternateDataStreams: C:\ProgramData\Temp:754E278B
AlternateDataStreams: C:\ProgramData\Temp:75A76CD8
AlternateDataStreams: C:\ProgramData\Temp:769BB147
AlternateDataStreams: C:\ProgramData\Temp:774A0E14
AlternateDataStreams: C:\ProgramData\Temp:77B64C59
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:795F6DEC
AlternateDataStreams: C:\ProgramData\Temp:79875988
AlternateDataStreams: C:\ProgramData\Temp:79A7F369
AlternateDataStreams: C:\ProgramData\Temp:7A632F57
AlternateDataStreams: C:\ProgramData\Temp:7ADB695A
AlternateDataStreams: C:\ProgramData\Temp:7B52659E
AlternateDataStreams: C:\ProgramData\Temp:7BB20DE8
AlternateDataStreams: C:\ProgramData\Temp:7BFAAE70
AlternateDataStreams: C:\ProgramData\Temp:7BFFC6A9
AlternateDataStreams: C:\ProgramData\Temp:7C27C41C
AlternateDataStreams: C:\ProgramData\Temp:7C3760E2
AlternateDataStreams: C:\ProgramData\Temp:7CEDF9F3
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7DC5D762
AlternateDataStreams: C:\ProgramData\Temp:7EB93F0E
AlternateDataStreams: C:\ProgramData\Temp:7F477B0D
AlternateDataStreams: C:\ProgramData\Temp:8075370B
AlternateDataStreams: C:\ProgramData\Temp:80B291A7
AlternateDataStreams: C:\ProgramData\Temp:81653DC8
AlternateDataStreams: C:\ProgramData\Temp:8204AA35
AlternateDataStreams: C:\ProgramData\Temp:823606DE
AlternateDataStreams: C:\ProgramData\Temp:8247A199
AlternateDataStreams: C:\ProgramData\Temp:82D85D00
AlternateDataStreams: C:\ProgramData\Temp:834DD57E
AlternateDataStreams: C:\ProgramData\Temp:83517407
AlternateDataStreams: C:\ProgramData\Temp:84C34762
AlternateDataStreams: C:\ProgramData\Temp:869C6B4A
AlternateDataStreams: C:\ProgramData\Temp:86A7B7DD
AlternateDataStreams: C:\ProgramData\Temp:871526BA
AlternateDataStreams: C:\ProgramData\Temp:87731E5E
AlternateDataStreams: C:\ProgramData\Temp:8836A712
AlternateDataStreams: C:\ProgramData\Temp:8855A119
AlternateDataStreams: C:\ProgramData\Temp:88FB7F72
AlternateDataStreams: C:\ProgramData\Temp:895A78C5
AlternateDataStreams: C:\ProgramData\Temp:896E1EFF
AlternateDataStreams: C:\ProgramData\Temp:896FF808
AlternateDataStreams: C:\ProgramData\Temp:8A0EFC75
AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
AlternateDataStreams: C:\ProgramData\Temp:8AE92FD3
AlternateDataStreams: C:\ProgramData\Temp:8AED9359
AlternateDataStreams: C:\ProgramData\Temp:8B076EC5
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8B79243A
AlternateDataStreams: C:\ProgramData\Temp:8C81B36D
AlternateDataStreams: C:\ProgramData\Temp:8C84E358
AlternateDataStreams: C:\ProgramData\Temp:8CCDAB14
AlternateDataStreams: C:\ProgramData\Temp:8D565A9B
AlternateDataStreams: C:\ProgramData\Temp:8DD20B4A
AlternateDataStreams: C:\ProgramData\Temp:8E11CC80
AlternateDataStreams: C:\ProgramData\Temp:8F1B55BE
AlternateDataStreams: C:\ProgramData\Temp:902C848D
AlternateDataStreams: C:\ProgramData\Temp:905BCB57
AlternateDataStreams: C:\ProgramData\Temp:908A1B53
AlternateDataStreams: C:\ProgramData\Temp:90BDAE7B
AlternateDataStreams: C:\ProgramData\Temp:90C320E1
AlternateDataStreams: C:\ProgramData\Temp:9195103F
AlternateDataStreams: C:\ProgramData\Temp:91A12471
AlternateDataStreams: C:\ProgramData\Temp:91DEEE71
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB
AlternateDataStreams: C:\ProgramData\Temp:9254F782
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:92BD9737
AlternateDataStreams: C:\ProgramData\Temp:92CA7E75
AlternateDataStreams: C:\ProgramData\Temp:92D35C13
AlternateDataStreams: C:\ProgramData\Temp:9338F136
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:943971F5
AlternateDataStreams: C:\ProgramData\Temp:943E8182
AlternateDataStreams: C:\ProgramData\Temp:94B46CA2
AlternateDataStreams: C:\ProgramData\Temp:94F67F32
AlternateDataStreams: C:\ProgramData\Temp:95079543
AlternateDataStreams: C:\ProgramData\Temp:9510DF8F
AlternateDataStreams: C:\ProgramData\Temp:9524D821
AlternateDataStreams: C:\ProgramData\Temp:9547F1DB
AlternateDataStreams: C:\ProgramData\Temp:9603033A
AlternateDataStreams: C:\ProgramData\Temp:969C0C96
AlternateDataStreams: C:\ProgramData\Temp:96AFAB10
AlternateDataStreams: C:\ProgramData\Temp:9720EBEF
AlternateDataStreams: C:\ProgramData\Temp:97995ED4
AlternateDataStreams: C:\ProgramData\Temp:97AAB7F2
AlternateDataStreams: C:\ProgramData\Temp:97BDBF49
AlternateDataStreams: C:\ProgramData\Temp:9812B773
AlternateDataStreams: C:\ProgramData\Temp:9836B5E4
AlternateDataStreams: C:\ProgramData\Temp:98AE08EA
AlternateDataStreams: C:\ProgramData\Temp:98CD9221
AlternateDataStreams: C:\ProgramData\Temp:98DFF516
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:9968F0E2
AlternateDataStreams: C:\ProgramData\Temp:99C301D0
AlternateDataStreams: C:\ProgramData\Temp:9A88B65D
AlternateDataStreams: C:\ProgramData\Temp:9B2BD056
AlternateDataStreams: C:\ProgramData\Temp:9BAC4211
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675
AlternateDataStreams: C:\ProgramData\Temp:9C3AAD57
AlternateDataStreams: C:\ProgramData\Temp:9C5EEE30
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9CD7CD43
AlternateDataStreams: C:\ProgramData\Temp:9E05DEB0
AlternateDataStreams: C:\ProgramData\Temp:9E410D29
AlternateDataStreams: C:\ProgramData\Temp:9E5EA7A3
AlternateDataStreams: C:\ProgramData\Temp:9EDA68BD
AlternateDataStreams: C:\ProgramData\Temp:9F3CEEE6
AlternateDataStreams: C:\ProgramData\Temp:9FCF32A8
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A1023D41
AlternateDataStreams: C:\ProgramData\Temp:A10E88DE
AlternateDataStreams: C:\ProgramData\Temp:A13B696A
AlternateDataStreams: C:\ProgramData\Temp:A19DFC74
AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0
AlternateDataStreams: C:\ProgramData\Temp:A1FD5369
AlternateDataStreams: C:\ProgramData\Temp:A2FF94DF
AlternateDataStreams: C:\ProgramData\Temp:A391510C
AlternateDataStreams: C:\ProgramData\Temp:A42FABF7
AlternateDataStreams: C:\ProgramData\Temp:A5584049
AlternateDataStreams: C:\ProgramData\Temp:A58B27C9
AlternateDataStreams: C:\ProgramData\Temp:A594A11A
AlternateDataStreams: C:\ProgramData\Temp:A60D0FA6
AlternateDataStreams: C:\ProgramData\Temp:A6345BDA
