ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3aeace85b064884498173ddbbb6ec1ca
# engine=17280
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-01 04:49:38
# local_time=2014-03-01 05:49:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 15358 164363883 8105 0
# compatibility_mode=5893 16776573 100 94 68554 145322428 0 0
# scanned=183391
# found=0
# cleaned=0
# scan_time=8263
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=3aeace85b064884498173ddbbb6ec1ca
# engine=19061
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-07 04:47:57
# local_time=2014-07-07 06:47:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 0 1116532 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 156381527 0 0
# scanned=190626
# found=6
# cleaned=0
# scan_time=8224
sh=D90FC07BBB33A777E70BDBD795C380F50C222BBD ft=1 fh=c4946586acdc81fa vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\koechli\Downloads\FreeAudioConverter504.exe"
sh=A356C96FDC5B926AE2433C3CBE78EB8F6F2AF6D8 ft=1 fh=ad298542fa3046aa vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\koechli\Downloads\FreeVideoToFlashConverter_5.0.11.exe"
sh=8547D1E5EACE099ECFE5EDBF6958FA077650894B ft=1 fh=61435738673b6524 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\koechli\Downloads\FreeYouTubeToMP3Converter31015.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\koechli\Downloads\FreeYouTubeToMP3Converter37.exe"
sh=C33B8FA68855E5753B710599E08B065CE49E2935 ft=1 fh=53e4a2ca201cc8da vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\koechli\Downloads\isobuster_all_lang.exe"
sh=D7B901C38F90029BCDEC68C9958A9301840DD475 ft=1 fh=54a8439837c45e56 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\koechli\Downloads\UpdateMyDrivers.exe"
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning
disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.9016)
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 13.0.0.214
Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ESET ESET Online Scanner OnlineScannerApp.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile:
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by koechli (administrator) on KOECHLI-PC on 07-07-2014 18:57:32
Running from C:\Users\koechli\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCInstallQueue] - rundll32 netman.dll,ProcessQueue [360448 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3047234827-1550458953-4193513934-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {F8B7F592-CD26-4F88-9494-7A2C2B8E91DE} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {308688C3-FF53-48F2-826A-FA7C97617738} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6d1904f9-843e-4d01-8785-15918492196a&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {64923255-47B0-45D5-9133-8D80C5F5C430} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=6d1904f9-843e-4d01-8785-15918492196a&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {803A2C2F-9746-4D26-9D4B-C74685BDE04A} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6d1904f9-843e-4d01-8785-15918492196a&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {AD21D79C-4702-4457-972D-D20A72579128} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=6d1904f9-843e-4d01-8785-15918492196a&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {B84DA033-262D-41BF-89FD-947DBB543375} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6d1904f9-843e-4d01-8785-15918492196a&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {C2A31AED-00FE-4D4E-9878-73BF3E60BE5E} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6d1904f9-843e-4d01-8785-15918492196a&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {F8B7F592-CD26-4F88-9494-7A2C2B8E91DE} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\koechli\AppData\Roaming\Mozilla\Firefox\Profiles\erkr6qr4.default-1404668358278
FF DefaultSearchEngine: Amazon.de
FF SelectedSearchEngine: Amazon.de
FF Homepage: hxxp://www.gmx.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\koechli\AppData\Roaming\Mozilla\Firefox\Profiles\erkr6qr4.default-1404668358278\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-06]
FF Extension: Google™ Translator - C:\Users\koechli\AppData\Roaming\Mozilla\Firefox\Profiles\erkr6qr4.default-1404668358278\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2014-07-06]
FF Extension: Adblock Plus - C:\Users\koechli\AppData\Roaming\Mozilla\Firefox\Profiles\erkr6qr4.default-1404668358278\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-06]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2012-10-25] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [X]
S2 LckFldService; C:\Windows\system32\LckFldService.exe [X]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CXCVBS; C:\Windows\System32\drivers\cxCVBS.sys [244096 2012-11-06] (Conexant Systems, Inc.)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-02-11] (CACE Technologies)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2070-01-01 02:00 - 2070-01-01 02:00 - 00000000 ____D () C:\Users\koechli\Documents\tax2012
