Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   Webseiten laden sehr langsam bis gar nicht (https://www.trojaner-board.de/160575-webseiten-laden-sehr-langsam-gar.html)

tiffany1963 10.11.2014 13:23
Webseiten laden sehr langsam bis gar nicht
 
Hallo Experten,

seit ein paar Wochen tritt immer wieder das Problem auf, dass die Webseiten trotz stabiler Internetverbindung langsam bis gar nicht laden. Es ist jeden Tag aufs Neue Glückssache, ob der Seitenaufbau klappt oder nicht (d.h., es kam auch schon vor, dass es dann einen Tag lang wieder ging oder für ein paar Stunden)

Folgende Symptome kehren immer wieder:
- Seite nicht verfügbar
- Seiten reagieren nicht
- er ist tot Jim
- Oh nein
..... oder es lädt und lädt und lädt und es passiert nichts.

Folgende Maßnahmen habe ich bereits ergriffen:
- die Browserdaten lösche ich routinemäßig immer wieder
- %temp% ist auch geleert
- Kontakt zur Vodafone-Hotline mit dem Ergebnis (keine Verbindungsabbrüche)
- Intensivscan mit IOBIT Malwarefighter (hat ein paar Sachen gefunden, aber behoben).
- Chrome (ist mein Standardbrowser) deinstalliert und neu aufgesetzt.
- DNS-Cache bereinigt.
- scf/scannow: keine Probleme.

Mit Firefox und IE treten die gleichen Probleme auf.
Gehe ich allerdings mit dem Smartphone über meine Easybox ins Internet funktioniert alles prima.

Meine Daten:
Compaq Laptop
Windows 7
6000 DSL
Easybox 0B7D36

Ich hoffe, Ihr könnt mir helfen.

Ratlose Grüße

Tiffany1963

cosinus 10.11.2014 13:45
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

tiffany1963 10.11.2014 14:32
Logs
 
Hallo Cosinus,

wow so eine schnelle Antwort. Ich bin begeistert.

Habe in den letzten 7 Tagen keine Virenscans durchgeführt.

Hier die Logs:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by user (administrator) on USER-PC on 10-11-2014 14:21:01
Running from C:\Users\user\Downloads
Loaded Profile: user (Available profiles: user)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\meter3\NielsenNativeHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\user\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NielsenOnline] => C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2014-09-03] (The Nielsen Company)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1810496 2014-04-24] (1und1 Mail und Media GmbH)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4249131668-4266709875-3981103518-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-4249131668-4266709875-3981103518-1000\...\MountPoints2: {1cd400a0-dba3-11e2-ae3e-68a3c4dc0bd4} - E:\AutoRun.exe
HKU\S-1-5-21-4249131668-4266709875-3981103518-1000\...\MountPoints2: {1cd400b1-dba3-11e2-ae3e-3cd92b1aa61e} - E:\AutoRun.exe
HKU\S-1-5-21-4249131668-4266709875-3981103518-1000\...\MountPoints2: {354505a1-1f47-11e4-9539-3cd92b1aa61e} - E:\AutoRun.exe
HKU\S-1-5-21-4249131668-4266709875-3981103518-1000\...\MountPoints2: {85ebc59d-512e-11e4-94b3-3cd92b1aa61e} - E:\AutoRun.exe
HKU\S-1-5-21-4249131668-4266709875-3981103518-1000\...\MountPoints2: {f3eb7a41-04cb-11e4-b167-3cd92b1aa61e} - E:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-25] (Avira)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:53241;https=127.0.0.1:53241
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.online-doppelkopf.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE7BB920037B4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
HKU\S-1-5-21-4249131668-4266709875-3981103518-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {1E829948-B7BA-4F8D-913C-3768F5CA6267} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8ffa2a1b-2dd6-4664-aeb1-deca7fb525a7&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {1E829948-B7BA-4F8D-913C-3768F5CA6267} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8ffa2a1b-2dd6-4664-aeb1-deca7fb525a7&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {3A732CFF-0553-4894-9210-E7D1C8AC348D} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {59D4B146-D8FA-435F-8EEE-4F6431B26E83} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {6E4B0881-E464-45DB-98B0-B44FE376E9C0} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {AFF993C1-B509-4057-AD10-2A6CC55D533B} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {FAEAE76C-6B31-4F7A-BFCD-0CF18A0866A7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {d28c7e56-2cc6-415c-8727-d71334085926} -  No File
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} -  No File
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Hosts: 54.204.28.26        ajakpekbmnkgnjbpajgkdhimcbeoocam
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @MoneyMillionaire/npdf -> C:\ProgramData\Rabatt-Finder\FFExtension20140906003825\plugins\npdf.dll No File
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\abs@avira.com [2014-11-08]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\ascsurfingprotection@iobit.com [2014-09-06]
FF Extension: Protegere - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\security@protegere.org [2014-11-08]
FF Extension: Settings Manager - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\{C608E7CD-C8DE-C4BE-147D-CD78D3587F6F} [2014-05-26]
FF Extension: Iminent - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\firefoxmini@go.im.xpi [2014-08-07]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\netsight@nielsen.xpi [2014-11-10]
FF Extension: No Name - netsight@nielsen.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.online-doppelkopf.com/
CHR StartupUrls: Default -> "hxxp://www.online-doppelkopf.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Nielsen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amebgbgmoldiehbbbjcaoceilcfnniop [2014-11-07]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-29]
CHR Extension: (WEB.DE MailCheck) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-10-17] (IObit)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2932448 2014-09-03] (The Nielsen Company)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-10-04] (Realtek Semiconductor)
R2 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-16] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-16] (Advanced Micro Devices)
R3 AppObserver; C:\Program Files\NetRatingsNetSight\NetSight\meter3\appobserver.sys [14560 2014-09-03] (The Nielsen Company)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 camdrv41; C:\Windows\System32\DRIVERS\camdrv41.sys [1347584 2007-04-23] ()
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [44032 2009-12-07] (--)
R1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter3\nnfwdk.sys [23264 2014-09-03] (The Nielsen Company)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [270552 2014-10-04] (Realtek Semiconductor Corp.)
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [1004136 2011-01-05] (Realtek Semiconductor Corporation                          )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2591960 2014-10-04] (Realtek Semiconductor Corporation                          )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
R2 WinRing0_1_2_0; C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0.sys [14416 2012-10-27] (OpenLibSys.org)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw.sys [52928 2014-05-22] (StdLib)
S3 esgiguard; No ImagePath
S3 MBAMSwissArmy; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 14:19 - 2014-11-10 14:20 - 01107968 _____ (Farbar) C:\Users\user\Downloads\FRST (1).exe
2014-11-09 13:57 - 2014-11-09 14:24 - 171909728 _____ () C:\Users\user\Downloads\AIO_CDB_Full_Non-Network_deu_NB.exe
2014-11-09 01:10 - 2014-11-09 01:11 - 00158330 _____ () C:\Users\user\Desktop\Internet sehr langsam trotz 100 M_Bit - Seitenaufbau extrem langsam - DL aber schnell - ComputerBase Forum.htm
2014-11-09 00:53 - 2014-11-10 01:36 - 00001290 _____ () C:\Users\user\Desktop\DnsCache Bereinigung.txt
2014-11-09 00:52 - 2014-06-23 18:36 - 00000170 _____ () C:\Users\user\Desktop\Dnscache bereinigen.cmd
2014-11-09 00:37 - 2014-11-09 00:37 - 00013413 _____ () C:\Users\user\Desktop\JRT.txt
2014-11-08 23:45 - 2014-11-08 23:47 - 01706808 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2014-11-08 23:38 - 2014-11-08 23:41 - 00032568 _____ () C:\Users\user\Downloads\Addition.txt
2014-11-08 23:33 - 2014-11-10 14:21 - 00020639 _____ () C:\Users\user\Downloads\FRST.txt
2014-11-08 23:33 - 2014-11-10 14:21 - 00000000 ____D () C:\FRST
2014-11-08 23:32 - 2014-11-08 23:32 - 01107968 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2014-11-08 19:59 - 2014-11-08 19:59 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-08 19:59 - 2014-11-08 19:59 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-08 19:59 - 2014-11-08 19:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-08 19:59 - 2014-11-08 19:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-08 19:54 - 2014-11-08 19:55 - 00244328 _____ () C:\Users\user\Downloads\Firefox Setup Stub 33.0.3.exe
2014-11-07 16:25 - 2014-11-07 16:25 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-07 16:25 - 2014-11-07 16:25 - 00001128 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-07 16:25 - 2014-11-07 16:25 - 00000000 ____D () C:\Program Files\TeamViewer
2014-11-05 20:09 - 2014-11-05 20:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\TeamViewer
2014-11-05 20:06 - 2014-11-05 20:08 - 06626832 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de.exe
2014-11-05 01:52 - 2014-11-05 01:52 - 00135747 _____ () C:\Users\user\Documents\test.xps
2014-11-05 01:49 - 2014-11-05 01:49 - 00154926 _____ () C:\Users\user\Documents\CHECK Bäckerei Wimmer.xps
2014-11-04 23:53 - 2014-11-09 11:09 - 00327680 _____ () C:\Windows\system32\Ikeext.etl
2014-11-04 17:20 - 2014-11-09 11:10 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-02 11:41 - 2014-11-02 12:34 - 32809520 _____ (IObit ) C:\Users\user\Downloads\IObit-Malware-Fighter-Setup (1).exe
2014-10-28 05:19 - 2014-10-28 05:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\dlg
2014-10-28 05:01 - 2014-10-28 05:01 - 00664416 _____ () C:\Users\user\Downloads\TCPOptimizer (1).exe
2014-10-28 04:25 - 2014-10-28 04:30 - 00659456 _____ (Speed Guide Inc.) C:\Users\user\Downloads\TCPOptimizer.exe
2014-10-28 04:15 - 2014-10-28 04:15 - 00004974 _____ () C:\Users\user\Desktop\SG_Vista_TcpIp_patch.cmd
2014-10-27 19:15 - 2014-10-28 03:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
2014-10-27 19:15 - 2014-10-27 19:15 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck
2014-10-27 17:49 - 2014-10-27 17:49 - 00000399 _____ () C:\Users\user\Desktop\Wrar30b5 - Verknüpfung.lnk
2014-10-26 23:33 - 2014-11-05 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-26 23:32 - 2014-11-10 13:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 23:32 - 2014-11-09 23:44 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-25 22:40 - 2014-10-25 22:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2014-10-25 21:50 - 2014-10-25 21:50 - 00000959 _____ () C:\Windows\system32\Avira System Speedup.lnk
2014-10-25 21:46 - 2014-10-25 21:46 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-25 21:45 - 2014-10-25 21:45 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\user\Downloads\avira_de_av___ws2015.exe
2014-10-25 21:39 - 2014-10-25 21:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVG
2014-10-25 21:38 - 2014-11-09 01:20 - 00000000 ____D () C:\Program Files\AVG
2014-10-25 21:37 - 2014-10-25 21:37 - 00000000 ____D () C:\Users\user\AppData\Local\Avg
2014-10-25 21:36 - 2014-10-25 21:40 - 00000000 ____D () C:\ProgramData\AVG
2014-10-25 21:30 - 2014-10-25 21:36 - 90754872 _____ (AVG Technologies) C:\Users\user\Downloads\avg_tuht_stf_all_2015_185.exe
2014-10-22 18:52 - 2014-10-22 18:52 - 00003544 ____N () C:\bootsqm.dat
2014-10-22 16:11 - 2014-10-22 16:11 - 00000000 ____D () C:\Users\user\AppData\Roaming\TuneUp Software
2014-10-22 16:10 - 2014-10-25 21:24 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013
2014-10-22 16:08 - 2014-10-22 16:34 - 00000000 __SHD () C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2014-10-22 16:08 - 2014-10-22 16:18 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-22 16:05 - 2014-10-22 16:06 - 28181408 _____ (TuneUp Software) C:\Users\user\Downloads\TuneUpUtilities2013_de-DE.exe
2014-10-19 15:04 - 2014-10-19 15:04 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-19 15:04 - 2014-10-19 15:03 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-19 15:03 - 2014-10-28 03:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-19 15:03 - 2014-10-19 15:03 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-19 15:03 - 2014-10-19 15:03 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-19 15:03 - 2014-10-19 15:03 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-19 14:40 - 2014-10-28 03:37 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung
2014-10-19 14:40 - 2014-10-28 03:36 - 00000000 ____D () C:\ProgramData\1&1 Mail & Media GmbH
2014-10-19 14:40 - 2014-10-19 14:40 - 00002002 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
2014-10-19 14:40 - 2014-10-19 14:40 - 00001984 _____ () C:\Users\user\Desktop\Amazon.lnk
2014-10-19 14:40 - 2014-10-19 14:40 - 00001978 _____ () C:\Users\user\Desktop\WEB.DE.lnk
2014-10-19 14:40 - 2014-10-19 14:40 - 00000000 ____D () C:\ProgramData\UUdb
2014-10-17 09:26 - 2014-10-17 09:26 - 00001142 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-10-17 09:26 - 2014-10-17 09:26 - 00001118 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-10-15 00:53 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 00:53 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 00:53 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 00:53 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 00:53 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 00:53 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 00:53 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 00:53 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 00:53 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 00:53 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 00:53 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 00:53 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 00:53 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 00:53 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 00:53 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 00:52 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 00:52 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 00:52 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 00:52 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 00:52 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 00:52 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 00:52 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 00:52 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 00:52 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 00:52 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 00:52 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 00:52 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 00:52 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 00:52 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 00:52 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 00:52 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 00:52 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 00:52 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 00:52 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 00:52 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 00:51 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 00:51 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 00:51 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 00:51 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 00:51 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 00:51 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 00:51 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 00:51 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 00:51 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 00:51 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 00:51 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 00:51 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 00:51 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 00:50 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 00:49 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 00:49 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 00:49 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 00:49 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 00:49 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 00:49 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 00:49 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 00:49 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 00:49 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 00:49 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 00:49 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 00:49 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 00:49 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 00:49 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 00:49 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 00:49 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 00:49 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 00:49 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 00:49 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 00:49 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-13 09:39 - 2014-10-13 09:39 - 00002066 _____ () C:\Users\Public\Desktop\Mobile Connection Manager.lnk
2014-10-13 09:39 - 2010-11-04 10:51 - 00085248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2014-10-13 09:39 - 2010-10-09 07:48 - 00072576 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-10-13 09:39 - 2010-09-26 11:00 - 00051456 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2014-10-13 09:39 - 2010-09-26 11:00 - 00026496 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2014-10-13 09:39 - 2010-09-03 10:35 - 00168960 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2014-10-13 09:39 - 2010-08-31 11:09 - 00208896 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2014-10-13 09:39 - 2010-08-07 10:48 - 00106880 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-10-13 09:39 - 2010-05-10 07:18 - 00860928 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2014-10-13 09:39 - 2010-03-20 05:06 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-10-13 09:39 - 2010-01-18 11:48 - 00027136 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-10-13 09:38 - 2014-10-28 03:37 - 00000000 ____D () C:\Program Files\HUAWEI Modem Driver
2014-10-13 09:38 - 2010-07-27 02:52 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 13:59 - 2012-10-27 11:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 03:00 - 2012-10-27 09:08 - 01474424 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 23:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-09 17:13 - 2009-07-14 05:34 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 17:13 - 2009-07-14 05:34 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 15:23 - 2014-09-02 18:10 - 00000222 _____ () C:\Users\user\BullseyeCoverageError.txt
2014-11-09 11:11 - 2014-05-20 16:47 - 00000000 ___RD () C:\Users\user\Dropbox
2014-11-09 11:11 - 2014-05-20 16:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2014-11-09 11:09 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 10:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2014-11-08 23:53 - 2014-03-02 19:48 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2014-11-08 22:57 - 2014-07-14 16:01 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-08 20:00 - 2012-10-27 12:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2014-11-07 21:38 - 2012-10-27 10:11 - 00064024 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-07 21:37 - 2009-07-14 05:33 - 00286856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-07 16:14 - 2014-07-14 16:00 - 00002083 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-11-07 16:09 - 2014-07-14 16:13 - 39890944 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-11-07 16:09 - 2014-07-14 16:13 - 00278528 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-11-07 16:09 - 2014-07-14 16:13 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-11-07 16:09 - 2014-07-14 16:13 - 00024576 _____ () C:\Windows\system32\config\SAM.iobit
2014-11-06 12:53 - 2014-05-20 21:02 - 00000000 ____D () C:\Users\user\Downloads\freundschaft
2014-11-04 17:21 - 2010-11-20 22:01 - 01620440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 18:07 - 2014-03-13 00:57 - 00000000 ____D () C:\Users\user\Downloads\gute nacht
2014-11-02 18:04 - 2014-03-10 03:09 - 00000000 ____D () C:\Users\user\Downloads\kisses
2014-11-02 18:01 - 2014-03-10 02:23 - 00000000 ____D () C:\Users\user\Downloads\grüße und so
2014-11-02 17:58 - 2014-08-05 23:07 - 00000000 ____D () C:\Users\user\Downloads\MICHAS HANDY
2014-11-02 17:58 - 2014-04-07 23:23 - 00000000 ____D () C:\Users\user\Downloads\dies und das
2014-10-30 22:34 - 2014-07-14 16:13 - 30732288 _____ () C:\Windows\system32\config\components.iobit
2014-10-28 06:35 - 2014-01-24 22:22 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 03:37 - 2012-11-27 07:06 - 00000000 ____D () C:\Program Files\Avira
2014-10-28 03:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-28 03:36 - 2014-08-19 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-28 03:36 - 2014-08-08 08:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-28 03:36 - 2014-07-14 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-10-28 03:36 - 2014-07-14 16:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\ProductData
2014-10-28 03:36 - 2014-07-14 16:01 - 00000000 ____D () C:\ProgramData\IObit
2014-10-28 03:36 - 2014-07-14 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-10-28 03:36 - 2014-07-14 15:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\IObit
2014-10-28 03:36 - 2014-05-24 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-10-28 03:36 - 2014-05-07 06:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-28 03:36 - 2012-10-27 22:59 - 00000000 ____D () C:\ProgramData\DesktopIcons
2014-10-28 03:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-28 03:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-28 03:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-10-28 03:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-10-26 23:33 - 2012-12-22 16:41 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-10-26 23:32 - 2012-12-22 16:41 - 00000000 ____D () C:\Program Files\Google
2014-10-25 22:27 - 2013-01-02 16:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-10-25 22:13 - 2013-05-07 13:39 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-25 22:06 - 2014-10-01 02:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-25 21:58 - 2014-07-25 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-25 21:46 - 2012-11-27 07:06 - 00000000 ____D () C:\ProgramData\Avira
2014-10-24 10:01 - 2014-05-04 16:57 - 00000000 ____D () C:\Users\user\Downloads\schön, dass es d.g
2014-10-24 09:57 - 2014-03-28 18:38 - 00000000 ____D () C:\Users\user\Downloads\kuscheln
2014-10-24 09:55 - 2014-03-13 02:25 - 00000000 ____D () C:\Users\user\Downloads\hab dich lieb
2014-10-24 09:46 - 2014-03-09 18:37 - 00000000 ____D () C:\Users\user\Downloads\fb-pics
2014-10-24 09:45 - 2014-03-13 22:14 - 00000000 ____D () C:\Users\user\Downloads\denk an dich
2014-10-23 20:14 - 2012-10-27 09:30 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-10-22 18:53 - 2014-07-14 17:24 - 39890944 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-10-22 18:53 - 2014-07-14 17:24 - 00278528 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-10-22 18:53 - 2014-07-14 17:24 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-10-22 18:53 - 2014-07-14 17:24 - 00024576 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-10-19 15:04 - 2013-10-20 11:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 03:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-15 02:28 - 2013-08-16 21:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:10 - 2012-10-27 12:52 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 15:01 - 2013-01-16 01:06 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa9gw_w.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 11:16

==================== End Of Log ============================
--- --- ---



Wo finde ich die Addition.txt ?

Grüße

cosinus 10.11.2014 14:42
Zitat:
Running from C:\Users\user\Downloads
Bitte die Anleitungen richtig lesen.
Du sollst FRST wohin legen? ;)

tiffany1963 10.11.2014 15:07
Ich habe Dich jetzt zwar nicht verstanden, hab die Addition aber dennoch gefunden :crazy:

Frau halt ;-)

Hoffe das stimmt jetzt so:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-11-2014 01
Ran by user at 2014-11-08 23:38:08
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
ATI Catalyst Install Manager (HKLM\...\{13AD0436-E893-E726-0CBB-33FCF35A2F29}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AVG PC TuneUp 2015 (de-DE) (Version: 15.0.1001.185 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM\...\AVG PC TuneUp) (Version: 15.0.1001.185 - AVG Technologies)
AVG PC TuneUp 2015 (Version: 15.0.1001.185 - AVG Technologies) Hidden
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Avira System Speedup (HKLM\...\AviraSpeedup) (Version: 1.3.1.9970 - Avira System Speedup)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.5 - IObit)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HP Product Detection (HKLM\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HUAWEI DataCard Driver 4.20.12.00 (HKLM\...\HUAWEI DataCard Driver) (Version: 4.20.12.00 - Huawei technologies Co., Ltd.)
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.0.4.27 - IObit)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Connection Manager (HKLM\...\o2DE) (Version:  - Mobile Connection Manager)
Mozilla Firefox 33.0.3 (x86 de) (HKLM\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nielsen (HKLM\...\NetSight) (Version:  - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.10.0416 - REALTEK Semiconductor Corp.)
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 6.3.6 - Shark007)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

19-10-2014 14:00:30 Installed Java 7 Update 71
22-10-2014 15:08:56 TuneUp Utilities 2013 wird installiert
25-10-2014 20:17:05 avast! antivirus system restore point
25-10-2014 20:21:30 TuneUp Utilities 2013 wird entfernt
25-10-2014 20:24:21 TuneUp Utilities Language Pack (de-DE) wird entfernt
25-10-2014 20:37:24 AVG PC TuneUp 2015 wird installiert
25-10-2014 20:48:32 Avira System Speedup(1.3.1.9970)
27-10-2014 17:25:54 Wiederherstellungsvorgang
29-10-2014 13:36:51 Windows Update
04-11-2014 08:08:49 Windows Update
08-11-2014 02:41:53 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-02-20 22:22 - 00000871 ____N C:\Windows\system32\Drivers\etc\hosts
54.204.28.26        ajakpekbmnkgnjbpajgkdhimcbeoocam

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0152F822-BC49-47B1-9E0D-5F87B430E2AF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe [2014-10-17] (AVG Technologies)
Task: {0260C91F-8683-405A-A405-037FC820465E} - System32\Tasks\{BB394F92-76B1-40FF-9462-20A6EF69712A} => Chrome.exe
Task: {0507D07E-BA21-4792-B443-10E14AE6C871} - System32\Tasks\{AE4D836F-9F55-47CD-9D9E-73CC1E288991} => Chrome.exe
Task: {1828A629-104E-41BA-BDB9-08FF158047EE} - System32\Tasks\{AFF5E3E0-9586-44D8-B8BB-472FE885DC24} => Chrome.exe
Task: {2FB0E877-E429-4581-93AB-8D301A90373D} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-10-25] (Avira)
Task: {351D3829-E2E7-49CC-87D8-DA7C1B95ED1C} - System32\Tasks\{1A2679E7-8EDB-4A66-9143-52CB643A1814} => Chrome.exe
Task: {370F8FB5-F99A-44C1-8F65-5735678BC6BD} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
Task: {48335AE9-9BFB-4792-9B01-A7B6406BB56D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-10-17] (IObit)
Task: {4EBEBE78-8D97-4EDB-A1AD-E4AC470A574A} - System32\Tasks\ASC7_SkipUac_user => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {578FCE1C-F6E8-4D6B-8A0F-068CE08DA971} - System32\Tasks\Driver Booster SkipUAC (user) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {66FE8849-6F84-412A-9ABF-E917D55F7587} - System32\Tasks\{FFE226A5-6C6F-43F2-B8B9-68C83D5657F5} => Chrome.exe
Task: {7334FE3A-03C6-4A97-BA00-0DD237A81849} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2014-08-01] (IObit)
Task: {7705C3F1-B5CB-41E0-9F02-9B75A87D4C29} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-08-01] (IObit)
Task: {7F573940-6662-4855-8678-9DDBCA855401} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {8D3FD857-E505-4C71-8CC8-3CA054D6C3DB} - System32\Tasks\{3CB76F79-91BE-4A3C-BF3C-E1ED42D1DF1B} => Chrome.exe
Task: {9A41A18D-E192-4526-BA37-C31AC179D3AA} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {A12A9A6B-4D23-4E6A-9C24-A966DEE5E52C} - System32\Tasks\{0DF3F321-6F12-4D3A-920E-0958B9897D20} => Chrome.exe
Task: {A2AE1D1B-B82C-425F-A41B-7C59329B8801} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {A558DF8A-E1EF-45A7-868C-0B88A0000A4C} - System32\Tasks\{BBD55A86-D393-49FB-8116-EC6CDB9A618D} => Chrome.exe
Task: {AC580489-1042-4314-B30B-3A014CD8CFE4} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {ACE4DD08-3FC1-455C-B855-7A7B23021A37} - System32\Tasks\{8B8D346A-FF7A-414A-9C3C-27D824ADAE10} => Chrome.exe
Task: {B06285EE-1CF2-4E18-A632-8767E6D53834} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {BE489DF5-544E-45AC-949D-E6C577522B6D} - System32\Tasks\{75530986-2251-46D0-A046-47243D3EB8B6} => Chrome.exe
Task: {BE637763-2667-4F19-B276-D8EA33BE44F8} - System32\Tasks\Uninstaller_SkipUac_user => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-10-17] (IObit)
Task: {DF73BF65-479B-4476-B162-BFAAC9C5CC0F} - System32\Tasks\{878049BB-75E4-4FA1-ADA7-4B2CCBF2E5E0} => Chrome.exe
Task: {F25F1516-1D6A-4A1C-9D3D-7F95C4762821} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-02] (IObit)
Task: {F56DEC74-FE70-4176-8173-B0435230BA6B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-14 16:00 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 7\sqlite3.dll
2014-10-01 02:38 - 2014-09-03 12:56 - 00505344 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\communication.dll
2014-06-14 21:20 - 2014-09-03 13:01 - 00504832 _____ () C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
2011-07-05 10:26 - 2011-07-05 10:26 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-17 11:34 - 2014-10-17 11:34 - 00585528 _____ () C:\Program Files\AVG\AVG PC TuneUp\avgreplibx.dll
2014-10-17 11:34 - 2014-10-17 11:34 - 00708920 _____ () C:\Program Files\AVG\AVG PC TuneUp\tulngx.dll
2014-10-01 02:38 - 2014-09-03 12:57 - 00596480 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npchromeinstaller.dll
2014-10-01 02:38 - 2014-09-03 12:57 - 01247232 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npffaddons.dll
2014-10-01 02:38 - 2014-09-03 12:58 - 00851968 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npfirefoxprocessor.dll
2014-10-01 02:38 - 2014-09-03 12:56 - 00150528 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npsp1.dll
2014-10-01 02:38 - 2014-09-03 12:57 - 00228864 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npsurvey.dll
2014-10-01 02:38 - 2014-09-03 12:57 - 00224768 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npwmi.dll
2014-11-08 22:58 - 2014-11-08 22:58 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpznzgku.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-14 16:00 - 2014-02-13 15:44 - 01214240 _____ () C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
2014-07-14 16:00 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-07-14 16:00 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-07-14 16:00 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-07-14 16:25 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files\IObit\IObit Malware Fighter\madExcept_.bpl
2014-07-14 16:25 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files\IObit\IObit Malware Fighter\madBasic_.bpl
2014-07-14 16:25 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-07-14 16:25 - 2013-12-12 17:46 - 08001344 _____ () C:\Program Files\IObit\IObit Malware Fighter\WebUI.dll
2014-07-14 16:25 - 2013-05-16 18:26 - 00182080 _____ () C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
2014-07-14 16:25 - 2013-10-16 21:17 - 00185168 _____ () C:\Program Files\IObit\IObit Malware Fighter\libcurl-4.dll
2014-07-14 16:25 - 2013-05-16 18:26 - 00145216 _____ () C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
2014-11-08 19:59 - 2014-11-06 12:09 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-10-19 15:03 - 2014-10-19 15:03 - 00018856 _____ () C:\Program Files\Java\jre7\bin\jp2native.dll
2014-10-28 01:49 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 01:49 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: DivXUpdate =>
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-4249131668-4266709875-3981103518-500 - Administrator - Disabled)
Gast (S-1-5-21-4249131668-4266709875-3981103518-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4249131668-4266709875-3981103518-1005 - Limited - Enabled)
user (S-1-5-21-4249131668-4266709875-3981103518-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 10:56:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2014 01:10:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/07/2014 11:22:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 09:38:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 09:38:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1836) WebCacheLocal: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (11/07/2014 05:38:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17344, Zeitstempel: 0x541b6f63
Name des fehlerhaften Moduls: nphooks.dll, Version: 6.1.0.41, Zeitstempel: 0x5407567a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00022ec5
ID des fehlerhaften Prozesses: 0x2acc
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (11/06/2014 03:27:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/05/2014 11:19:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/05/2014 06:59:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 11:50:33 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={E0782950-CFB1-4FC5-8B61-8BEA25CFA347}: Der Benutzer "user-PC\user" hat eine Verbindung mit dem Namen "VPN-Verbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.


System errors:
=============
Error: (11/08/2014 11:08:40 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/08/2014 10:55:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (11/08/2014 10:53:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/08/2014 08:19:37 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/07/2014 11:22:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (11/07/2014 11:21:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (11/07/2014 11:15:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/07/2014 10:20:40 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/07/2014 09:58:31 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/07/2014 09:39:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.


Microsoft Office Sessions:
=========================
Error: (11/08/2014 10:56:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2014 01:10:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\IObit\driver booster\DpInst\x64\dpinst.exe

Error: (11/07/2014 11:22:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 09:38:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 09:38:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost1836WebCacheLocal: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)

Error: (11/07/2014 05:38:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17344541b6f63nphooks.dll6.1.0.415407567ac000000500022ec52acc01cffaa9301e5707C:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\NetRatingsNetSight\NetSight\meter3\nphooks.dll86731a4d-669c-11e4-bbfc-3cd92b1aa61e

Error: (11/06/2014 03:27:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\IObit\driver booster\DpInst\x64\dpinst.exe

Error: (11/05/2014 11:19:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\IObit\driver booster\DpInst\x64\dpinst.exe

Error: (11/05/2014 06:59:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 11:50:33 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {E0782950-CFB1-4FC5-8B61-8BEA25CFA347}user-PC\userVPN-Verbindung0


CodeIntegrity Errors:
===================================
  Date: 2012-11-23 13:58:36.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.364
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.349
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.333
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.333
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.271
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.271
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.239
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.208
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD C-50 Processor
Percentage of memory in use: 81%
Total physical RAM: 1642.9 MB
Available physical RAM: 305.4 MB
Total Pagefile: 5738.9 MB
Available Pagefile: 3646.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.38 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:465.66 GB) (Free:429.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 717D91F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 10.11.2014 15:13
Na, ganz einfach. Du hast FRST nach Downloads runtergeladen. Nach unseren Anleitungen muss FRST aber auf dem Desktop sein. Und andere Tools die wir hier verwenden auch, steht ja in der Anleitung. Entweder du lädst die Tools gleich auf den Desktop oder du verschiebst sie nach dem Download auf den Desktop.

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

tiffany1963 10.11.2014 16:00
Sorry wenn ich mich so dämlich anstelle .... habe alles nach Anleitung befolgt (hoffe ich zumindest :confused: )

ich finde die combofix.txt nicht :headbang:

Als combofix fertig war, tat sich auch nichts.
Ich habe den Laptop manuell neu gestartet.

cosinus 10.11.2014 16:09
Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

tiffany1963 10.11.2014 16:25
Ich finde auch in C: keine Combofix.txt

:confused::confused:

cosinus 10.11.2014 16:28
Hm, Combofix neu runterladen und nochmal ausführen bitte

tiffany1963 10.11.2014 17:39
Mea culpa .... es lag an mir. War zu ungeduldig.

In der Zwischenzeit hab ich auch noch schnell was eingekauft, deswegen hat es jetzt etwas länger gedauert.

Bitteschön:

Code:
ComboFix 14-11-10.02 - user 10.11.2014  17:03:00.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.1643.320 [GMT 1:00]
ausgeführt von:: c:\users\user\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.pol
c:\users\user\4.0
c:\users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-10-10 bis 2014-11-10  ))))))))))))))))))))))))))))))
.
.
2014-11-08 22:33 . 2014-11-10 13:24        --------        d-----w-        C:\FRST
2014-11-08 18:59 . 2014-11-08 18:59        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2014-11-08 02:47 . 2014-11-10 15:44        62576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6C90A60-2550-4979-AE26-79C84E6898E2}\offreg.dll
2014-11-08 02:43 . 2014-10-20 02:37        8901368        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6C90A60-2550-4979-AE26-79C84E6898E2}\mpengine.dll
2014-11-07 15:25 . 2014-11-07 15:25        --------        d-----w-        c:\program files\TeamViewer
2014-11-05 19:09 . 2014-11-05 19:09        --------        d-----w-        c:\users\user\AppData\Roaming\TeamViewer
2014-11-05 00:55 . 2009-07-14 01:15        90624        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2014-10-28 04:19 . 2014-10-28 04:19        --------        d-----w-        c:\users\user\AppData\Roaming\dlg
2014-10-27 18:15 . 2014-10-27 18:15        --------        d-----w-        c:\program files\WEB.DE MailCheck
2014-10-25 21:40 . 2014-10-25 21:40        --------        d-----w-        c:\users\user\AppData\Roaming\Avira
2014-10-25 20:39 . 2014-10-25 20:39        --------        d-----w-        c:\users\user\AppData\Roaming\AVG
2014-10-25 20:38 . 2014-11-09 00:20        --------        d-----w-        c:\program files\AVG
2014-10-25 20:37 . 2014-10-25 20:37        --------        d-----w-        c:\users\user\AppData\Local\Avg
2014-10-25 20:36 . 2014-10-25 20:40        --------        d-----w-        c:\programdata\AVG
2014-10-22 15:11 . 2014-10-22 15:11        --------        d-----w-        c:\users\user\AppData\Roaming\TuneUp Software
2014-10-22 15:10 . 2014-10-25 20:24        --------        d-----w-        c:\program files\TuneUp Utilities 2013
2014-10-22 15:08 . 2014-10-22 15:18        --------        d-----w-        c:\programdata\TuneUp Software
2014-10-22 15:08 . 2014-10-22 15:34        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2014-10-22 15:08 . 2014-10-22 15:08        --------        d--h--w-        c:\programdata\Common Files
2014-10-19 14:04 . 2014-10-19 14:04        --------        d-----w-        c:\program files\Common Files\Java
2014-10-19 14:03 . 2014-10-19 14:03        96680        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2014-10-19 13:40 . 2014-10-28 02:36        --------        d-----w-        c:\programdata\1&1 Mail & Media GmbH
2014-10-19 13:40 . 2014-10-28 02:36        --------        d-----w-        c:\programdata\1und1DesktopIconsInstaller
2014-10-19 13:40 . 2014-10-28 02:37        --------        d-----w-        c:\program files\1und1Softwareaktualisierung
2014-10-19 13:40 . 2014-10-19 13:40        --------        d-----w-        c:\programdata\UUdb
2014-10-14 23:52 . 2014-09-19 01:45        696832        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll
2014-10-14 23:51 . 2014-06-18 22:23        156824        ----a-w-        c:\windows\system32\mscorier.dll
2014-10-14 23:51 . 2014-06-18 22:23        1131664        ----a-w-        c:\windows\system32\dfshim.dll
2014-10-14 23:51 . 2014-06-18 22:23        81560        ----a-w-        c:\windows\system32\mscories.dll
2014-10-14 23:51 . 2014-08-29 01:44        2744320        ----a-w-        c:\windows\system32\rdpcorets.dll
2014-10-14 23:51 . 2014-09-05 01:52        5703168        ----a-w-        c:\windows\system32\mstscax.dll
2014-10-14 23:51 . 2014-07-17 01:40        157696        ----a-w-        c:\windows\system32\winsta.dll
2014-10-14 23:51 . 2014-07-17 01:39        523264        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-14 23:51 . 2014-07-17 01:39        130048        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2014-10-14 23:51 . 2014-07-17 01:39        304128        ----a-w-        c:\windows\system32\winlogon.exe
2014-10-14 23:51 . 2014-07-17 01:03        184320        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2014-10-14 23:51 . 2014-07-17 01:39        65536        ----a-w-        c:\windows\system32\TSpkg.dll
2014-10-14 23:51 . 2014-07-17 01:39        17408        ----a-w-        c:\windows\system32\credssp.dll
2014-10-14 23:51 . 2014-07-17 01:02        31232        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys
2014-10-14 23:50 . 2014-09-18 01:32        2363904        ----a-w-        c:\windows\system32\msi.dll
2014-10-13 08:39 . 2010-11-04 09:51        85248        ----a-w-        c:\windows\system32\drivers\ew_jucdcacm.sys
2014-10-13 08:39 . 2010-10-09 06:48        72576        ----a-w-        c:\windows\system32\drivers\ew_jubusenum.sys
2014-10-13 08:39 . 2010-09-26 10:00        51456        ----a-w-        c:\windows\system32\drivers\ew_jucdcecm.sys
2014-10-13 08:39 . 2010-09-26 10:00        26496        ----a-w-        c:\windows\system32\drivers\ew_juextctrl.sys
2014-10-13 08:39 . 2010-09-03 09:35        168960        ----a-w-        c:\windows\system32\drivers\ew_juwwanecm.sys
2014-10-13 08:39 . 2010-08-31 10:09        208896        ----a-w-        c:\windows\system32\drivers\ewusbnet.sys
2014-10-13 08:39 . 2010-08-07 09:48        106880        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys
2014-10-13 08:39 . 2010-05-10 06:18        860928        ----a-w-        c:\windows\system32\drivers\mod7700.sys
2014-10-13 08:39 . 2010-03-20 04:06        11136        ----a-w-        c:\windows\system32\drivers\ew_usbenumfilter.sys
2014-10-13 08:39 . 2010-01-18 10:48        27136        ----a-w-        c:\windows\system32\drivers\ewdcsc.sys
2014-10-13 08:38 . 2010-07-27 01:52        102784        ----a-w-        c:\windows\system32\drivers\ew_hwusbdev.sys
2014-10-13 08:38 . 2014-10-28 02:37        --------        d-----w-        c:\program files\HUAWEI Modem Driver
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 05:35 . 2014-01-24 21:22        229000        ------w-        c:\windows\system32\MpSigStub.exe
2014-10-25 21:13 . 2013-05-07 12:39        37384        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-10-04 17:21 . 2014-10-04 17:21        2591960        ----a-w-        c:\windows\system32\drivers\rtwlane.sys
2014-10-04 17:18 . 2014-10-04 17:18        345328        ----a-w-        c:\windows\system32\SRSTSXT.dll
2014-10-04 17:18 . 2014-10-04 17:18        140528        ----a-w-        c:\windows\system32\SRSWOW.dll
2014-10-04 17:18 . 2014-10-04 17:18        1892056        ----a-w-        c:\windows\system32\RTSndMgr.cpl
2014-10-04 17:18 . 2014-10-04 17:18        3086040        ----a-w-        c:\windows\system32\drivers\RTKVHDA.sys
2014-10-04 17:18 . 2014-10-04 17:18        2566872        ----a-w-        c:\windows\system32\RtkPgExt.dll
2014-10-04 17:18 . 2014-10-04 17:18        13416        ----a-w-        c:\windows\system32\RtkCoLDR.dll
2014-10-04 17:18 . 2014-10-04 17:18        916696        ----a-w-        c:\windows\system32\RtkCoInstII.dll
2014-10-04 17:18 . 2014-10-04 17:18        782040        ----a-w-        c:\windows\system32\RtkApoApi.dll
2014-10-04 17:18 . 2014-10-04 17:18        78680        ----a-w-        c:\windows\system32\RTEEL32A.dll
2014-10-04 17:18 . 2014-10-04 17:18        359768        ----a-w-        c:\windows\system32\RTEEP32A.dll
2014-10-04 17:18 . 2014-10-04 17:18        64856        ----a-w-        c:\windows\system32\RTEEG32A.dll
2014-10-04 17:18 . 2014-10-04 17:18        170840        ----a-w-        c:\windows\system32\RTEED32A.dll
2014-10-04 17:18 . 2014-10-04 17:18        295768        ----a-w-        c:\windows\system32\RP3DHT32.dll
2014-10-04 17:18 . 2014-10-04 17:18        295768        ----a-w-        c:\windows\system32\RP3DAA32.dll
2014-10-04 17:18 . 2014-10-04 17:18        2474200        ----a-w-        c:\windows\system32\RltkAPO.dll
2014-10-04 17:18 . 2014-10-04 17:18        60636160        ----a-w-        c:\windows\system32\RCoRes.dat
2014-10-04 17:17 . 2014-10-04 17:17        92584        ----a-w-        c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-10-04 17:17 . 2014-10-04 17:17        95840        ----a-w-        c:\windows\system32\AERTARen.dll
2014-10-04 17:17 . 2014-10-04 17:17        182472        ----a-w-        c:\windows\system32\AERTACap.dll
2014-10-04 17:13 . 2014-10-04 17:13        76872        ----a-w-        c:\windows\system32\RtNicProp32.dll
2014-10-04 17:13 . 2014-10-04 17:13        716504        ----a-w-        c:\windows\system32\drivers\Rt86win7.sys
2014-10-04 17:13 . 2011-06-10 04:34        100896        ----a-w-        c:\windows\system32\RTNUninst32.dll
2014-10-04 17:07 . 2014-10-04 17:07        270552        ----a-w-        c:\windows\system32\drivers\RtsPStor.sys
2014-10-04 17:07 . 2014-10-04 17:07        9888840        ----a-w-        c:\windows\system32\RsCRIcon.dll
2014-09-25 01:40 . 2014-09-30 18:50        519680        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-24 10:44 . 2012-11-27 06:06        136216        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-09-24 10:44 . 2012-11-27 06:06        98160        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-09-09 21:47 . 2014-09-30 00:54        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-03 20:56 . 2012-12-22 11:58        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-09-03 20:56 . 2012-12-22 11:58        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-09-03 20:56 . 2012-12-22 11:57        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-09-02 18:51 . 2012-12-31 18:12        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-09-02 18:50 . 2012-12-31 18:12        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-08-23 01:46 . 2014-08-28 06:22        305152        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-14 18:42 . 2014-04-26 19:21        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-08-13 10:57 . 2014-08-13 10:57        6144        ----a-w-        c:\windows\system32\KBDYAK.DLL
2014-08-13 10:57 . 2014-08-13 10:57        6144        ----a-w-        c:\windows\system32\KBDBASH.DLL
2014-08-13 10:53 . 2014-08-13 10:53        654336        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-08-13 10:53 . 2014-08-13 10:53        219072        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2014-08-13 10:53 . 2014-08-13 10:53        730048        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 10:53 . 2014-08-13 10:53        107520        ----a-w-        c:\windows\system32\cdd.dll
2014-08-13 10:51 . 2014-08-13 10:51        337408        ----a-w-        c:\windows\system32\msihnd.dll
2014-08-13 10:51 . 2014-08-13 10:51        1805824        ----a-w-        c:\windows\system32\authui.dll
2014-08-13 10:51 . 2014-08-13 10:51        101824        ----a-w-        c:\windows\system32\consent.exe
2014-08-13 10:45 . 2014-08-13 10:45        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-08-13 10:45 . 2014-08-13 10:45        619672        ----a-w-        c:\windows\system32\icardagt.exe
2014-08-13 10:45 . 2014-08-13 10:45        99480        ----a-w-        c:\windows\system32\infocardapi.dll
2014-08-13 10:44 . 2014-08-13 10:44        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-10-17 08:26        752960        ----a-w-        c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2014-09-03 91872]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-09-24 703736]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2014-04-24 1810496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AviraSpeedup"="c:\program files\Avira\AviraSpeedup\avira_system_speedup.exe" [2014-10-25 5395192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57        959904        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2014-09-24 10:44        703736        ----a-w-        c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
2014-05-23 16:00        1601856        ----a-w-        c:\program files\IObit\IObit Malware Fighter\IMF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-08-10 12:51        343168        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 02:36        2299176        ----a-w-        c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 7"="c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" /autostart
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" -s
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Avira Systray"=c:\program files\Avira\My Avira\Avira.OE.Systray.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-10-17 2283296]
R3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2007-04-23 1347584]
R3 esgiguard;esgiguard; [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 208896]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 MBAMSwissArmy;MBAMSwissArmy; [x]
R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS [2009-12-07 44032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2013-11-19 32288]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1004136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2013-11-19 20944]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2013-03-23 21480]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 66688]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 33408]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
S1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw;{9d5747ee-0448-4681-8337-1555de75a3b6}Gw;c:\windows\system32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw.sys [2014-05-22 52928]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-25 37352]
S1 nnfwdk;Nielsen WFP Driver;c:\program files\NetRatingsNetSight\NetSight\meter3\nnfwdk.sys [2014-09-03 23264]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2014-08-18 893216]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2014-10-04 87968]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-05 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 294400]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-09-24 431920]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-09-23 160560]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2014-05-15 342336]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NielsenUpdate;Nielsen Update;c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2014-09-03 2932448]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2014-10-04 251096]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-09-29 200624]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0.sys [2012-10-27 14416]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AppObserver;Application creation observer;c:\program files\NetRatingsNetSight\NetSight\meter3\appobserver.sys [2014-09-03 14560]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2014-07-14 65200]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-10-09 72576]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2014-10-04 270552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-10-04 716504]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys [2014-10-04 2591960]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 37504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 00:45        1089352        ----a-w-        c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27 10:51]
.
2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-26 22:32]
.
2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-26 22:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.online-doppelkopf.com
mStart Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:53241;https=127.0.0.1:53241
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\
FF - prefs.js: browser.search.defaulturl - hxxps://de.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-10 - (no file)
WebBrowser-{5786D022-540E-4699-B350-B4BE0AE94B79} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKU-Default-Run-Sidebar - c:\program files\Windows Sidebar\sidebar.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3896)
c:\program files\NetRatingsNetSight\NetSight\nsmmc.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Realtek\Audio\HDA\RtHDVBg.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-10  17:33:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-10 16:33
.
Vor Suchlauf: 9 Verzeichnis(se), 461.306.155.008 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 460.987.650.048 Bytes frei
.
- - End Of File - - 5E3002D649592589F76CE8092F1FF33F
A36C5E4F47E84449FF07ED3517B43A31

cosinus 11.11.2014 00:22
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


tiffany1963 11.11.2014 10:19
Guten Morgen,

hier das Ergebnis von Schritt 1:

AdwCleaner Logfile:
Code:
# AdwCleaner v4.101 - Bericht erstellt am 11/11/2014 um 09:47:16
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-10.9 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : user - USER-PC
# Gestartet von : C:\Users\user\Downloads\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : {9d5747ee-0448-4681-8337-1555de75a3b6}Gw

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\users\user\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\users\user\AppData\Roaming\Security System 2
Ordner Gelöscht : C:\users\user\AppData\Roaming\DriverTurbo
[!] Ordner Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\firefoxmini@go.im.xpi
Ordner Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\security@protegere.org
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\firefoxmini@go.im.xpi
Datei Gelöscht : C:\Windows\system32\\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw.sys

***** [ Tasks ] *****

Task Gelöscht : Advanced System Protector
Task Gelöscht : Advanced System Protector_startup
Task Gelöscht : BackgroundContainer Startup Task
Task Gelöscht : Driver Booster Scan
Task Gelöscht : Driver Booster Update
Task Gelöscht : pricemeterdownloader

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D28C7E56-2CC6-415C-8727-D71334085926}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\PriceMeterLiveUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.1 (x86 de)

[b22z9jh3.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[b22z9jh3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.enabledAddons", "ascsurfingprotection%40iobit.com:1.0,security%40protegere.org:3,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1");

-\\ Google Chrome v38.0.2125.111

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=149&itype=a&ver=12791&tm=359&src=ds&p={searchTerms}

*************************

AdwCleaner[R0].txt - [85149 octets] - [19/02/2014 20:10:56]
AdwCleaner[R1].txt - [33454 octets] - [19/02/2014 20:19:46]
AdwCleaner[S0].txt - [51807 octets] - [19/02/2014 20:14:56]
AdwCleaner[S1].txt - [29245 octets] - [19/02/2014 20:22:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [29306 octets] ##########
--- --- ---


Schritt 2:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x86
Ran by user on 11.11.2014 at 10:02:09,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1E829948-B7BA-4F8D-913C-3768F5CA6267}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\b22z9jh3.default\prefs.js

user_pref("services.sync.passwords.syncID", "qLnLQkbJDkV9");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.11.2014 at 10:09:15,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Schritt 3:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by user (administrator) on USER-PC on 11-11-2014 10:14:19
Running from C:\Users\user\Downloads
Loaded Profile: user (Available profiles: user)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(Avira) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Telefónica I+D) C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\meter3\NielsenNativeHost.exe
(Farbar) C:\Users\user\Downloads\FRST (2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NielsenOnline] => C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2014-09-03] (The Nielsen Company)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1810496 2014-04-24] (1und1 Mail und Media GmbH)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-25] (Avira)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:53241;https=127.0.0.1:53241
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.online-doppelkopf.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE7BB920037B4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4249131668-4266709875-3981103518-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {1E829948-B7BA-4F8D-913C-3768F5CA6267} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8ffa2a1b-2dd6-4664-aeb1-deca7fb525a7&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {1E829948-B7BA-4F8D-913C-3768F5CA6267} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8ffa2a1b-2dd6-4664-aeb1-deca7fb525a7&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {3A732CFF-0553-4894-9210-E7D1C8AC348D} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {59D4B146-D8FA-435F-8EEE-4F6431B26E83} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {6E4B0881-E464-45DB-98B0-B44FE376E9C0} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {AFF993C1-B509-4057-AD10-2A6CC55D533B} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {FAEAE76C-6B31-4F7A-BFCD-0CF18A0866A7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @MoneyMillionaire/npdf -> C:\ProgramData\Rabatt-Finder\FFExtension20140906003825\plugins\npdf.dll No File
FF Plugin: @nielsen/FirefoxTracker -> C:\Program Files\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\abs@avira.com [2014-11-08]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\ascsurfingprotection@iobit.com [2014-09-06]
FF Extension: Settings Manager - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\Extensions\{C608E7CD-C8DE-C4BE-147D-CD78D3587F6F} [2014-05-26]
FF HKLM\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files\NetRatingsNetSight\NetSight\meter3\FirefoxAddOns\netsight@nielsen.xpi [2014-11-11]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\extensions\security@protegere.org [Not Found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - security@protegere.org [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.online-doppelkopf.com/
CHR StartupUrls: Default -> "hxxp://www.online-doppelkopf.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Nielsen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amebgbgmoldiehbbbjcaoceilcfnniop [2014-11-07]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-29]
CHR Extension: (WEB.DE MailCheck) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-10-17] (IObit)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2932448 2014-09-03] (The Nielsen Company)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-10-04] (Realtek Semiconductor)
R2 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-16] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-16] (Advanced Micro Devices)
R3 AppObserver; C:\Program Files\NetRatingsNetSight\NetSight\meter3\appobserver.sys [14560 2014-09-03] (The Nielsen Company)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 camdrv41; C:\Windows\System32\DRIVERS\camdrv41.sys [1347584 2007-04-23] ()
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [44032 2009-12-07] (--)
R1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter3\nnfwdk.sys [23264 2014-09-03] (The Nielsen Company)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [270552 2014-10-04] (Realtek Semiconductor Corp.)
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [1004136 2011-01-05] (Realtek Semiconductor Corporation                          )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2591960 2014-10-04] (Realtek Semiconductor Corporation                          )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
R2 WinRing0_1_2_0; C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0.sys [14416 2012-10-27] (OpenLibSys.org)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; No ImagePath
S3 MBAMSwissArmy; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 10:14 - 2014-11-11 10:15 - 00017867 _____ () C:\Users\user\Downloads\FRST.txt
2014-11-11 10:13 - 2014-11-11 10:13 - 01107968 _____ (Farbar) C:\Users\user\Downloads\FRST (2).exe
2014-11-11 10:13 - 2014-11-11 10:13 - 00001445 _____ () C:\Users\user\Desktop\FRST (2) - Verknüpfung.lnk
2014-11-11 10:09 - 2014-11-11 10:09 - 00000978 _____ () C:\Users\user\Desktop\JRT.txt
2014-11-11 09:59 - 2014-11-11 10:01 - 00001390 _____ () C:\Users\user\Desktop\JRT - Verknüpfung.lnk
2014-11-11 09:52 - 2014-11-11 09:52 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-11 09:50 - 2014-11-11 09:50 - 00000056 _____ () C:\Windows\setupact.log
2014-11-11 09:50 - 2014-11-11 09:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-11 09:49 - 2014-11-11 09:49 - 00000926 _____ () C:\Windows\PFRO.log
2014-11-11 09:38 - 2014-11-11 09:38 - 00001517 _____ () C:\Users\user\Desktop\AdwCleaner_4.101 - Verknüpfung.lnk
2014-11-11 09:37 - 2014-11-11 09:37 - 02140160 _____ () C:\Users\user\Downloads\AdwCleaner_4.101.exe
2014-11-10 20:15 - 2014-11-10 20:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 17:33 - 2014-11-10 17:33 - 00024571 _____ () C:\ComboFix.txt
2014-11-10 16:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-10 16:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-10 16:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-10 16:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-10 16:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-10 16:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-10 16:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-10 16:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-10 16:30 - 2014-11-10 16:57 - 05598341 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-11-10 15:39 - 2014-11-10 17:33 - 00000000 ____D () C:\Qoobox
2014-11-10 15:38 - 2014-11-10 17:29 - 00000000 ____D () C:\Windows\erdnt
2014-11-10 15:37 - 2014-11-10 15:37 - 00001134 _____ () C:\Users\user\Desktop\ComboFix - Verknüpfung.lnk
2014-11-10 14:19 - 2014-11-10 14:20 - 01107968 _____ (Farbar) C:\Users\user\Downloads\FRST (1).exe
2014-11-09 13:57 - 2014-11-09 14:24 - 171909728 _____ () C:\Users\user\Downloads\AIO_CDB_Full_Non-Network_deu_NB.exe
2014-11-09 01:10 - 2014-11-09 01:11 - 00158330 _____ () C:\Users\user\Desktop\Internet sehr langsam trotz 100 M_Bit - Seitenaufbau extrem langsam - DL aber schnell - ComputerBase Forum.htm
2014-11-09 00:53 - 2014-11-10 01:36 - 00001290 _____ () C:\Users\user\Desktop\DnsCache Bereinigung.txt
2014-11-09 00:52 - 2014-06-23 18:36 - 00000170 _____ () C:\Users\user\Desktop\Dnscache bereinigen.cmd
2014-11-08 23:45 - 2014-11-11 09:58 - 01706808 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2014-11-08 23:33 - 2014-11-11 10:14 - 00000000 ____D () C:\FRST
2014-11-08 23:32 - 2014-11-08 23:32 - 01107968 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2014-11-08 19:59 - 2014-11-11 09:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-08 19:59 - 2014-11-08 19:59 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-08 19:59 - 2014-11-08 19:59 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-08 19:54 - 2014-11-08 19:55 - 00244328 _____ () C:\Users\user\Downloads\Firefox Setup Stub 33.0.3.exe
2014-11-07 16:25 - 2014-11-07 16:25 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-07 16:25 - 2014-11-07 16:25 - 00001128 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-07 16:25 - 2014-11-07 16:25 - 00000000 ____D () C:\Program Files\TeamViewer
2014-11-05 20:09 - 2014-11-05 20:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\TeamViewer
2014-11-05 20:06 - 2014-11-05 20:08 - 06626832 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de.exe
2014-11-05 01:52 - 2014-11-05 01:52 - 00135747 _____ () C:\Users\user\Documents\test.xps
2014-11-05 01:49 - 2014-11-05 01:49 - 00154926 _____ () C:\Users\user\Documents\CHECK Bäckerei Wimmer.xps
2014-11-04 23:53 - 2014-11-11 09:51 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-02 11:41 - 2014-11-02 12:34 - 32809520 _____ (IObit ) C:\Users\user\Downloads\IObit-Malware-Fighter-Setup (1).exe
2014-10-28 05:19 - 2014-10-28 05:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\dlg
2014-10-28 05:01 - 2014-10-28 05:01 - 00664416 _____ () C:\Users\user\Downloads\TCPOptimizer (1).exe
2014-10-28 04:25 - 2014-10-28 04:30 - 00659456 _____ (Speed Guide Inc.) C:\Users\user\Downloads\TCPOptimizer.exe
2014-10-28 04:15 - 2014-10-28 04:15 - 00004974 _____ () C:\Users\user\Desktop\SG_Vista_TcpIp_patch.cmd
2014-10-27 19:15 - 2014-10-28 03:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
2014-10-27 19:15 - 2014-10-27 19:15 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck
2014-10-27 17:49 - 2014-10-27 17:49 - 00000399 _____ () C:\Users\user\Desktop\Wrar30b5 - Verknüpfung.lnk
2014-10-26 23:33 - 2014-11-05 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-26 23:32 - 2014-11-11 09:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 23:32 - 2014-11-11 09:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-25 22:40 - 2014-10-25 22:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2014-10-25 21:50 - 2014-10-25 21:50 - 00000959 _____ () C:\Windows\system32\Avira System Speedup.lnk
2014-10-25 21:46 - 2014-10-25 21:46 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-25 21:45 - 2014-10-25 21:45 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\user\Downloads\avira_de_av___ws2015.exe
2014-10-25 21:39 - 2014-10-25 21:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVG
2014-10-25 21:38 - 2014-11-09 01:20 - 00000000 ____D () C:\Program Files\AVG
2014-10-25 21:37 - 2014-10-25 21:37 - 00000000 ____D () C:\Users\user\AppData\Local\Avg
2014-10-25 21:36 - 2014-10-25 21:40 - 00000000 ____D () C:\ProgramData\AVG
2014-10-25 21:30 - 2014-10-25 21:36 - 90754872 _____ (AVG Technologies) C:\Users\user\Downloads\avg_tuht_stf_all_2015_185.exe
2014-10-22 18:52 - 2014-10-22 18:52 - 00003544 ____N () C:\bootsqm.dat
2014-10-22 16:11 - 2014-10-22 16:11 - 00000000 ____D () C:\Users\user\AppData\Roaming\TuneUp Software
2014-10-22 16:10 - 2014-10-25 21:24 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013
2014-10-22 16:08 - 2014-10-22 16:34 - 00000000 __SHD () C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2014-10-22 16:08 - 2014-10-22 16:18 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-22 16:05 - 2014-10-22 16:06 - 28181408 _____ (TuneUp Software) C:\Users\user\Downloads\TuneUpUtilities2013_de-DE.exe
2014-10-19 15:04 - 2014-10-19 15:04 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-19 15:04 - 2014-10-19 15:03 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-19 15:03 - 2014-10-28 03:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-19 15:03 - 2014-10-19 15:03 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-19 15:03 - 2014-10-19 15:03 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-19 15:03 - 2014-10-19 15:03 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-19 14:40 - 2014-10-28 03:37 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung
2014-10-19 14:40 - 2014-10-28 03:36 - 00000000 ____D () C:\ProgramData\1&1 Mail & Media GmbH
2014-10-19 14:40 - 2014-10-19 14:40 - 00002002 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
2014-10-19 14:40 - 2014-10-19 14:40 - 00001984 _____ () C:\Users\user\Desktop\Amazon.lnk
2014-10-19 14:40 - 2014-10-19 14:40 - 00001978 _____ () C:\Users\user\Desktop\WEB.DE.lnk
2014-10-19 14:40 - 2014-10-19 14:40 - 00000000 ____D () C:\ProgramData\UUdb
2014-10-17 09:26 - 2014-10-17 09:26 - 00001142 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-10-17 09:26 - 2014-10-17 09:26 - 00001118 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-10-15 00:53 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 00:53 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 00:53 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 00:53 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 00:53 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 00:53 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 00:53 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 00:53 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 00:53 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 00:53 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 00:53 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 00:53 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 00:53 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 00:53 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 00:53 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 00:52 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 00:52 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 00:52 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 00:52 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 00:52 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 00:52 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 00:52 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 00:52 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 00:52 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 00:52 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 00:52 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 00:52 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 00:52 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 00:52 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 00:52 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 00:52 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 00:52 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 00:52 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 00:52 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 00:52 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 00:51 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 00:51 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 00:51 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 00:51 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 00:51 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 00:51 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 00:51 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 00:51 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 00:51 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 00:51 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 00:51 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 00:51 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 00:51 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 00:50 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 00:49 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 00:49 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 00:49 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 00:49 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 00:49 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 00:49 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 00:49 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 00:49 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 00:49 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 00:49 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 00:49 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 00:49 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 00:49 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 00:49 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 00:49 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 00:49 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 00:49 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 00:49 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 00:49 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 00:49 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 00:49 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-13 09:39 - 2014-10-13 09:39 - 00002066 _____ () C:\Users\Public\Desktop\Mobile Connection Manager.lnk
2014-10-13 09:39 - 2010-11-04 10:51 - 00085248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2014-10-13 09:39 - 2010-10-09 07:48 - 00072576 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-10-13 09:39 - 2010-09-26 11:00 - 00051456 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2014-10-13 09:39 - 2010-09-26 11:00 - 00026496 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2014-10-13 09:39 - 2010-09-03 10:35 - 00168960 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2014-10-13 09:39 - 2010-08-31 11:09 - 00208896 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2014-10-13 09:39 - 2010-08-07 10:48 - 00106880 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-10-13 09:39 - 2010-05-10 07:18 - 00860928 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2014-10-13 09:39 - 2010-03-20 05:06 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-10-13 09:39 - 2010-01-18 11:48 - 00027136 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-10-13 09:38 - 2014-10-28 03:37 - 00000000 ____D () C:\Program Files\HUAWEI Modem Driver
2014-10-13 09:38 - 2010-07-27 02:52 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 10:03 - 2012-10-27 09:08 - 01523898 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 10:00 - 2009-07-14 05:34 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 10:00 - 2009-07-14 05:34 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 09:59 - 2012-10-27 11:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 09:54 - 2014-05-20 16:47 - 00000000 ___RD () C:\Users\user\Dropbox
2014-11-11 09:53 - 2014-05-20 16:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2014-11-11 09:50 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 09:47 - 2014-02-19 20:09 - 00000000 ____D () C:\AdwCleaner
2014-11-11 09:41 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2014-11-10 19:58 - 2014-09-02 18:10 - 00000222 _____ () C:\Users\user\BullseyeCoverageError.txt
2014-11-10 17:33 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-11-10 17:33 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-10 17:25 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-10 15:46 - 2014-07-14 16:01 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-09 23:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-08 23:53 - 2014-03-02 19:48 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2014-11-08 20:00 - 2012-10-27 12:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2014-11-07 21:38 - 2012-10-27 10:11 - 00064024 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-07 21:37 - 2009-07-14 05:33 - 00286856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-07 16:14 - 2014-07-14 16:00 - 00002083 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-11-07 16:09 - 2014-07-14 16:13 - 39890944 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-11-07 16:09 - 2014-07-14 16:13 - 00278528 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-11-07 16:09 - 2014-07-14 16:13 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-11-07 16:09 - 2014-07-14 16:13 - 00024576 _____ () C:\Windows\system32\config\SAM.iobit
2014-11-06 12:53 - 2014-05-20 21:02 - 00000000 ____D () C:\Users\user\Downloads\freundschaft
2014-11-04 17:21 - 2010-11-20 22:01 - 01620440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 18:07 - 2014-03-13 00:57 - 00000000 ____D () C:\Users\user\Downloads\gute nacht
2014-11-02 18:04 - 2014-03-10 03:09 - 00000000 ____D () C:\Users\user\Downloads\kisses
2014-11-02 18:01 - 2014-03-10 02:23 - 00000000 ____D () C:\Users\user\Downloads\grüße und so
2014-11-02 17:58 - 2014-08-05 23:07 - 00000000 ____D () C:\Users\user\Downloads\MICHAS HANDY
2014-11-02 17:58 - 2014-04-07 23:23 - 00000000 ____D () C:\Users\user\Downloads\dies und das
2014-10-30 22:34 - 2014-07-14 16:13 - 30732288 _____ () C:\Windows\system32\config\components.iobit
2014-10-28 06:35 - 2014-01-24 22:22 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 03:37 - 2012-11-27 07:06 - 00000000 ____D () C:\Program Files\Avira
2014-10-28 03:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-28 03:36 - 2014-08-19 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-28 03:36 - 2014-08-08 08:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-28 03:36 - 2014-07-14 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-10-28 03:36 - 2014-07-14 16:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\ProductData
2014-10-28 03:36 - 2014-07-14 16:01 - 00000000 ____D () C:\ProgramData\IObit
2014-10-28 03:36 - 2014-07-14 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-10-28 03:36 - 2014-07-14 15:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\IObit
2014-10-28 03:36 - 2014-05-24 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-10-28 03:36 - 2014-05-07 06:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-28 03:36 - 2012-10-27 22:59 - 00000000 ____D () C:\ProgramData\DesktopIcons
2014-10-28 03:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-28 03:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-28 03:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-10-28 03:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-10-26 23:33 - 2012-12-22 16:41 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-10-26 23:32 - 2012-12-22 16:41 - 00000000 ____D () C:\Program Files\Google
2014-10-25 22:27 - 2013-01-02 16:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-10-25 22:13 - 2013-05-07 13:39 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-25 22:06 - 2014-10-01 02:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-25 21:58 - 2014-07-25 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-25 21:46 - 2012-11-27 07:06 - 00000000 ____D () C:\ProgramData\Avira
2014-10-24 10:01 - 2014-05-04 16:57 - 00000000 ____D () C:\Users\user\Downloads\schön, dass es d.g
2014-10-24 09:57 - 2014-03-28 18:38 - 00000000 ____D () C:\Users\user\Downloads\kuscheln
2014-10-24 09:55 - 2014-03-13 02:25 - 00000000 ____D () C:\Users\user\Downloads\hab dich lieb
2014-10-24 09:46 - 2014-03-09 18:37 - 00000000 ____D () C:\Users\user\Downloads\fb-pics
2014-10-24 09:45 - 2014-03-13 22:14 - 00000000 ____D () C:\Users\user\Downloads\denk an dich
2014-10-23 20:14 - 2012-10-27 09:30 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-10-22 18:53 - 2014-07-14 17:24 - 39890944 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-10-22 18:53 - 2014-07-14 17:24 - 00278528 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-10-22 18:53 - 2014-07-14 17:24 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-10-22 18:53 - 2014-07-14 17:24 - 00024576 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-10-19 15:04 - 2013-10-20 11:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 03:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-15 02:28 - 2013-08-16 21:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:10 - 2012-10-27 12:52 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 15:01 - 2013-01-16 01:06 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3othhq.dll
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 11:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014
Ran by user at 2014-11-11 10:16:35
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
ATI Catalyst Install Manager (HKLM\...\{13AD0436-E893-E726-0CBB-33FCF35A2F29}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Avira System Speedup (HKLM\...\AviraSpeedup) (Version: 1.3.1.9970 - Avira System Speedup)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.5 - IObit)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HUAWEI DataCard Driver 4.20.12.00 (HKLM\...\HUAWEI DataCard Driver) (Version: 4.20.12.00 - Huawei technologies Co., Ltd.)
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.0.4.27 - IObit)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Connection Manager (HKLM\...\o2DE) (Version:  - Mobile Connection Manager)
Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nielsen (HKLM\...\NetSight) (Version:  - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.10.0416 - REALTEK Semiconductor Corp.)
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 6.3.6 - Shark007)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249131668-4266709875-3981103518-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

22-10-2014 15:08:56 TuneUp Utilities 2013 wird installiert
25-10-2014 20:17:05 avast! antivirus system restore point
25-10-2014 20:21:30 TuneUp Utilities 2013 wird entfernt
25-10-2014 20:24:21 TuneUp Utilities Language Pack (de-DE) wird entfernt
25-10-2014 20:37:24 AVG PC TuneUp 2015 wird installiert
25-10-2014 20:48:32 Avira System Speedup(1.3.1.9970)
27-10-2014 17:25:54 Wiederherstellungsvorgang
29-10-2014 13:36:51 Windows Update
04-11-2014 08:08:49 Windows Update
08-11-2014 02:41:53 Windows Update
09-11-2014 00:10:57 AVG PC TuneUp 2015 wird entfernt
09-11-2014 00:14:12 AVG PC TuneUp 2015 (de-DE) wird entfernt
09-11-2014 13:10:32 IObit Uninstaller restore point
09-11-2014 13:13:16 IObit Uninstaller restore point
11-11-2014 08:59:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-11-10 17:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0260C91F-8683-405A-A405-037FC820465E} - System32\Tasks\{BB394F92-76B1-40FF-9462-20A6EF69712A} => Chrome.exe
Task: {0507D07E-BA21-4792-B443-10E14AE6C871} - System32\Tasks\{AE4D836F-9F55-47CD-9D9E-73CC1E288991} => Chrome.exe
Task: {1828A629-104E-41BA-BDB9-08FF158047EE} - System32\Tasks\{AFF5E3E0-9586-44D8-B8BB-472FE885DC24} => Chrome.exe
Task: {2FB0E877-E429-4581-93AB-8D301A90373D} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-10-25] (Avira)
Task: {351D3829-E2E7-49CC-87D8-DA7C1B95ED1C} - System32\Tasks\{1A2679E7-8EDB-4A66-9143-52CB643A1814} => Chrome.exe
Task: {370F8FB5-F99A-44C1-8F65-5735678BC6BD} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
Task: {48335AE9-9BFB-4792-9B01-A7B6406BB56D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-10-17] (IObit)
Task: {4EBEBE78-8D97-4EDB-A1AD-E4AC470A574A} - System32\Tasks\ASC7_SkipUac_user => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {578FCE1C-F6E8-4D6B-8A0F-068CE08DA971} - \Driver Booster SkipUAC (user) No Task File <==== ATTENTION
Task: {66FE8849-6F84-412A-9ABF-E917D55F7587} - System32\Tasks\{FFE226A5-6C6F-43F2-B8B9-68C83D5657F5} => Chrome.exe
Task: {7F573940-6662-4855-8678-9DDBCA855401} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {8D3FD857-E505-4C71-8CC8-3CA054D6C3DB} - System32\Tasks\{3CB76F79-91BE-4A3C-BF3C-E1ED42D1DF1B} => Chrome.exe
Task: {9A41A18D-E192-4526-BA37-C31AC179D3AA} - \Driver Booster SkipUAC (SYSTEM) No Task File <==== ATTENTION
Task: {A12A9A6B-4D23-4E6A-9C24-A966DEE5E52C} - System32\Tasks\{0DF3F321-6F12-4D3A-920E-0958B9897D20} => Chrome.exe
Task: {A2AE1D1B-B82C-425F-A41B-7C59329B8801} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {A558DF8A-E1EF-45A7-868C-0B88A0000A4C} - System32\Tasks\{BBD55A86-D393-49FB-8116-EC6CDB9A618D} => Chrome.exe
Task: {AA1462EB-1ECD-4B8D-A431-62FD9FA039DA} - System32\Tasks\Laufwerkbereinigung
Task: {AC580489-1042-4314-B30B-3A014CD8CFE4} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {ACE4DD08-3FC1-455C-B855-7A7B23021A37} - System32\Tasks\{8B8D346A-FF7A-414A-9C3C-27D824ADAE10} => Chrome.exe
Task: {B06285EE-1CF2-4E18-A632-8767E6D53834} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {BE489DF5-544E-45AC-949D-E6C577522B6D} - System32\Tasks\{75530986-2251-46D0-A046-47243D3EB8B6} => Chrome.exe
Task: {BE637763-2667-4F19-B276-D8EA33BE44F8} - System32\Tasks\Uninstaller_SkipUac_user => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-10-17] (IObit)
Task: {DF73BF65-479B-4476-B162-BFAAC9C5CC0F} - System32\Tasks\{878049BB-75E4-4FA1-ADA7-4B2CCBF2E5E0} => Chrome.exe
Task: {F25F1516-1D6A-4A1C-9D3D-7F95C4762821} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-02] (IObit)
Task: {F56DEC74-FE70-4176-8173-B0435230BA6B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-14 16:00 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 7\sqlite3.dll
2014-10-01 02:38 - 2014-09-03 12:56 - 00505344 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\communication.dll
2014-06-14 21:20 - 2014-09-03 13:01 - 00504832 _____ () C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
2011-07-05 10:26 - 2011-07-05 10:26 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-14 16:00 - 2014-02-13 15:44 - 01214240 _____ () C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
2014-07-14 16:00 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-07-14 16:00 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-07-14 16:00 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-10-01 02:38 - 2014-09-03 12:57 - 00596480 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npchromeinstaller.dll
2014-10-01 02:38 - 2014-09-03 12:57 - 01247232 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npffaddons.dll
2014-10-01 02:38 - 2014-09-03 12:58 - 00851968 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npfirefoxprocessor.dll
2014-10-01 02:38 - 2014-09-03 12:56 - 00150528 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npsp1.dll
2014-10-01 02:38 - 2014-09-03 12:57 - 00228864 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npsurvey.dll
2014-10-01 02:38 - 2014-09-03 12:57 - 00224768 _____ () C:\Program Files\NetRatingsNetSight\NetSight\meter3\npwmi.dll
2014-11-11 09:53 - 2014-11-11 09:53 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3othhq.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-28 01:49 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 01:49 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-4249131668-4266709875-3981103518-500 - Administrator - Disabled)
Gast (S-1-5-21-4249131668-4266709875-3981103518-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4249131668-4266709875-3981103518-1005 - Limited - Enabled)
user (S-1-5-21-4249131668-4266709875-3981103518-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-11-23 13:58:36.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.364
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.349
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.333
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.333
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.271
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.271
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.239
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-11-23 13:58:36.208
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD C-50 Processor
Percentage of memory in use: 59%
Total physical RAM: 1642.9 MB
Available physical RAM: 661.06 MB
Total Pagefile: 5738.9 MB
Available Pagefile: 4312.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.77 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:465.66 GB) (Free:429.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 717D91F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 11.11.2014 11:46
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: http=127.0.0.1:53241;https=127.0.0.1:53241
 Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\extensions\security@protegere.org [Not Found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - security@protegere.org [Not Found]
S3 esgiguard; No ImagePath
Task: {578FCE1C-F6E8-4D6B-8A0F-068CE08DA971} - \Driver Booster SkipUAC (user) No Task File <==== ATTENTION
Task: {9A41A18D-E192-4526-BA37-C31AC179D3AA} - \Driver Booster SkipUAC (SYSTEM) No Task File <==== ATTENTION
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


tiffany1963 11.11.2014 12:31
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014
Ran by user at 2014-11-11 12:18:05 Run:1
Running from C:\Users\user\Downloads
Loaded Profile: user (Available profiles: user)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: http=127.0.0.1:53241;https=127.0.0.1:53241
 Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\extensions\security@protegere.org [Not Found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - security@protegere.org [Not Found]
S3 esgiguard; No ImagePath
Task: {578FCE1C-F6E8-4D6B-8A0F-068CE08DA971} - \Driver Booster SkipUAC (user) No Task File <==== ATTENTION
Task: {9A41A18D-E192-4526-BA37-C31AC179D3AA} - \Driver Booster SkipUAC (SYSTEM) No Task File <==== ATTENTION
EmptyTemp:
Hosts:
*****************

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\b22z9jh3.default\extensions\security@protegere.org [Not Found] => Error: No automatic fix found for this entry.
C:\Program Files\IObit Apps Toolbar\FF => not found.
FF Extension: No Name - security@protegere.org [Not Found] => not found.
esgiguard => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{578FCE1C-F6E8-4D6B-8A0F-068CE08DA971}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{578FCE1C-F6E8-4D6B-8A0F-068CE08DA971}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (user)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A41A18D-E192-4526-BA37-C31AC179D3AA}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (SYSTEM)" => Key deleted successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 430.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:49 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131