AlternateDataStreams: C:\ProgramData\Temp:A6D6E537
AlternateDataStreams: C:\ProgramData\Temp:A6D89509
AlternateDataStreams: C:\ProgramData\Temp:A6F30843
AlternateDataStreams: C:\ProgramData\Temp:A6FE7BCC
AlternateDataStreams: C:\ProgramData\Temp:A76A1B1B
AlternateDataStreams: C:\ProgramData\Temp:A78B31DD
AlternateDataStreams: C:\ProgramData\Temp:A7C40691
AlternateDataStreams: C:\ProgramData\Temp:A8185163
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A81A3C86
AlternateDataStreams: C:\ProgramData\Temp:A8369371
AlternateDataStreams: C:\ProgramData\Temp:A88BE334
AlternateDataStreams: C:\ProgramData\Temp:A8ADEA55
AlternateDataStreams: C:\ProgramData\Temp:A8DFD30C
AlternateDataStreams: C:\ProgramData\Temp:A900C3A3
AlternateDataStreams: C:\ProgramData\Temp:A9056F42
AlternateDataStreams: C:\ProgramData\Temp:A9223B61
AlternateDataStreams: C:\ProgramData\Temp:A9562832
AlternateDataStreams: C:\ProgramData\Temp:A9EBEE99
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AA004D25
AlternateDataStreams: C:\ProgramData\Temp:AA0BC725
AlternateDataStreams: C:\ProgramData\Temp:AA60673F
AlternateDataStreams: C:\ProgramData\Temp:AABCC5A7
AlternateDataStreams: C:\ProgramData\Temp:AABECEFB
AlternateDataStreams: C:\ProgramData\Temp:AB0A5A80
AlternateDataStreams: C:\ProgramData\Temp:ABBFFEA2
AlternateDataStreams: C:\ProgramData\Temp:AC9F291E
AlternateDataStreams: C:\ProgramData\Temp:ACB38255
AlternateDataStreams: C:\ProgramData\Temp:AD020DC3
AlternateDataStreams: C:\ProgramData\Temp:AD2DB2F9
AlternateDataStreams: C:\ProgramData\Temp:AE324BE5
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AEC59117
AlternateDataStreams: C:\ProgramData\Temp:AF465248
AlternateDataStreams: C:\ProgramData\Temp:B01EC114
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B097AC8A
AlternateDataStreams: C:\ProgramData\Temp:B0A727D1
AlternateDataStreams: C:\ProgramData\Temp:B0EA26E5
AlternateDataStreams: C:\ProgramData\Temp:B1381B34
AlternateDataStreams: C:\ProgramData\Temp:B139DDF3
AlternateDataStreams: C:\ProgramData\Temp:B1786630
AlternateDataStreams: C:\ProgramData\Temp:B21F2857
AlternateDataStreams: C:\ProgramData\Temp:B33464A5
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE
AlternateDataStreams: C:\ProgramData\Temp:B3942462
AlternateDataStreams: C:\ProgramData\Temp:B3A5945E
AlternateDataStreams: C:\ProgramData\Temp:B4258C5D
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
AlternateDataStreams: C:\ProgramData\Temp:B5FD4AA1
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B6285236
AlternateDataStreams: C:\ProgramData\Temp:B6D84F71
AlternateDataStreams: C:\ProgramData\Temp:B722BCE5
AlternateDataStreams: C:\ProgramData\Temp:B8408597
AlternateDataStreams: C:\ProgramData\Temp:B845F669
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BAC2F271
AlternateDataStreams: C:\ProgramData\Temp:BACC4A79
AlternateDataStreams: C:\ProgramData\Temp:BACD3198
AlternateDataStreams: C:\ProgramData\Temp:BB0F4AA4
AlternateDataStreams: C:\ProgramData\Temp:BBC9C1EB
AlternateDataStreams: C:\ProgramData\Temp:BCF55336
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5
AlternateDataStreams: C:\ProgramData\Temp:BD50071F
AlternateDataStreams: C:\ProgramData\Temp:BD7D604C
AlternateDataStreams: C:\ProgramData\Temp:BD932D90
AlternateDataStreams: C:\ProgramData\Temp:BDF08FAF
AlternateDataStreams: C:\ProgramData\Temp:BE6B5FC3
AlternateDataStreams: C:\ProgramData\Temp:BEACE4C8
AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B
AlternateDataStreams: C:\ProgramData\Temp:BF6A2C54
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:BF6C81B2
AlternateDataStreams: C:\ProgramData\Temp:C00C7190
AlternateDataStreams: C:\ProgramData\Temp:C0BCE04B
AlternateDataStreams: C:\ProgramData\Temp:C178954A
AlternateDataStreams: C:\ProgramData\Temp:C26A6AB3
AlternateDataStreams: C:\ProgramData\Temp:C368C9EA
AlternateDataStreams: C:\ProgramData\Temp:C370B84F
AlternateDataStreams: C:\ProgramData\Temp:C37283B5
AlternateDataStreams: C:\ProgramData\Temp:C3899C0B
AlternateDataStreams: C:\ProgramData\Temp:C3A047E3
AlternateDataStreams: C:\ProgramData\Temp:C3AD9507
AlternateDataStreams: C:\ProgramData\Temp:C3E7F2E9
AlternateDataStreams: C:\ProgramData\Temp:C43C957E
AlternateDataStreams: C:\ProgramData\Temp:C48905F4
AlternateDataStreams: C:\ProgramData\Temp:C48A983C
AlternateDataStreams: C:\ProgramData\Temp:C55217E2
AlternateDataStreams: C:\ProgramData\Temp:C5A156B6
AlternateDataStreams: C:\ProgramData\Temp:C6104C4F
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8
AlternateDataStreams: C:\ProgramData\Temp:C6920A5D
AlternateDataStreams: C:\ProgramData\Temp:C72A744C
AlternateDataStreams: C:\ProgramData\Temp:C76D8487
AlternateDataStreams: C:\ProgramData\Temp:C82CA1C0
AlternateDataStreams: C:\ProgramData\Temp:C8E3A625
AlternateDataStreams: C:\ProgramData\Temp:C900B47A
AlternateDataStreams: C:\ProgramData\Temp:C98828D3
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:CA8D6B60
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CAE3AE67
AlternateDataStreams: C:\ProgramData\Temp:CB08ED9D
AlternateDataStreams: C:\ProgramData\Temp:CB5AA1E6
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
AlternateDataStreams: C:\ProgramData\Temp:CCD8056E
AlternateDataStreams: C:\ProgramData\Temp:CE3AADB7
AlternateDataStreams: C:\ProgramData\Temp:CE506F23
AlternateDataStreams: C:\ProgramData\Temp:CE6885F1
AlternateDataStreams: C:\ProgramData\Temp:CF8AEC6E
AlternateDataStreams: C:\ProgramData\Temp:CFF6B3FF
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D026A5A4
AlternateDataStreams: C:\ProgramData\Temp:D086B88D
AlternateDataStreams: C:\ProgramData\Temp:D0D17155
AlternateDataStreams: C:\ProgramData\Temp:D103E81E
AlternateDataStreams: C:\ProgramData\Temp:D1FE35E7
AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
AlternateDataStreams: C:\ProgramData\Temp:D3A82449
AlternateDataStreams: C:\ProgramData\Temp:D4558A0B
AlternateDataStreams: C:\ProgramData\Temp:D47B19A6
AlternateDataStreams: C:\ProgramData\Temp:D4E62FA9
AlternateDataStreams: C:\ProgramData\Temp:D4F5419A
AlternateDataStreams: C:\ProgramData\Temp:D576A536