2014-07-07 18:52 - 2014-07-07 18:52 - 00854390 _____ () C:\Users\koechli\Desktop\SecurityCheck.exe
2014-07-07 16:27 - 2014-07-07 16:27 - 02347384 _____ (ESET) C:\Users\koechli\Desktop\esetsmartinstaller_deu.exe
2014-07-06 19:45 - 2014-07-06 19:45 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 19:45 - 2014-07-06 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 19:44 - 2014-07-06 19:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koechli\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-07-06 19:44 - 2014-07-06 19:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-06 19:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-06 19:44 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-06 19:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-06 19:35 - 2014-07-06 19:35 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-06 19:35 - 2014-07-06 19:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-06 19:35 - 2014-07-06 19:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-06 19:15 - 2014-07-06 19:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\koechli\Downloads\revosetup95.exe
2014-07-06 19:15 - 2014-07-06 19:15 - 00001232 _____ () C:\Users\koechli\Desktop\Revo Uninstaller.lnk
2014-07-06 19:15 - 2014-07-06 19:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-05 22:20 - 2014-07-05 22:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koechli\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-05 22:17 - 2014-07-05 22:17 - 00001192 _____ () C:\Users\koechli\Desktop\JRT.txt
2014-07-05 22:05 - 2014-07-05 22:05 - 01016261 _____ (Thisisu) C:\Users\koechli\Desktop\JRT.exe
2014-07-05 21:56 - 2014-07-05 22:00 - 00000000 ____D () C:\AdwCleaner
2014-07-05 21:56 - 2014-07-05 21:56 - 01346519 _____ () C:\Users\koechli\Desktop\adwcleaner_3.214.exe
2014-07-05 21:51 - 2014-07-05 21:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koechli\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 21:13 - 2014-07-04 21:13 - 00023669 _____ () C:\ComboFix.txt
2014-07-04 20:52 - 2014-07-04 21:13 - 00000000 ____D () C:\Qoobox
2014-07-04 20:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-04 20:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-04 20:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-04 20:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-04 20:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-04 20:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-04 20:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-04 20:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-04 20:51 - 2014-07-04 20:51 - 05213907 ____R (Swearware) C:\Users\koechli\Desktop\ComboFix.exe
2014-07-03 23:12 - 2014-07-03 23:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-01 22:41 - 2014-07-01 22:41 - 00037118 _____ () C:\Users\koechli\Desktop\Addition.txt
2014-07-01 22:39 - 2014-07-07 18:57 - 00017534 _____ () C:\Users\koechli\Desktop\FRST.txt
2014-07-01 22:39 - 2014-07-07 18:57 - 00000000 ____D () C:\FRST
2014-07-01 22:38 - 2014-07-05 22:21 - 02084352 _____ (Farbar) C:\Users\koechli\Desktop\FRST64.exe
2014-07-01 12:03 - 2014-07-01 12:03 - 00270680 _____ () C:\Windows\Minidump\070114-32105-01.dmp
2014-07-01 03:48 - 2014-07-01 03:48 - 00000000 ____D () C:\Users\koechli\AppData\Roaming\Avira
2014-07-01 03:46 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-01 03:46 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-01 03:46 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-01 03:43 - 2014-07-01 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-01 03:43 - 2014-07-01 03:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-01 03:43 - 2014-07-01 03:43 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\koechli\Downloads\avira_de_av___ws.exe
2014-07-01 03:43 - 2014-07-01 03:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-29 18:56 - 2014-07-01 03:06 - 00000000 ____D () C:\Users\koechli\Desktop\Neuer Ordner
2014-06-27 21:26 - 2014-06-27 21:26 - 00000000 ____D () C:\Users\koechli\AppData\Local\Adobe
2014-06-17 18:59 - 2014-06-17 18:59 - 00845512 _____ () C:\Windows\Minidump\061714-21387-01.dmp
2014-06-15 03:34 - 2014-06-15 03:34 - 00872120 _____ () C:\Windows\Minidump\061514-19406-01.dmp
2014-06-13 06:50 - 2014-06-13 06:50 - 00843104 _____ () C:\Windows\Minidump\061314-33228-01.dmp