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D5D75FF0
AlternateDataStreams: C:\ProgramData\Temp:D5E3E8C4
AlternateDataStreams: C:\ProgramData\Temp:D621CFB8
AlternateDataStreams: C:\ProgramData\Temp:D64DD961
AlternateDataStreams: C:\ProgramData\Temp:D6A43EB0
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D708EEF9
AlternateDataStreams: C:\ProgramData\Temp:D7D0B4AF
AlternateDataStreams: C:\ProgramData\Temp:D8DB81DC
AlternateDataStreams: C:\ProgramData\Temp:D92A5893
AlternateDataStreams: C:\ProgramData\Temp:D9656460
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:D999FFD5
AlternateDataStreams: C:\ProgramData\Temp:DA55B48C
AlternateDataStreams: C:\ProgramData\Temp:DB2748F7
AlternateDataStreams: C:\ProgramData\Temp:DBEF355E
AlternateDataStreams: C:\ProgramData\Temp:DC7EDF41
AlternateDataStreams: C:\ProgramData\Temp:DC8E5CD4
AlternateDataStreams: C:\ProgramData\Temp:DC9915D2
AlternateDataStreams: C:\ProgramData\Temp:DD04902E
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9
AlternateDataStreams: C:\ProgramData\Temp:DDEB08FD
AlternateDataStreams: C:\ProgramData\Temp:DDF112BD
AlternateDataStreams: C:\ProgramData\Temp:DE875C30
AlternateDataStreams: C:\ProgramData\Temp:DF5ABA3D
AlternateDataStreams: C:\ProgramData\Temp:DFFB9E98
AlternateDataStreams: C:\ProgramData\Temp:E11D90D0
AlternateDataStreams: C:\ProgramData\Temp:E1520A02
AlternateDataStreams: C:\ProgramData\Temp:E1D06077
AlternateDataStreams: C:\ProgramData\Temp:E1D818F7
AlternateDataStreams: C:\ProgramData\Temp:E21433CE
AlternateDataStreams: C:\ProgramData\Temp:E265ED33
AlternateDataStreams: C:\ProgramData\Temp:E31EDFDE
AlternateDataStreams: C:\ProgramData\Temp:E3615992
AlternateDataStreams: C:\ProgramData\Temp:E446CB48
AlternateDataStreams: C:\ProgramData\Temp:E4E83517
AlternateDataStreams: C:\ProgramData\Temp:E4EE99EF
AlternateDataStreams: C:\ProgramData\Temp:E4FD113F
AlternateDataStreams: C:\ProgramData\Temp:E5496666
AlternateDataStreams: C:\ProgramData\Temp:E5AF754F
AlternateDataStreams: C:\ProgramData\Temp:E6708F08
AlternateDataStreams: C:\ProgramData\Temp:E690114B
AlternateDataStreams: C:\ProgramData\Temp:E69366D6
AlternateDataStreams: C:\ProgramData\Temp:E6B95E40
AlternateDataStreams: C:\ProgramData\Temp:E6BEADB7
AlternateDataStreams: C:\ProgramData\Temp:E7B4296D
AlternateDataStreams: C:\ProgramData\Temp:E80802C7
AlternateDataStreams: C:\ProgramData\Temp:E855BDCF
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E894A3ED
AlternateDataStreams: C:\ProgramData\Temp:E8AEB2BF
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:E91ADC66
AlternateDataStreams: C:\ProgramData\Temp:E94FA418
AlternateDataStreams: C:\ProgramData\Temp:E96A2658
AlternateDataStreams: C:\ProgramData\Temp:E9900C74
AlternateDataStreams: C:\ProgramData\Temp:E9C2F553
AlternateDataStreams: C:\ProgramData\Temp:EA2D3047
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:EA9D8B40
AlternateDataStreams: C:\ProgramData\Temp:EB5BDBB0
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:EBE194FC
AlternateDataStreams: C:\ProgramData\Temp:EBF0842B
AlternateDataStreams: C:\ProgramData\Temp:EC0279DC
AlternateDataStreams: C:\ProgramData\Temp:EC7C9796
AlternateDataStreams: C:\ProgramData\Temp:EC855C73
AlternateDataStreams: C:\ProgramData\Temp:ECF3C50F
AlternateDataStreams: C:\ProgramData\Temp:ED2D63E4
AlternateDataStreams: C:\ProgramData\Temp:ED51D3ED
AlternateDataStreams: C:\ProgramData\Temp:ED9B661E
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E
AlternateDataStreams: C:\ProgramData\Temp:EE2DD6CC
AlternateDataStreams: C:\ProgramData\Temp:EE69D7DF
AlternateDataStreams: C:\ProgramData\Temp:EE9B2879
AlternateDataStreams: C:\ProgramData\Temp:EEB25EAE
AlternateDataStreams: C:\ProgramData\Temp:EF0BD3A1
AlternateDataStreams: C:\ProgramData\Temp:EF0F3F33
AlternateDataStreams: C:\ProgramData\Temp:EF53A5CA
AlternateDataStreams: C:\ProgramData\Temp:EF794BCD
AlternateDataStreams: C:\ProgramData\Temp:F1174C93
AlternateDataStreams: C:\ProgramData\Temp:F1381B87
AlternateDataStreams: C:\ProgramData\Temp:F13867C6
AlternateDataStreams: C:\ProgramData\Temp:F176B6C6
AlternateDataStreams: C:\ProgramData\Temp:F1F936DF
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F2E878EB
AlternateDataStreams: C:\ProgramData\Temp:F2E92DCD
AlternateDataStreams: C:\ProgramData\Temp:F35AE645
AlternateDataStreams: C:\ProgramData\Temp:F4BF61E8
AlternateDataStreams: C:\ProgramData\Temp:F5B51004
AlternateDataStreams: C:\ProgramData\Temp:F5E8CAE0
AlternateDataStreams: C:\ProgramData\Temp:F610C203
AlternateDataStreams: C:\ProgramData\Temp:F66F0A25
AlternateDataStreams: C:\ProgramData\Temp:F67947AF
AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
AlternateDataStreams: C:\ProgramData\Temp:F68CB1A4
AlternateDataStreams: C:\ProgramData\Temp:F6DA3F39
AlternateDataStreams: C:\ProgramData\Temp:F7F4DC88
AlternateDataStreams: C:\ProgramData\Temp:F7FFE8AF
AlternateDataStreams: C:\ProgramData\Temp:F816645E
AlternateDataStreams: C:\ProgramData\Temp:F81E7082
AlternateDataStreams: C:\ProgramData\Temp:F83E8359
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5
AlternateDataStreams: C:\ProgramData\Temp:F8DE80DB
AlternateDataStreams: C:\ProgramData\Temp:F94DE3B1
AlternateDataStreams: C:\ProgramData\Temp:F986CC21
AlternateDataStreams: C:\ProgramData\Temp:F9F58B80
AlternateDataStreams: C:\ProgramData\Temp:FAB64002
AlternateDataStreams: C:\ProgramData\Temp:FB4262DE
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
AlternateDataStreams: C:\ProgramData\Temp:FC60E0F8
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A
AlternateDataStreams: C:\ProgramData\Temp:FCBEDCFD
AlternateDataStreams: C:\ProgramData\Temp:FD11E093
AlternateDataStreams: C:\ProgramData\Temp:FD6D11C9
AlternateDataStreams: C:\ProgramData\Temp:FD6DB82C
AlternateDataStreams: C:\ProgramData\Temp:FD7DCDA6
AlternateDataStreams: C:\ProgramData\Temp:FDDD8917
AlternateDataStreams: C:\ProgramData\Temp:FDEE14AC
AlternateDataStreams: C:\ProgramData\Temp:FECEF728
AlternateDataStreams: C:\ProgramData\Temp:FEE00EB9
AlternateDataStreams: C:\ProgramData\Temp:FFC3922F

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nadin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1892582679-3047668497-1527463922-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1892582679-3047668497-1527463922-1004 - Limited - Enabled)
Gast (S-1-5-21-1892582679-3047668497-1527463922-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1892582679-3047668497-1527463922-1002 - Limited - Enabled)
Nadin (S-1-5-21-1892582679-3047668497-1527463922-1000 - Administrator - Enabled) => C:\Users\Nadin

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2015 06:25:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/13/2015 06:25:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/13/2015 06:25:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/13/2015 06:25:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 06:19:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 06:19:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 06:19:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 06:19:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/11/2015 00:48:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 37.0.1.5570, Zeitstempel: 0x550cfa7f
Name des fehlerhaften Moduls: xul.dll, Version: 37.0.1.5570, Zeitstempel: 0x550d07d2
Ausnahmecode: 0x80000003
Fehleroffset: 0x007b0db5
ID des fehlerhaften Prozesses: 0xed8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (04/10/2015 07:21:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/13/2015 05:59:13 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 80.

Error: (04/13/2015 05:53:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 05:53:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 05:53:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 05:53:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/13/2015 05:53:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/13/2015 05:53:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Matrix Storage Event Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/13/2015 05:53:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Epson Scanner Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/13/2015 05:53:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/13/2015 05:53:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 52%
Total physical RAM: 4090.93 MB
Available physical RAM: 1953.2 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 5708.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.97 GB) (Free:284.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1BA21BA2)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Ich hoffe jetzt ist es richtig

Alt 14.04.2015, 19:59   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.04.2015, 21:53   #8
nadineo2403
 
Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



Code:
ATTFilter
ComboFix 15-04-14.01 - Nadin 14.04.2015  22:28:25.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.1975 [GMT 2:00]
ausgeführt von:: c:\users\Nadin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nadin\AppData\Local\.#
c:\users\Nadin\AppData\Roaming\Azhu
c:\users\Nadin\AppData\Roaming\Azhu\emsa.erd
c:\users\Nadin\AppData\Roaming\Ybixr
c:\users\Nadin\AppData\Roaming\Ybixr\ehakk.foy
c:\windows\msdownld.tmp
c:\windows\SysWow64\~GLH00c0.TMP
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-14 bis 2015-04-14  ))))))))))))))))))))))))))))))
.
.
2015-04-14 20:41 . 2015-04-14 20:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-14 12:07 . 2015-04-14 12:07	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{073ED839-1681-4810-B6C5-BACB56D3BCD5}\offreg.dll
2015-04-14 09:55 . 2015-03-14 10:02	12002392	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{073ED839-1681-4810-B6C5-BACB56D3BCD5}\mpengine.dll
2015-04-13 17:59 . 2015-04-13 18:01	--------	d-----w-	C:\FRST
2015-04-13 17:11 . 2015-04-13 17:12	--------	d-----w-	C:\AdwCleaner
2015-04-06 07:47 . 2015-04-06 07:47	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-04-06 07:47 . 2015-04-06 07:48	--------	d-s---w-	c:\windows\system32\GWX
2015-03-29 15:51 . 2015-03-29 16:24	--------	d-----w-	c:\users\Nadin\AppData\Local\gtk-2.0
2015-03-29 15:46 . 2015-03-29 15:46	--------	d-----w-	c:\users\Nadin\AppData\Local\fontconfig
2015-03-29 15:46 . 2015-03-29 16:42	--------	d-----w-	c:\users\Nadin\.gimp-2.8
2015-03-29 15:46 . 2015-03-29 15:46	--------	d-----w-	c:\users\Nadin\AppData\Local\gegl-0.2
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-11 07:38 . 2014-06-02 16:55	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-11 08:11 . 2011-09-17 07:07	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-06 05:56 . 2015-03-11 06:43	155576	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:56 . 2015-03-11 06:43	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:42 . 2015-03-11 06:43	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-11 06:43	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-11 06:43	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-11 06:43	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-11 06:43	341504	----a-w-	c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-11 06:43	28160	----a-w-	c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-11 06:43	314880	----a-w-	c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-11 06:43	309760	----a-w-	c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-11 06:43	728064	----a-w-	c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-11 06:43	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-11 06:43	22016	----a-w-	c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-11 06:43	31232	----a-w-	c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-11 06:43	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-11 06:43	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-11 06:43	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-11 06:43	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-11 06:43	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-11 06:43	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 06:43	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-11 06:43	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-11 06:43	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-11 06:43	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-11 06:43	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-11 06:43	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-11 06:43	50176	----a-w-	c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-11 06:43	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-11 06:43	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-11 06:43	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-11 06:43	686080	----a-w-	c:\windows\SysWow64\adtschema.dll
2015-02-26 03:25 . 2015-03-11 06:43	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 03:17 . 2010-12-19 12:28	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-24 03:15 . 2015-03-11 06:42	389800	----a-w-	c:\windows\system32\iedkcs32.dll
2015-02-21 01:16 . 2015-03-11 06:42	25021440	----a-w-	c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-11 06:42	92160	----a-w-	c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-11 06:44	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 06:44	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 06:44	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 06:44	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 06:44	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 06:44	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 06:44	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 06:44	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 06:44	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 06:44	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-11 06:42	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-11 06:42	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-11 06:42	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-11 06:42	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-11 06:42	584192	----a-w-	c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-11 06:42	2886144	----a-w-	c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-11 06:42	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-11 06:42	54784	----a-w-	c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-11 06:42	34304	----a-w-	c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-11 06:42	633856	----a-w-	c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-11 06:42	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-11 06:42	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-11 06:42	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-11 06:42	6035456	----a-w-	c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-11 06:42	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-11 06:42	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-11 06:42	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-11 06:42	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-11 06:42	503296	----a-w-	c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-11 06:42	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-11 06:42	199680	----a-w-	c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-11 06:42	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-11 06:42	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-11 06:42	316928	----a-w-	c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-11 06:42	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-11 06:42	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-11 06:42	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-11 06:42	801280	----a-w-	c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-11 06:42	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-11 06:42	2125824	----a-w-	c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-11 06:42	14398976	----a-w-	c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-11 06:42	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-11 06:42	4300288	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-11 06:42	2358784	----a-w-	c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-11 06:42	2052608	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-11 06:42	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-11 06:42	1548288	----a-w-	c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-11 06:42	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-11 06:42	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2015-02-17 15:04 . 2015-02-17 15:04	1202848	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-02-13 11:47 . 2015-02-13 11:47	4575232	----a-w-	c:\windows\SysWow64\GPhotos.scr
2015-02-13 05:22 . 2015-03-11 06:43	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-02-05 03:56 . 2012-10-14 17:59	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 03:56 . 2011-08-31 10:28	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 03:16 . 2015-03-11 06:41	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-02-04 03:16 . 2015-02-11 15:56	609280	----a-w-	c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 15:56	762368	----a-w-	c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 15:56	414720	----a-w-	c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 15:56	894976	----a-w-	c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 15:56	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 15:56	192000	----a-w-	c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 15:56	1098752	----a-w-	c:\windows\system32\aeinv.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
.
c:\users\Nadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 03:56]
.
2015-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31 18:30]
.
2015-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31 18:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-30 19:13	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-10-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = ?type=hppp
mDefault_Search_URL = web/?type=dspp&q={searchTerms}
mDefault_Page_URL = ?type=hppp
mStart Page = ?type=hppp
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = web/?type=dspp&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nadin\AppData\Roaming\Mozilla\Firefox\Profiles\ljye4qdy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Alamandi tray notifier - c:\program files (x86)\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe
Wow6432Node-HKCU-Run-Spiele Post - c:\program files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Hoolapp Android - c:\users\Nadin\AppData\Roaming\HOOLAP~1\Hoolapp.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\Nadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk - c:\users\Nadin\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe "--startup"
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-OneClickRoot - c:\users\Nadin\AppData\Local\Temp\uninst.exe
AddRemove-Windows Utils - c:\users\Nadin\AppData\Roaming\Windows Net Data\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-14  22:44:04
ComboFix-quarantined-files.txt  2015-04-14 20:44
.
Vor Suchlauf: 19 Verzeichnis(se), 318.800.117.760 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 318.895.951.872 Bytes frei
.
- - End Of File - - 819D76717866FB90E3913F800F51E6E4
5C616939100B85E558DA92B899A0FC36
         

Alt 15.04.2015, 14:17   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.04.2015, 16:39   #10
nadineo2403
 
Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.04.2015
Suchlauf-Zeit: 16:34:02
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.15.05
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Nadin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 368478
Verstrichene Zeit: 29 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 15/04/2015 um 17:20:25
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Nadin - NADIN-PC
# Gestarted von : C:\Users\Nadin\Desktop\AdwCleaner_4.201(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R3].txt - [819 Bytes] - [13/04/2015 19:11:21]
AdwCleaner[R4].txt - [878 Bytes] - [15/04/2015 17:18:23]
AdwCleaner[S3].txt - [799 Bytes] - [15/04/2015 17:20:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [857  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows 7 Home Premium x64
Ran by Nadin on 15.04.2015 at 17:28:32,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Nadin\AppData\Roaming\mozilla\firefox\profiles\ljye4qdy.default\prefs.js

user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, tugs);
user_pref(browser.search.searchengine.uid, WDCXWD5000BEVT-22A0RT0_WD-WX41A902566525665);
Emptied folder: C:\Users\Nadin\AppData\Roaming\mozilla\firefox\profiles\ljye4qdy.default\minidumps [352 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.04.2015 at 17:35:23,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 02
Ran by Nadin (administrator) on NADIN-PC on 15-04-2015 17:37:02
Running from C:\Users\Nadin\Desktop
Loaded Profiles: Nadin (Available profiles: Nadin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-10-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Nadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1892582679-3047668497-1527463922-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-30] (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nadin\AppData\Roaming\Mozilla\Firefox\Profiles\ljye4qdy.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter4\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1892582679-3047668497-1527463922-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nadin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-03-09] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Nadin\AppData\Roaming\Mozilla\Firefox\Profiles\ljye4qdy.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-11]
FF Extension: Adblock Plus - C:\Users\Nadin\AppData\Roaming\Mozilla\Firefox\Profiles\ljye4qdy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter4\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-30]
FF HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-11]

Chrome: 
=======
CHR Profile: C:\Users\Nadin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-15]
CHR Extension: (Google Wallet) - C:\Users\Nadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-30] (AVAST Software)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-30] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-30] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-04] () [File not signed]
U3 ake0zpvs; C:\Windows\System32\Drivers\ake0zpvs.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 17:37 - 2015-04-15 17:37 - 00016561 _____ () C:\Users\Nadin\Desktop\FRST.txt
2015-04-15 17:36 - 2015-04-15 17:36 - 00000000 ____D () C:\Users\Nadin\Desktop\FRST-OlderVersion
2015-04-15 17:35 - 2015-04-15 17:35 - 00001165 _____ () C:\Users\Nadin\Desktop\JRT.txt
2015-04-15 17:28 - 2015-04-15 17:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NADIN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-15 17:28 - 2015-04-15 17:28 - 00000000 ____D () C:\RegBackup
2015-04-15 17:19 - 2015-04-15 17:19 - 02687136 _____ (Thisisu) C:\Users\Nadin\Desktop\JRT.exe
2015-04-15 17:17 - 2015-04-15 17:17 - 02217984 _____ () C:\Users\Nadin\Desktop\AdwCleaner_4.201(1).exe
2015-04-15 16:33 - 2015-04-15 16:33 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-15 16:32 - 2015-04-15 16:32 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Nadin\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-14 22:44 - 2015-04-14 22:44 - 00022726 _____ () C:\ComboFix.txt
2015-04-14 22:25 - 2015-04-14 22:44 - 00000000 ____D () C:\Qoobox
2015-04-14 22:25 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-14 22:25 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-14 22:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-14 22:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-14 22:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-14 22:25 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-14 22:25 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-14 22:25 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-14 22:24 - 2015-04-14 22:42 - 00000000 ____D () C:\Windows\erdnt
2015-04-14 22:22 - 2015-04-14 22:22 - 05618457 ____R (Swearware) C:\Users\Nadin\Desktop\ComboFix.exe
2015-04-13 19:59 - 2015-04-15 17:37 - 00000000 ____D () C:\FRST
2015-04-13 19:59 - 2015-04-15 17:36 - 02097152 _____ (Farbar) C:\Users\Nadin\Desktop\FRST64.exe
2015-04-13 19:11 - 2015-04-15 17:20 - 00000000 ____D () C:\AdwCleaner
2015-04-13 17:47 - 2015-04-13 17:47 - 02217984 _____ () C:\Users\Nadin\Downloads\adwcleaner_4.201.exe
2015-04-06 09:47 - 2015-04-06 09:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 09:47 - 2015-04-06 09:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-01 21:58 - 2015-04-01 21:58 - 00374930 _____ () C:\Users\Nadin\Documents\hüttensee.wlmp
2015-03-29 19:54 - 2015-03-29 20:00 - 00000000 ___HD () C:\Users\Nadin\Downloads\.picasaoriginals
2015-03-29 19:51 - 2015-03-29 20:08 - 00000889 ____H () C:\Users\Nadin\Downloads\.picasa.ini
2015-03-29 18:40 - 2015-03-29 18:40 - 00001114 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-03-29 18:40 - 2015-03-29 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-03-29 18:39 - 2015-03-29 18:39 - 17385800 _____ (Google Inc.) C:\Users\Nadin\Downloads\picasa39-setup.exe
2015-03-29 18:20 - 2015-03-29 18:20 - 00003285 _____ () C:\Users\Nadin\AppData\Local\recently-used.xbel
2015-03-29 17:51 - 2015-03-29 18:24 - 00000000 ____D () C:\Users\Nadin\AppData\Local\gtk-2.0
2015-03-29 17:46 - 2015-03-29 18:42 - 00000000 ____D () C:\Users\Nadin\.gimp-2.8
2015-03-29 17:46 - 2015-03-29 17:46 - 00000000 ____D () C:\Users\Nadin\AppData\Local\gegl-0.2
2015-03-29 17:38 - 2015-03-29 17:39 - 91670064 _____ (The GIMP Team ) C:\Users\Nadin\Downloads\gimp-2.8.14-setup.exe
2015-03-26 10:32 - 2015-03-26 10:32 - 06006105 _____ () C:\Users\Nadin\Documents\Noa einschulung.odt
2015-03-23 13:15 - 2015-04-11 12:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 20:14 - 2015-03-22 20:14 - 02171392 _____ () C:\Users\Nadin\Downloads\adwcleaner_4.112.exe
2015-03-22 19:22 - 2015-03-22 19:22 - 00003148 _____ () C:\Windows\System32\Tasks\{A5678DA7-750B-4858-9AA0-D076CA18120C}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 17:36 - 2014-05-09 20:50 - 01134340 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 17:36 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 17:36 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 17:23 - 2014-07-30 21:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-15 17:22 - 2015-01-31 20:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 17:22 - 2014-12-27 14:09 - 00004751 _____ () C:\Windows\setupact.log
2015-04-15 17:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 17:21 - 2015-02-12 14:00 - 00011822 _____ () C:\Windows\PFRO.log
2015-04-15 17:15 - 2015-01-31 20:30 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 16:56 - 2012-10-14 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 16:34 - 2014-10-02 08:17 - 00000000 ____D () C:\Users\Nadin\Desktop\PC Reinigung
2015-04-15 16:33 - 2014-06-02 18:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 16:33 - 2014-06-02 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-15 16:33 - 2014-06-02 18:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-15 16:23 - 2012-10-14 19:59 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 16:23 - 2012-10-14 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 16:23 - 2011-08-31 12:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 08:18 - 2010-12-20 13:19 - 00000000 ____D () C:\Users\Nadin\AppData\Local\Adobe
2015-04-14 22:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-14 22:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-13 17:59 - 2010-10-13 13:03 - 00710150 _____ () C:\Windows\system32\perfh007.dat
2015-04-13 17:59 - 2010-10-13 13:03 - 00154554 _____ () C:\Windows\system32\perfc007.dat
2015-04-13 17:59 - 2009-07-14 07:13 - 01649556 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 12:49 - 2012-06-03 10:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-29 18:41 - 2010-12-19 14:04 - 00000000 ____D () C:\Users\Nadin\AppData\Local\Google
2015-03-29 18:40 - 2010-04-12 22:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-29 17:47 - 2010-12-19 13:56 - 00000000 ____D () C:\Users\Nadin
2015-03-22 20:23 - 2014-05-07 20:17 - 00000981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-22 20:23 - 2012-06-03 10:03 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-22 20:23 - 2010-12-19 13:57 - 00000999 _____ () C:\Users\Nadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-19 16:04 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-17 06:15 - 2014-06-02 18:46 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-06-02 18:46 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-06-02 18:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2012-08-22 17:47 - 2012-08-22 18:40 - 0009234 _____ () C:\Users\Nadin\AppData\Roaming\nadin.xml
2011-10-04 15:59 - 2011-10-04 15:59 - 0000239 _____ () C:\Users\Nadin\AppData\Roaming\prefsdb.dat
2012-08-22 17:43 - 2012-08-22 18:40 - 0001042 _____ () C:\Users\Nadin\AppData\Roaming\users.xml
2010-12-26 14:34 - 2010-12-26 14:34 - 0000000 _____ () C:\Users\Nadin\AppData\Roaming\wklnhst.dat
2014-01-20 16:52 - 2014-01-20 16:52 - 0009216 _____ () C:\Users\Nadin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-17 10:28 - 2011-04-17 10:28 - 0000093 _____ () C:\Users\Nadin\AppData\Local\fusioncache.dat
2015-03-29 18:20 - 2015-03-29 18:20 - 0003285 _____ () C:\Users\Nadin\AppData\Local\recently-used.xbel
2014-05-11 11:18 - 2014-05-11 11:18 - 0000085 ___SH () C:\ProgramData\.zreglib
2010-10-13 03:18 - 2010-10-13 03:22 - 0007832 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-04-12 22:39 - 2010-01-27 16:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-05-02 12:47 - 2014-07-04 10:10 - 0012177 _____ () C:\ProgramData\hpzinstall.log
2011-01-04 19:47 - 2011-01-04 19:48 - 0000091 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Nadin\AppData\Local\Temp\Quarantine.exe
C:\Users\Nadin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 14:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 16.04.2015, 06:44   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.04.2015, 17:29   #12
nadineo2403
 
Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5fe844a0dbad6147bb9b897673d25948
# engine=23411
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-16 01:51:58
# local_time=2015-04-16 03:51:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 9055116 22444829 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 179086 180822168 0 0
# scanned=300596
# found=9
# cleaned=0
# scan_time=11926
sh=028DEE0D52540D92F584D026DBBEC96DADB35124 ft=1 fh=ec7e467f7ccc8cb5 vn="Mehrere Bedrohungen" ac=I fn="C:\EGLTD\ART\SOC\Root\unlockroot23.exe"
sh=BB02BC1A631C7EBCC656CF0B665BBEC5E008F55A ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AA Trojaner" ac=I fn="C:\EGLTD\ART\SOC\Root\AIA500\GingerBreak-v1.20.apk"
sh=57AA9445E6AC6AEF1BE52D986F49B221895E80F7 ft=1 fh=ee3a66659eeaf711 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nadin\Downloads\CloneDVD - CHIP-Downloader.exe"
sh=E8D000EFAB2DA653D9704AA963D45D5686B06CBB ft=1 fh=43eca974f7c33eee vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nadin\Downloads\DivxToDVD - CHIP-Downloader.exe"
sh=ED6F4FDCBB0C23F53590DDEC76A095A4F57DD922 ft=1 fh=1fc893424eec58d7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nadin\Downloads\Free DVD Video Burner - CHIP-Downloader.exe"
sh=90E791232E76C8729BC78E72B77670DFCC74A022 ft=1 fh=36dbd735c0e0ed8c vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nadin\Downloads\ML_TrialLogoSmartz_CB-DL-Manager.exe"
sh=04F518C0D0EA2D5724D189E300C215F214E3343A ft=1 fh=71669897a8c47dd4 vn="Variante von Win32/InstallCore.SW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nadin\Downloads\OneLateNight_x86_CB-DL-Manager.exe"
sh=490DCAF6551C56E93AA0CE49C8E87666A3972BFE ft=1 fh=321ab6bb1077a693 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nadin\Downloads\Slender The Eight Pages - CHIP-Installer.exe"
sh=6DF9F3B72EA726A631DAAEBCAEE441A9FD9B4F33 ft=1 fh=19ccb4710d1fb18d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nadin\Downloads\Which - CHIP-Installer.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (37.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Nadin (administrator) on NADIN-PC on 16-04-2015 18:23:01
Running from C:\Users\Nadin\Desktop
Loaded Profiles: Nadin (Available profiles: Nadin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
( ) C:\Windows\System32\lxczcoms.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-10-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Nadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1892582679-3047668497-1527463922-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-30] (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nadin\AppData\Roaming\Mozilla\Firefox\Profiles\ljye4qdy.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter4\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1892582679-3047668497-1527463922-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nadin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-03-09] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Nadin\AppData\Roaming\Mozilla\Firefox\Profiles\ljye4qdy.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-11]
FF Extension: Adblock Plus - C:\Users\Nadin\AppData\Roaming\Mozilla\Firefox\Profiles\ljye4qdy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter4\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-30]
FF HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-11]

Chrome: 
=======
CHR Profile: C:\Users\Nadin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-15]
CHR Extension: (Google Wallet) - C:\Users\Nadin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-30] (AVAST Software)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-30] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-04] () [File not signed]
U3 ake0zpvs; C:\Windows\System32\Drivers\ake0zpvs.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 18:23 - 2015-04-16 18:23 - 00016930 _____ () C:\Users\Nadin\Desktop\FRST.txt
2015-04-16 17:10 - 2015-04-16 17:10 - 00852616 _____ () C:\Users\Nadin\Desktop\SecurityCheck.exe
2015-04-16 12:24 - 2015-04-16 12:24 - 02347384 _____ (ESET) C:\Users\Nadin\Desktop\esetsmartinstaller_deu.exe
2015-04-15 17:36 - 2015-04-16 18:22 - 00000000 ____D () C:\Users\Nadin\Desktop\FRST-OlderVersion
2015-04-15 17:35 - 2015-04-15 17:35 - 00001165 _____ () C:\Users\Nadin\Desktop\JRT.txt
2015-04-15 17:28 - 2015-04-15 17:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NADIN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-15 17:28 - 2015-04-15 17:28 - 00000000 ____D () C:\RegBackup
2015-04-15 17:19 - 2015-04-15 17:19 - 02687136 _____ (Thisisu) C:\Users\Nadin\Desktop\JRT.exe
2015-04-15 17:17 - 2015-04-15 17:17 - 02217984 _____ () C:\Users\Nadin\Desktop\AdwCleaner_4.201(1).exe
2015-04-15 16:33 - 2015-04-15 16:33 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-15 16:32 - 2015-04-15 16:32 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Nadin\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-14 22:44 - 2015-04-14 22:44 - 00022726 _____ () C:\ComboFix.txt
2015-04-14 22:25 - 2015-04-14 22:44 - 00000000 ____D () C:\Qoobox
2015-04-14 22:25 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-14 22:25 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-14 22:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-14 22:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-14 22:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-14 22:25 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-14 22:25 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-14 22:25 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-14 22:24 - 2015-04-14 22:42 - 00000000 ____D () C:\Windows\erdnt
2015-04-14 22:22 - 2015-04-14 22:22 - 05618457 ____R (Swearware) C:\Users\Nadin\Desktop\ComboFix.exe
2015-04-13 19:59 - 2015-04-16 18:23 - 00000000 ____D () C:\FRST
2015-04-13 19:59 - 2015-04-16 18:22 - 02097664 _____ (Farbar) C:\Users\Nadin\Desktop\FRST64.exe
2015-04-13 19:11 - 2015-04-15 17:20 - 00000000 ____D () C:\AdwCleaner
2015-04-13 17:47 - 2015-04-13 17:47 - 02217984 _____ () C:\Users\Nadin\Downloads\adwcleaner_4.201.exe
2015-04-06 09:47 - 2015-04-06 09:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 09:47 - 2015-04-06 09:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-01 21:58 - 2015-04-01 21:58 - 00374930 _____ () C:\Users\Nadin\Documents\hüttensee.wlmp
2015-03-29 19:54 - 2015-03-29 20:00 - 00000000 ___HD () C:\Users\Nadin\Downloads\.picasaoriginals
2015-03-29 19:51 - 2015-03-29 20:08 - 00000889 ____H () C:\Users\Nadin\Downloads\.picasa.ini
2015-03-29 18:40 - 2015-03-29 18:40 - 00001114 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-03-29 18:40 - 2015-03-29 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-03-29 18:39 - 2015-03-29 18:39 - 17385800 _____ (Google Inc.) C:\Users\Nadin\Downloads\picasa39-setup.exe
2015-03-29 18:20 - 2015-03-29 18:20 - 00003285 _____ () C:\Users\Nadin\AppData\Local\recently-used.xbel
2015-03-29 17:51 - 2015-03-29 18:24 - 00000000 ____D () C:\Users\Nadin\AppData\Local\gtk-2.0
2015-03-29 17:46 - 2015-03-29 18:42 - 00000000 ____D () C:\Users\Nadin\.gimp-2.8
2015-03-29 17:46 - 2015-03-29 17:46 - 00000000 ____D () C:\Users\Nadin\AppData\Local\gegl-0.2
2015-03-29 17:38 - 2015-03-29 17:39 - 91670064 _____ (The GIMP Team ) C:\Users\Nadin\Downloads\gimp-2.8.14-setup.exe
2015-03-26 10:32 - 2015-03-26 10:32 - 06006105 _____ () C:\Users\Nadin\Documents\Noa einschulung.odt
2015-03-23 13:15 - 2015-04-11 12:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 20:14 - 2015-03-22 20:14 - 02171392 _____ () C:\Users\Nadin\Downloads\adwcleaner_4.112.exe
2015-03-22 19:22 - 2015-03-22 19:22 - 00003148 _____ () C:\Windows\System32\Tasks\{A5678DA7-750B-4858-9AA0-D076CA18120C}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 18:23 - 2014-05-09 20:50 - 01175766 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 18:15 - 2015-01-31 20:30 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-16 17:56 - 2012-10-14 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-16 12:23 - 2010-10-13 13:03 - 00710150 _____ () C:\Windows\system32\perfh007.dat
2015-04-16 12:23 - 2010-10-13 13:03 - 00154554 _____ () C:\Windows\system32\perfc007.dat
2015-04-16 12:23 - 2009-07-14 07:13 - 01649556 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 12:16 - 2014-07-30 21:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-16 04:15 - 2015-01-31 20:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-16 03:59 - 2010-12-20 13:19 - 00000000 ____D () C:\Users\Nadin\AppData\Local\Adobe
2015-04-15 17:36 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 17:36 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 17:22 - 2014-12-27 14:09 - 00004751 _____ () C:\Windows\setupact.log
2015-04-15 17:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 17:21 - 2015-02-12 14:00 - 00011822 _____ () C:\Windows\PFRO.log
2015-04-15 16:34 - 2014-10-02 08:17 - 00000000 ____D () C:\Users\Nadin\Desktop\PC Reinigung
2015-04-15 16:33 - 2014-06-02 18:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 16:33 - 2014-06-02 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-15 16:33 - 2014-06-02 18:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-15 16:23 - 2012-10-14 19:59 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 16:23 - 2012-10-14 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 16:23 - 2011-08-31 12:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 22:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-14 22:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-11 12:49 - 2012-06-03 10:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-29 18:41 - 2010-12-19 14:04 - 00000000 ____D () C:\Users\Nadin\AppData\Local\Google
2015-03-29 18:40 - 2010-04-12 22:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-29 17:47 - 2010-12-19 13:56 - 00000000 ____D () C:\Users\Nadin
2015-03-22 20:23 - 2014-05-07 20:17 - 00000981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-22 20:23 - 2012-06-03 10:03 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-22 20:23 - 2010-12-19 13:57 - 00000999 _____ () C:\Users\Nadin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-19 16:04 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-17 06:15 - 2014-06-02 18:46 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-06-02 18:46 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-06-02 18:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2012-08-22 17:47 - 2012-08-22 18:40 - 0009234 _____ () C:\Users\Nadin\AppData\Roaming\nadin.xml
2011-10-04 15:59 - 2011-10-04 15:59 - 0000239 _____ () C:\Users\Nadin\AppData\Roaming\prefsdb.dat
2012-08-22 17:43 - 2012-08-22 18:40 - 0001042 _____ () C:\Users\Nadin\AppData\Roaming\users.xml
2010-12-26 14:34 - 2010-12-26 14:34 - 0000000 _____ () C:\Users\Nadin\AppData\Roaming\wklnhst.dat
2014-01-20 16:52 - 2014-01-20 16:52 - 0009216 _____ () C:\Users\Nadin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-17 10:28 - 2011-04-17 10:28 - 0000093 _____ () C:\Users\Nadin\AppData\Local\fusioncache.dat
2015-03-29 18:20 - 2015-03-29 18:20 - 0003285 _____ () C:\Users\Nadin\AppData\Local\recently-used.xbel
2014-05-11 11:18 - 2014-05-11 11:18 - 0000085 ___SH () C:\ProgramData\.zreglib
2010-10-13 03:18 - 2010-10-13 03:22 - 0007832 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-04-12 22:39 - 2010-01-27 16:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-05-02 12:47 - 2014-07-04 10:10 - 0012177 _____ () C:\ProgramData\hpzinstall.log
2011-01-04 19:47 - 2011-01-04 19:48 - 0000091 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Nadin\AppData\Local\Temp\Quarantine.exe
C:\Users\Nadin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 14:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Hey Schrauber. Also jetzt kommen im Moment keine Meldungen mehr . Ich hab nur das gemacht was du geschrieben hast, aber verstanden hab ich davon rein gar nichts. War denn da nun was drauf oder nicht ??? Im Moment ist jedenfalls alles schick . Läuft wieder super ausser mein Dvd laufwerk nicht. Aber da kannst du ja bestimmt nix sehen :-(. Wird bestimmt zu alt sein. LG Nadin

Alt 17.04.2015, 06:06   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



Ja, da war Malware drauf. Passwörter ändern ist Pflicht.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\EGLTD\ART\SOC\Root\unlockroot23.exe

C:\EGLTD\ART\SOC\Root\AIA500\GingerBreak-v1.20.apk

C:\Users\Nadin\Downloads\CloneDVD - CHIP-Downloader.exe

C:\Users\Nadin\Downloads\DivxToDVD - CHIP-Downloader.exe

C:\Users\Nadin\Downloads\Free DVD Video Burner - CHIP-Downloader.exe

C:\Users\Nadin\Downloads\ML_TrialLogoSmartz_CB-DL-Manager.exe

C:\Users\Nadin\Downloads\OneLateNight_x86_CB-DL-Manager.exe

C:\Users\Nadin\Downloads\Slender The Eight Pages - CHIP-Installer.exe

C:\Users\Nadin\Downloads\Which - CHIP-Installer.exe
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1892582679-3047668497-1527463922-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Unbedingt mal dein Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen


Hast DU mal den Treiber für das Laufwerk neu installiert?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.04.2015, 06:54   #14
nadineo2403
 
Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
Ran by Nadin at 2015-04-17 07:46:12 Run:2
Running from C:\Users\Nadin\Desktop
Loaded Profiles: Nadin (Available profiles: Nadin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\EGLTD\ART\SOC\Root\unlockroot23.exe

C:\EGLTD\ART\SOC\Root\AIA500\GingerBreak-v1.20.apk

C:\Users\Nadin\Downloads\CloneDVD - CHIP-Downloader.exe

C:\Users\Nadin\Downloads\DivxToDVD - CHIP-Downloader.exe

C:\Users\Nadin\Downloads\Free DVD Video Burner - CHIP-Downloader.exe

C:\Users\Nadin\Downloads\ML_TrialLogoSmartz_CB-DL-Manager.exe

C:\Users\Nadin\Downloads\OneLateNight_x86_CB-DL-Manager.exe

C:\Users\Nadin\Downloads\Slender The Eight Pages - CHIP-Installer.exe

C:\Users\Nadin\Downloads\Which - CHIP-Installer.exe
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1892582679-3047668497-1527463922-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = web/?type=dspp&q={searchTerms}
Emptytemp:
         
*****************

"C:\EGLTD\ART\SOC\Root\unlockroot23.exe" => File/Directory not found.
"C:\EGLTD\ART\SOC\Root\AIA500\GingerBreak-v1.20.apk" => File/Directory not found.
"C:\Users\Nadin\Downloads\CloneDVD - CHIP-Downloader.exe" => File/Directory not found.
"C:\Users\Nadin\Downloads\DivxToDVD - CHIP-Downloader.exe" => File/Directory not found.
"C:\Users\Nadin\Downloads\Free DVD Video Burner - CHIP-Downloader.exe" => File/Directory not found.
"C:\Users\Nadin\Downloads\ML_TrialLogoSmartz_CB-DL-Manager.exe" => File/Directory not found.
"C:\Users\Nadin\Downloads\OneLateNight_x86_CB-DL-Manager.exe" => File/Directory not found.
"C:\Users\Nadin\Downloads\Slender The Eight Pages - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Nadin\Downloads\Which - CHIP-Installer.exe" => File/Directory not found.
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. 
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-1892582679-3047668497-1527463922-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
EmptyTemp: => Removed 7.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 07:46:17 ====
         
Ja, Treiber habe ich schon versucht. Ist aber auch schon etwas her. Ab und zu funktioniert es ja aber nur selten. Wenn ich eine CD einlege, egal ob ein Spiel oder eine CD zum brennen. Er lädt und lädt und lädt. Entweder ich hab Glück und er startet oder es passiert gar nichts. Es hört sich dann immer so an als wenn er mehrmals versucht zu starten aber dann wieder aufhört. Vielleicht ist mein Gerät auch einfach zu alt. LG Nadin

Alt 17.04.2015, 19:38   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Mein Virenprogramm springt ständig an - Standard

Mein Virenprogramm springt ständig an



Dann hat das Laufwerk selbst nen Macken.



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Mein Virenprogramm springt ständig an
antimalware, avast, bildbearbeitung, blockieren, compu, hoffe, laptop, minute, minuten, nichts, picasa, programm, programme, programmen, regelmäßig, spring, springt, tagen, virenprogramm, virus, windows, überhaupt, zusätzliches




Ähnliche Themen: Mein Virenprogramm springt ständig an


  1. Explorer springt ständig einfach so auf Startseite (Google)
    Netzwerk und Hardware - 23.04.2014 (7)
  2. Explorer springt ständig einfach so auf Startseite (Google)
    Log-Analyse und Auswertung - 20.04.2014 (37)
  3. mein pc springt seit tagen immer wieder seiten zurück
    Plagegeister aller Art und deren Bekämpfung - 25.10.2013 (11)
  4. Verschlüsselungstrojaner und Webcam gehackt? Wie kann ich das verhindern bzw. wieso funktioniert mein Virenprogramm nicht richtig?
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (35)
  5. Mein Computer ist verseucht, aber kein Virenprogramm kann etwas finden
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (4)
  6. Mein Maus-Curser springt beim Schreiben willkürlich umher!
    Log-Analyse und Auswertung - 06.06.2012 (3)
  7. Mein PC piept und mein Virenprogramm findet Viren....
    Log-Analyse und Auswertung - 01.12.2011 (3)
  8. Standardbrowser öffnet sich ständig von alleine und springt immer auf die Startseite
    Log-Analyse und Auswertung - 14.12.2009 (1)
  9. Bitte um hielfe mein Virenprogramm spinnt
    Mülltonne - 21.10.2008 (0)
  10. Mein Rechner arbeitet ständig!
    Log-Analyse und Auswertung - 10.10.2007 (1)
  11. Mein Computer arbeitet ständig!
    Log-Analyse und Auswertung - 04.10.2007 (4)
  12. Mein LOG --> Pc stottert ständig!
    Log-Analyse und Auswertung - 14.06.2007 (2)
  13. HILFE, mein PC stürzt ständig ab!
    Log-Analyse und Auswertung - 03.04.2007 (2)
  14. Mein PC stürzt ständig ab ...
    Log-Analyse und Auswertung - 09.12.2006 (2)
  15. Mein PC startet ständig neu , Trojaner?!?
    Mülltonne - 12.08.2006 (1)
  16. Mein Rechner hängt ständig..
    Log-Analyse und Auswertung - 23.07.2004 (5)
  17. Teugt mein Virenprogramm etwas?
    Plagegeister aller Art und deren Bekämpfung - 04.06.2004 (7)

Zum Thema Mein Virenprogramm springt ständig an - Hallo. Ich bin überhaupt kein Computerexperte und hoffe doch sehr das ihr mir hier helfen könnt. Seit zwei Tagen springt Avast regelmäßig an und sagt er hätte xxxseite blockiert. Das - Mein Virenprogramm springt ständig an...
Archiv
Du betrachtest: Mein Virenprogramm springt ständig an auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.