2014-06-11 03:27 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 03:27 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 03:27 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 03:27 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 03:27 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 03:27 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 03:27 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 03:27 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 03:27 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 03:27 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 03:27 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 03:27 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 03:27 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 03:27 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 03:27 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 03:27 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 03:27 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 03:27 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 03:27 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 03:27 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 03:27 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 03:27 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 03:27 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 03:27 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 03:27 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 03:27 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 03:27 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 03:27 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 03:26 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 03:26 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 03:26 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 03:26 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 03:26 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 03:26 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 03:26 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 03:26 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 03:26 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 03:26 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 03:26 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 03:26 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 03:26 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 03:26 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 03:26 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 03:26 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 03:26 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 03:26 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 03:26 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 03:26 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 03:26 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 03:26 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 03:26 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 03:26 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 03:22 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 03:22 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 03:22 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 03:22 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 03:22 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 03:22 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 03:22 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 03:22 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 03:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 03:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 03:22 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 03:22 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 03:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 03:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 03:21 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 03:21 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
2070-01-01 02:00 - 2070-01-01 02:00 - 00000000 ____D () C:\Users\koechli\Documents\tax2012
2014-07-07 18:58 - 2014-07-01 22:39 - 00017534 _____ () C:\Users\koechli\Desktop\FRST.txt
2014-07-07 18:57 - 2014-07-01 22:39 - 00000000 ____D () C:\FRST
2014-07-07 18:53 - 2010-11-29 20:21 - 01268931 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 18:52 - 2014-07-07 18:52 - 00854390 _____ () C:\Users\koechli\Desktop\SecurityCheck.exe
2014-07-07 18:06 - 2012-09-10 16:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 16:27 - 2014-07-07 16:27 - 02347384 _____ (ESET) C:\Users\koechli\Desktop\esetsmartinstaller_deu.exe
2014-07-07 16:27 - 2010-11-30 05:12 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-07-07 16:27 - 2010-11-30 05:12 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-07-07 16:27 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-07 14:48 - 2011-10-20 12:54 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1CEC6658-4456-442D-827E-EA685ABDB3B1}
2014-07-06 19:45 - 2014-07-06 19:45 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 19:45 - 2014-07-06 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 19:44 - 2014-07-06 19:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koechli\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-07-06 19:44 - 2014-07-06 19:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-06 19:36 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 19:36 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 19:35 - 2014-07-06 19:35 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-06 19:35 - 2014-07-06 19:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-06 19:35 - 2014-07-06 19:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-06 19:29 - 2014-02-26 11:34 - 00007522 _____ () C:\Windows\setupact.log
2014-07-06 19:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 19:28 - 2014-02-26 23:29 - 00277168 _____ () C:\Windows\PFRO.log
2014-07-06 19:15 - 2014-07-06 19:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\koechli\Downloads\revosetup95.exe
2014-07-06 19:15 - 2014-07-06 19:15 - 00001232 _____ () C:\Users\koechli\Desktop\Revo Uninstaller.lnk
2014-07-06 19:15 - 2014-07-06 19:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-05 22:21 - 2014-07-01 22:38 - 02084352 _____ (Farbar) C:\Users\koechli\Desktop\FRST64.exe
2014-07-05 22:20 - 2014-07-05 22:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koechli\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-05 22:17 - 2014-07-05 22:17 - 00001192 _____ () C:\Users\koechli\Desktop\JRT.txt
2014-07-05 22:05 - 2014-07-05 22:05 - 01016261 _____ (Thisisu) C:\Users\koechli\Desktop\JRT.exe
2014-07-05 22:00 - 2014-07-05 21:56 - 00000000 ____D () C:\AdwCleaner
2014-07-05 22:00 - 2011-12-23 20:13 - 03175424 ___SH () C:\Users\koechli\Desktop\Thumbs.db
2014-07-05 21:56 - 2014-07-05 21:56 - 01346519 _____ () C:\Users\koechli\Desktop\adwcleaner_3.214.exe
2014-07-05 21:51 - 2014-07-05 21:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koechli\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 21:13 - 2014-07-04 21:13 - 00023669 _____ () C:\ComboFix.txt
2014-07-04 21:13 - 2014-07-04 20:52 - 00000000 ____D () C:\Qoobox
2014-07-04 21:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-04 21:02 - 2012-09-06 09:14 - 00000000 ____D () C:\Windows\erdnt
2014-07-04 20:51 - 2014-07-04 20:51 - 05213907 ____R (Swearware) C:\Users\koechli\Desktop\ComboFix.exe
2014-07-03 23:12 - 2014-07-03 23:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-01 22:41 - 2014-07-01 22:41 - 00037118 _____ () C:\Users\koechli\Desktop\Addition.txt
2014-07-01 12:03 - 2014-07-01 12:03 - 00270680 _____ () C:\Windows\Minidump\070114-32105-01.dmp
2014-07-01 12:03 - 2014-03-06 21:44 - 391905630 _____ () C:\Windows\MEMORY.DMP
2014-07-01 11:01 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-07-01 10:45 - 2013-04-09 17:29 - 00033280 _____ () C:\Users\koechli\Desktop\Nebenkosten-Verbrauch.xls
2014-07-01 10:17 - 2014-03-01 00:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-01 10:17 - 2012-09-03 23:37 - 00000000 ____D () C:\Users\koechli\AppData\Roaming\Malwarebytes
2014-07-01 10:17 - 2012-09-03 23:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 03:48 - 2014-07-01 03:48 - 00000000 ____D () C:\Users\koechli\AppData\Roaming\Avira
2014-07-01 03:47 - 2014-07-01 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-01 03:46 - 2014-07-01 03:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-01 03:46 - 2013-08-09 23:39 - 00000000 ____D () C:\ProgramData\Avira
2014-07-01 03:43 - 2014-07-01 03:43 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\koechli\Downloads\avira_de_av___ws.exe
2014-07-01 03:43 - 2014-07-01 03:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-01 03:21 - 2011-03-31 12:13 - 00000000 ____D () C:\Users\koechli
2014-07-01 03:19 - 2013-07-22 16:54 - 00000000 ____D () C:\Users\Gast
2014-07-01 03:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-01 03:06 - 2014-06-29 18:56 - 00000000 ____D () C:\Users\koechli\Desktop\Neuer Ordner
2014-07-01 03:05 - 2011-04-27 14:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-27 21:26 - 2014-06-27 21:26 - 00000000 ____D () C:\Users\koechli\AppData\Local\Adobe
2014-06-24 20:39 - 2014-07-01 03:46 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-01 03:46 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-01 03:46 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-17 18:59 - 2014-06-17 18:59 - 00845512 _____ () C:\Windows\Minidump\061714-21387-01.dmp
2014-06-17 18:59 - 2011-08-23 10:57 - 00000000 ____D () C:\Windows\Minidump
2014-06-15 03:34 - 2014-06-15 03:34 - 00872120 _____ () C:\Windows\Minidump\061514-19406-01.dmp
2014-06-13 08:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 06:50 - 2014-06-13 06:50 - 00843104 _____ () C:\Windows\Minidump\061314-33228-01.dmp
2014-06-12 03:14 - 2013-08-08 01:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:05 - 2011-04-02 23:45 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:01 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-11 03:21 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 03:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\koechli\AppData\Local\Temp\avgnt.exe
C:\Users\koechli\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 04:22
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Aktuell soweit ich das beurteilen kann, keine Probleme.
SecurityCheck und:
