Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Avira wird durch Virus blockiert (https://www.trojaner-board.de/159566-avira-virus-blockiert.html)

Jacky2512 09.10.2014 12:25
Avira wird durch Virus blockiert
 
hallo,
ich habe ein großes problem. seit heute kann ich weder avira noch malwarebytes öffnen. beim draufklicken erscheint die meldung: "Dieses Programm wurde durch eine Gruppenrichtlinie geblockt. Wenden Sie sich bitte an den Systemadministrator, um weitere Informationen zu erhalten". Ich habe schon super anti spyware un microsoft essentials laufen lassen, die mir aber leider auch nicht weitergeholfen haben. kann mit einer sagen wie ich diesen virus beseitigen kann der den zugriff auf diese programme blockiert?

schrauber 09.10.2014 13:02
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Jacky2512 18.11.2014 17:46
FRST.txt
 
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by JR-MRL (administrator) on JR-MRL-PC on 18-11-2014 17:38:59
Running from C:\Users\JR-MRL\Downloads
Loaded Profile: JR-MRL (Available profiles: JR-MRL)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Users\JR-MRL\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-09-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Ocs_SM] => C:\Users\JR-MRL\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-01-18] (OCS)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-25] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\Run: [Google Update] => C:\Users\JR-MRL\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\MountPoints2: {3282e442-5bb0-11e1-9092-889ffae369e0} - E:\Autorun.exe
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\MountPoints2: {3bcce201-ecee-11e1-8b39-889ffae369e0} - E:\Autorun.exe
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\MountPoints2: {4c14fec0-b6d0-11e0-b8e9-806e6f6e6963} - D:\autorun.exe "GO.HTM"
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\MountPoints2: {69ef7172-18d2-11e1-8836-889ffae369e0} - E:\PlayDiskStart.exe
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\MountPoints2: {9ab4b12f-d740-11e2-87af-889ffae369e0} - E:\Autorun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll" File Not Found

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?l=dis&o=15768
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6BAF9227E14ACC01
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> DefaultScope {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = hxxp://www.searchqu.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E73656172636871752E636F6D2F7765623F7372633D69656226713D7B5365617263685465726D737D&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com.anonymize-me.de/?anonymto=687474703A2F2F636C6F75642D7365617263682E6C696E6B7572792E636F6D2F726573756C74732E68746D3F63783D706172746E65722D7075622D373839303132363933303937373939313A3139323639303536333626636F663D464F5249443A313126713D7B7365617263685465726D737D2673613D536561726368267369746575726C3D7365617263682E6C696E6B7572792E636F6D&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {0471D77F-B5FF-42A1-8C47-D6A1C38001CB} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {18D4267A-A7B1-4255-A1EC-F3D3D335CD6A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=&apn_ptnrs=^NY&apn_dtid=^YYYYYY^YY^NL&apn_uid=0D111B85-77D9-456F-964D-D50E0B14B802&apn_sauid=E4189FF1-1AA8-4027-9AD7-A875B7A5B138&
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {22D672FC-FE16-4D9B-B18F-8347EC454077} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {467193E8-79F4-44D0-B1FA-E19E8C79427B} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = hxxp://www.searchqu.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E73656172636871752E636F6D2F7765623F7372633D69656226713D7B5365617263685465726D737D&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://search.kikin.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {D0948BA1-7DB3-4F97-A08D-153808805C20} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {DBF12FF2-9122-4EA4-BC0E-9FE25166FC91} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {E119B19E-5B3E-460E-8273-0CE12E494014} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru.anonymize-me.de/?anonymto=687474703A2F2F676F2E6D61696C2E72752F7365617263683F713D7B7365617263685465726D737D2675746638696E3D312666723D69657462&st={searchTerms}&clid=27fbe3f8-bc92-4480-9f46-291cb36459a3&pid=murb&k=0
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll (TODO: <Company name>)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\JR-MRL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: @tools.google.com/Google Update;version=3 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: @tools.google.com/Google Update;version=9 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF Extension: YouTube Unblocker - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\youtubeunblocker@unblocker.yt [2014-11-05]
FF Extension: Flashblock - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-08-10]
FF Extension: DownloadHelper - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-16]
FF Extension: ProxTube - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\ich@maltegoetz.de.xpi [2014-09-16]
FF Extension: Adblock Plus - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp435@crossrider.com] - C:\ProgramData\CodecCheck\firefox
FF Extension: Premiumplay Codec-C - C:\ProgramData\CodecCheck\firefox [2011-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2012-12-13]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-05-11]
FF StartMenuInternet: FIREFOX.EXE - C:\Torasrk Firefox\App\Torpark\firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://search.babylon.com/?affID=109718&tt=0313_7&babsrc=HP_ss&mntrId=026b53a5000000000000889ffae369e0"
CHR Profile: C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (WOT) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-29]
CHR Extension: (YouTube) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-14]
CHR Extension: (Adblock Plus) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-31]
CHR Extension: (Google-Suche) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-14]
CHR Extension: (AdBlock) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-02]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (YouTube Unblocker) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2013-09-12]
CHR Extension: (Google Mail) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-14]
CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\ProgramData\CodecCheck\chrome\codec_check.crx [2011-09-25]
CHR HKLM-x32\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\JR-MRL\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2012-09-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE [172344 2014-09-21] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-12-17] (Nalpeiron Ltd.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SearchAnonymizer; C:\Users\JR-MRL\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-01-18] () [File not signed]
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed]
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-09-01] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-17] (DT Soft Ltd)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-09-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 17:38 - 2014-11-18 17:40 - 00030167 _____ () C:\Users\JR-MRL\Downloads\FRST.txt
2014-11-18 17:37 - 2014-11-18 17:39 - 00000000 ____D () C:\FRST
2014-11-18 17:36 - 2014-11-18 17:36 - 02117120 _____ (Farbar) C:\Users\JR-MRL\Downloads\FRST64.exe
2014-11-17 21:38 - 2014-11-17 21:38 - 00000000 ____D () C:\Users\JR-MRL\Desktop\maplelektionenohne15
2014-11-17 18:46 - 2014-11-17 18:46 - 02681856 _____ () C:\Users\JR-MRL\Downloads\Symbolgehalt_der_Reisezeile.ppt
2014-11-17 18:14 - 2014-11-17 18:14 - 00000056 _____ () C:\Windows\system32\s000012.dat
2014-11-12 16:48 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:48 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:48 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 16:48 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:48 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 16:48 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:48 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 16:48 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 16:48 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 16:48 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:48 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:48 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:48 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 16:48 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 16:48 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 16:48 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 16:48 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 16:48 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:48 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 16:48 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:48 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 16:48 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:48 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:48 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:48 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:48 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:48 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:48 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:48 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:48 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:48 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 16:48 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:48 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 16:48 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 16:48 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:48 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:48 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:48 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:48 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:48 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 16:48 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:48 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:48 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:48 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:48 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:48 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:48 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:48 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:48 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 16:48 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:48 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:48 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:48 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 16:48 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:48 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:48 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 16:48 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:48 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 16:48 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:48 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:48 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:48 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 16:48 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 16:48 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:48 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 16:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 16:47 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:47 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 16:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 16:47 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 16:47 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:47 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:47 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 16:47 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 16:47 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 16:47 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 16:46 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:46 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-07 14:44 - 2014-11-07 14:44 - 00244051 _____ () C:\Users\JR-MRL\Downloads\AB_Probleme lösen im Umfeld der Tangente.mw
2014-11-07 14:44 - 2014-11-07 14:44 - 00197457 _____ () C:\Users\JR-MRL\Downloads\Vermischte Übungen zu Extremstellen_Wendestellen.mw
2014-11-03 21:30 - 2014-11-12 19:03 - 00000000 ____D () C:\Users\JR-MRL\Desktop\Vickys
2014-10-28 21:28 - 2014-10-28 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-28 21:27 - 2014-10-28 21:27 - 00880272 _____ (Google Inc.) C:\Users\JR-MRL\Downloads\ChromeSetup.exe
2014-10-28 15:58 - 2014-11-11 22:57 - 00000000 ____D () C:\Users\JR-MRL\Desktop\Schule
2014-10-28 15:57 - 2014-11-18 15:18 - 00000000 ____D () C:\Users\JR-MRL\Desktop\GFS 2014

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 17:40 - 2011-07-25 15:18 - 01596827 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 17:39 - 2014-05-28 09:12 - 00000376 _____ () C:\Windows\Tasks\WpsNotifyTask_JR-MRL.job
2014-11-18 17:32 - 2014-05-28 09:12 - 00000376 _____ () C:\Windows\Tasks\WpsUpdateTask_JR-MRL.job
2014-11-18 17:27 - 2012-08-09 09:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-18 17:25 - 2012-04-25 14:22 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA.job
2014-11-18 17:25 - 2012-04-25 14:22 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core.job
2014-11-18 17:25 - 2011-07-28 20:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 17:25 - 2011-07-26 15:19 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA.job
2014-11-18 17:25 - 2011-07-26 15:19 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core.job
2014-11-18 13:53 - 2011-07-28 20:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-17 21:38 - 2014-09-30 16:13 - 00000000 ____D () C:\Users\JR-MRL\.maplesoft
2014-11-17 21:38 - 2009-07-14 05:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 21:38 - 2009-07-14 05:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 21:21 - 2011-04-12 08:43 - 00703672 _____ () C:\Windows\system32\perfh007.dat
2014-11-17 21:21 - 2011-04-12 08:43 - 00151040 _____ () C:\Windows\system32\perfc007.dat
2014-11-17 21:21 - 2009-07-14 06:13 - 01631122 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 21:15 - 2012-08-09 09:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-17 21:15 - 2012-08-09 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-17 21:15 - 2012-08-09 09:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-17 21:13 - 2014-05-26 15:47 - 00008201 _____ () C:\Windows\setupact.log
2014-11-17 21:13 - 2012-12-09 18:09 - 00000424 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-11-17 21:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 18:17 - 2011-07-27 12:53 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{050575B4-699F-4F0D-9A81-A3C63429BB44}
2014-11-17 18:14 - 2011-11-09 14:14 - 00001224 _____ () C:\Windows\system32\sstates.sdt
2014-11-17 18:14 - 2011-11-09 14:14 - 00000040 _____ () C:\Windows\system32\sstate_prev.sdt
2014-11-16 10:39 - 2011-07-28 20:25 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 10:39 - 2011-07-28 20:25 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:59 - 2011-08-24 12:15 - 00039044 _____ () C:\test.xml
2014-11-14 12:49 - 2009-07-14 05:45 - 00538936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 12:29 - 2012-11-01 12:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 12:22 - 2013-07-18 18:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 12:06 - 2011-07-25 16:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 15:46 - 2011-07-26 15:19 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA
2014-11-13 15:46 - 2011-07-26 15:19 - 00003704 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core
2014-11-12 19:03 - 2014-08-02 20:36 - 00000000 ____D () C:\Users\JR-MRL\Desktop\Vickys♥
2014-11-10 16:00 - 2011-07-25 15:23 - 00000000 ____D () C:\Users\JR-MRL
2014-11-09 12:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-07 15:12 - 2014-09-30 16:14 - 00000000 ____D () C:\Users\JR-MRL\.gstreamer-0.10
2014-11-07 15:03 - 2010-11-21 04:47 - 00692822 _____ () C:\Windows\PFRO.log
2014-10-31 21:05 - 2014-08-09 21:41 - 00000000 ____D () C:\Users\JR-MRL\Desktop\bewerbungen jacky
2014-10-31 10:11 - 2009-07-14 03:34 - 00000660 _____ () C:\Windows\win.ini
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 17:23 - 2014-08-09 19:20 - 00000330 _____ () C:\Windows\SysWOW64\debug.log
2014-10-28 22:17 - 2012-12-24 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nadeo
2014-10-28 22:17 - 2011-08-26 21:47 - 00000000 ____D () C:\Windows\Minidump
2014-10-28 22:17 - 2011-07-25 15:39 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-10-28 22:17 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-28 22:16 - 2014-07-24 13:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-28 22:16 - 2012-12-24 19:27 - 00000000 ____D () C:\Program Files (x86)\Nadeo
2014-10-28 22:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-28 22:03 - 2014-07-10 16:05 - 00000000 ____D () C:\Users\JR-MRL\AppData\Local\Adobe
2014-10-28 21:28 - 2011-07-28 20:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-28 21:24 - 2011-08-11 09:52 - 00000000 ____D () C:\Users\JR-MRL\AppData\Local\CrashDumps

Files to move or delete:
====================
C:\Users\JR-MRL\Maple1302WindowsX86_64Upgrade.exe
C:\Users\JR-MRL\update.bat


Some content of TEMP:
====================
C:\Users\JR-MRL\AppData\Local\Temp\avgnt.exe
C:\Users\JR-MRL\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\JR-MRL\AppData\Local\Temp\Execute2App.exe
C:\Users\JR-MRL\AppData\Local\Temp\ext2591099962228277676.dll
C:\Users\JR-MRL\AppData\Local\Temp\ext2678450624421158271.dll
C:\Users\JR-MRL\AppData\Local\Temp\FileSystemView.dll
C:\Users\JR-MRL\AppData\Local\Temp\msvcp90.dll
C:\Users\JR-MRL\AppData\Local\Temp\msvcr90.dll
C:\Users\JR-MRL\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-09 12:21

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by JR-MRL at 2014-11-18 17:42:04
Running from C:\Users\JR-MRL\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1 (HKLM-x32\...\Cobra 11 - Burning Wheels_is1) (Version:  - )
4500_G510gm_Help (x32 Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AkkuLine Batterie-Tool (HKLM-x32\...\{5FF02438-DDE5-4D8E-8291-577CC1A2C014}) (Version: 1.0.0 - AkkuLine.de)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Angry Birds Rio (HKLM-x32\...\{AC7CCB3C-8E86-4165-9363-30B7CCCD9742}) (Version: 1.2.2 - Rovio)
Angry Birds Seasons (HKLM-x32\...\{D4022612-B213-4B5B-A135-0E1C0DC1DD44}) (Version: 3.1.1 - Rovio)
Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{7B937101-FD85-4CA9-9176-ADA6492314AF}) (Version: 3.0.0.117 - ArcSoft)
Ashampoo Office 2010 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB00}) (Version: 10.0.584 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audiosurf (HKLM-x32\...\{6D316D67-DA52-4659-9C98-F479963534D6}) (Version: 1.00.0000 - BestGameEver)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Batman: Arkham City Demo (HKLM-x32\...\Steam App 200240) (Version:  - Rocksteady)
Bengal Special (HKLM-x32\...\Bengal Special) (Version:  - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.3.3026 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bus Driver 1.5 (HKLM-x32\...\Bus Driver) (Version: 1.5 - )
ccc-core-static (x32 Version: 2010.0920.2143.37117 - Ihr Firmenname) Hidden
CDRWIN 9 Basic (HKLM-x32\...\{E46C4D1B-39D0-4A9F-0001-6529DDC11226}) (Version: 9.0.11.0800 - Engelmann Media GmbH)
Chuzzle Deluxe Demo (HKLM-x32\...\Steam App 3312) (Version:  - PopCap)
Cobra 11 - Burning Wheels (remove only) (HKLM-x32\...\BurningWheels) (Version:  - )
Cogs (HKLM-x32\...\Cogs) (Version:  - )
Crazy Machines Elements - DEMO (HKLM-x32\...\Crazy Machines Elements - DEMO_is1) (Version: 1.0 - dtp)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.12 - Piriform)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version:  - )
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
F1 2011 (HKLM-x32\...\GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}) (Version: 1.0.0000.129 - Codemasters)
F1 2011 (x32 Version: 1.0.0000.129 - Codemasters) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FlatOut Demo (HKLM-x32\...\Steam App 6230) (Version:  - BugBear)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Video to Samsung Phones Converter version 5.0.17.903 (HKLM-x32\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.17.903 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Fruit Ninja Lite 1.6.1 (HKLM-x32\...\{35DF5855-7594-43C3-9119-0975FDFF6551}) (Version: 1.6.1 - Halfbrick Studios Pty Ltd)
FUEL - Demo (HKLM-x32\...\Steam App 12850) (Version:  - Asobo Studio)
Galileo Family Quiz - Spezial I (HKLM-x32\...\Galileo Family Quiz - Spezial I) (Version:  - SevenOne Intermedia)
Galileo Family Quiz - Spezial II (HKLM-x32\...\Galileo Family Quiz - Spezial II) (Version:  - SevenOne Intermedia)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Glow (HKLM-x32\...\{97219AA1-D020-4440-AF8D-834EB6139D39}) (Version: 1.3.2 - Intelloware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
High-Definition Video Playback (x32 Version: 11.1.10400.2.65 - Nero AG) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ 8.0 (build 6019) (HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\ICQ) (Version: 8.0.6019.0 - Mail.Ru)
Ignite Demo (HKLM-x32\...\Steam App 202880) (Version:  - )
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(SM) center 35228) (Version: 39651 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
James Cameron's AVATAR(tm): DAS SPIEL (HKLM-x32\...\{7E19B002-4CA3-4C9F-BA92-91D101B97219}) (Version: 1.02.00 - Ubisoft)
Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kingsoft Office 2013 (9.1.0.4560) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4560 - Kingsoft Corp.)
Lexmark 2200 Series (HKLM-x32\...\Lexmark 2200 Series) (Version:  - Lexmark International, Inc.)
MagicScore (HKLM-x32\...\MagicScore_is1) (Version:  - )
MAGIX Foto & Grafik Designer 6 SE (HKLM-x32\...\MAGIX_{0DB08474-D4F3-4B8D-8BDD-EAD480D6BC05}) (Version: 6.1.3.15719 - MAGIX AG)
MAGIX Foto & Grafik Designer 6 SE (Version: 6.1.3.15719 - MAGIX AG) Hidden
MAGIX Xtreme Foto & Grafik Designer 5 (Silver) (HKLM-x32\...\MAGIX_MSI_XtremeGrafik5_Silver) (Version: 5.1.2.15876 - MAGIX AG)
MAGIX Xtreme Foto & Grafik Designer 5 (Silver) (x32 Version: 5.1.2.15876 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Maple 18 (HKLM\...\Maple 18) (Version: 18 - Maplesoft)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6109.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Monopoly Here and Now (tb) (remove only) (HKLM-x32\...\Monopoly Here and Now (tb)) (Version:  - )
Monster Trucks Nitro Demo (HKLM-x32\...\Steam App 16630) (Version:  - RedLynx)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\MyFreeCodec) (Version:  - )
Nail'd Demo (HKLM-x32\...\{D15FD5BC-0F01-48A9-8309-E550D0C2A8F9}) (Version: 1.00 - Deep Silver)
Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )
Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nero 11 (HKLM-x32\...\{B7E01095-8BAA-456E-8AED-504C3CCADBA0}) (Version: 11.0.10700 - Nero AG)
Nero BurningROM 12 (HKLM-x32\...\{4AC7B4F3-1B75-4BA7-82C4-F9A22B430A3D}) (Version: 12.5.00900 - Nero AG)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
RACE 07 Demo (HKLM-x32\...\Steam App 4260) (Version:  - SimBin Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Save Flash 4.1 (HKLM-x32\...\Save Flash) (Version: 4.1 - PilotGroup Ltd)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Screen Recording Suite V2.5.0 (HKLM-x32\...\{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1) (Version: 2.5.0 - Apowersoft)
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sideway Demo (HKLM-x32\...\Steam App 201160) (Version:  - )
SkyDrift Demo (HKLM-x32\...\Steam App 91110) (Version:  - )
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic & SEGA All-Stars Racing (HKLM-x32\...\{B1371574-4B13-4D3E-8F47-48C698732B00}) (Version: 1.00.0000 - SEGA)
Sonic Generations Demo (HKLM-x32\...\Steam App 202290) (Version:  - Sega)
Sophos Anti-Rootkit 1.5.0 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.0 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
STCC: The Game Demo (HKLM-x32\...\Steam App 8700) (Version:  - SimBin Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Subway Surfers (HKLM-x32\...\Subway Surfers) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
Talismania Deluxe Demo (HKLM-x32\...\Steam App 3462) (Version:  - PopCap)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
TKexe designer (HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\c4db908bc0b92124) (Version: 2.0.1.6 - TKexe Printservice)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Tony Hawk's American Wasteland (HKLM-x32\...\{3293C06B-003F-4027-8380-FFD79E38167D}) (Version: 1.00.0000 - Ihr Firmenname)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrackMania 2 - Canyon (HKLM-x32\...\{6DF1B3E4-3EF6-4BFD-8C60-ABBCD423B5A6}_is1) (Version: v1.0 - RAF)
TrackManiaDemo (HKLM-x32\...\TrackManiaDemo_is1) (Version:  - Nadeo)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Trials 2 Second Edition Demo (HKLM-x32\...\Steam App 16610) (Version:  - RedLynx)
Tropico 4 - Demo (HKLM-x32\...\Steam App 57750) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.1.05290 - Sony Corporation)
VAIO Care (x32 Version: 6.4.1.05290 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.3.0.05310 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.0.06210 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
VAIO Update (HKLM-x32\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.4.1.04200 - Sony Corporation)
VAIO Update Merge Module x64 (Version: 5.5.19220 - Sony Corporation) Hidden
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Virtual Families - Demo (HKLM-x32\...\Steam App 16210) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
welcome (x32 Version: 11.0.21500.0.4 - Nero AG) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
x64 Components v3.0.7 (HKLM\...\x64 Components_is1) (Version: 3.0.7 - Shark007)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-254137929-1569946910-4247913364-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JR-MRL\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-254137929-1569946910-4247913364-1000_Classes\CLSID\{01E9FAE9-3819-4dd9-B1D9-998A1C62D1F8}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-254137929-1569946910-4247913364-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254137929-1569946910-4247913364-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254137929-1569946910-4247913364-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254137929-1569946910-4247913364-1000_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-254137929-1569946910-4247913364-1000_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-254137929-1569946910-4247913364-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-254137929-1569946910-4247913364-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-254137929-1569946910-4247913364-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

28-10-2014 11:18:44 Windows Update
28-10-2014 15:08:05 Removed Nero 11.
28-10-2014 15:11:53 Removed BlueStacks Notification Center
28-10-2014 20:33:48 Windows Update
28-10-2014 21:07:13 Wiederherstellungsvorgang
03-11-2014 20:23:06 Windows Update
07-11-2014 13:57:43 Windows Update
10-11-2014 15:10:15 Windows Update
14-11-2014 11:01:47 Windows Update
17-11-2014 17:33:02 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2012-04-11 10:40 - 00437925 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03746CE8-12D0-4421-BDF8-0CC35295BF9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {23ADEF83-3E97-4102-B709-B78A08794875} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-06-21] (Sony Corporation)
Task: {24D1CD63-F14A-45C9-8BF6-5CC179937814} - System32\Tasks\{09E44BFF-A820-47F1-8171-E1750DE7AA21} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2ADB4F2D-C676-416D-B593-750583097CD7} - System32\Tasks\{FD3A0626-EC67-4315-9A2E-860108F00311} => Chrome.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603
Task: {3FC5C390-9C79-4541-A29C-A6D5B5E0FBFB} - System32\Tasks\{C9588A5E-C0A2-4068-97B8-4285280B387A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/go/help.faq.installer?LastError=1603
Task: {44FE0F92-02E4-45C7-BCDC-9974A6AD7D27} - System32\Tasks\WpsUpdateTask_JR-MRL => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-03-30] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {5B5410D8-2598-4112-AD15-8D1A31C26F8A} - System32\Tasks\{A34D87A2-7ED8-4379-B7B2-9195879CA59A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5F24DC38-9BD6-4678-B627-1066680BF6FB} - System32\Tasks\WpsNotifyTask_JR-MRL => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-30] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {75D2B473-498A-4F3A-B4A6-EB2167DD865D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core => C:\Users\JR-MRL\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {7ABA3438-5BB0-4CCA-BD86-CAEBEB789C68} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-06-21] (Sony Corporation)
Task: {7CE21B15-7ECC-4DDA-9D5B-976ACAAB5434} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {8E798417-F60F-4B67-9EE1-E72F78F9E06D} - System32\Tasks\{F79E429C-F567-4B53-A712-81C5D92232C2} => C:\Users\JR-MRL\Desktop\cjr2200GE (1).exe
Task: {98F249E2-48EC-489A-98CC-E3C5795246E5} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {9E52E8D1-6BAB-488F-ACF9-E218A2A51A62} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A1823D1E-200F-431C-BBE3-9FD7F5F097B8} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {A31A68CE-71E5-4E36-A267-BB7BDCB6B34D} - System32\Tasks\{9F2E1368-8EC1-4667-9BBF-9A3D64B7FA87} => Chrome.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/go/help.faq.installer?LastError=1603
Task: {A3E7DD56-A408-4572-A069-3C7E164ECF16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {ABBE296C-E08C-4C7C-B02F-7F8CAEC4E252} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {B5939B2B-4FA0-45E5-B81C-6271474CC9AB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core => C:\Users\JR-MRL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {B7D69922-EF3D-4424-826F-A3E76C850FEE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2011-04-20] (Sony Corporation)
Task: {B8965371-4EE8-4D9B-A588-0DEF425AC1C1} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {BEBCEF80-6AF2-4A86-A123-D8B4DB5D7F4B} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: {C0B1EFCA-47B7-479F-8943-C6AEA954114C} - System32\Tasks\{315A0824-C842-4706-82E2-7F422E8BBE6B} => C:\Users\JR-MRL\Desktop\cjr2200GE (1).exe
Task: {C13D020A-1A6F-4DA1-B478-1B8A17BB815F} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {CB7BC355-8120-4E2C-A9A5-67C1ADF4645E} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {CC0AE5BA-BDA1-4DC6-943C-DA2E13E55A68} - System32\Tasks\{5F27AC40-B7C1-4FA1-8ED6-F1FED1D97A6E} => C:\Users\JR-MRL\Desktop\cjr2200GE (1).exe
Task: {D64A9C55-7E58-4F5E-9AA5-5738ABE252DC} - System32\Tasks\Games\UpdateCheck_S-1-5-21-254137929-1569946910-4247913364-1000
Task: {DBBA4359-3F40-4364-81AE-18949E6700EE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA => C:\Users\JR-MRL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {E9FE11B9-2890-44AD-8228-6FCEC63EF099} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-17] (Adobe Systems Incorporated)
Task: {EC01D2F5-7BE8-4147-9E3E-8CD2BB10B81B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA => C:\Users\JR-MRL\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {EF93FE2F-70D3-4EFF-904F-326AF7E69D55} - System32\Tasks\{FF5E8976-D21E-4D2A-814A-7678629ADE13} => C:\Users\JR-MRL\Desktop\cjr2200GE (1).exe
Task: {FD1642F8-CBE8-41D0-93DA-5053D5DE58BB} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core.job => C:\Users\JR-MRL\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA.job => C:\Users\JR-MRL\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core.job => C:\Users\JR-MRL\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA.job => C:\Users\JR-MRL\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\WpsNotifyTask_JR-MRL.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_JR-MRL.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 08:21 - 2010-03-05 08:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-07-25 18:36 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-05 08:21 - 2010-03-05 08:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-08-26 19:41 - 2013-01-18 14:17 - 00040960 _____ () C:\Users\JR-MRL\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2010-08-24 13:39 - 2010-08-24 13:39 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-07-25 15:43 - 2011-07-25 15:43 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2011-07-25 15:44 - 2011-02-25 16:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2014-10-28 21:28 - 2014-10-22 04:32 - 01366856 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 21:28 - 2014-10-22 04:32 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 21:28 - 2014-10-22 04:32 - 10578248 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 21:28 - 2014-10-22 04:32 - 01859400 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2012-02-03 13:52 - 2012-09-25 22:51 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-02-03 13:52 - 2012-09-25 22:51 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-02-03 13:52 - 2012-09-25 22:51 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-05-23 16:09 - 2012-09-25 22:51 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-02-03 13:52 - 2012-09-25 22:51 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-02-03 13:52 - 2012-09-25 22:51 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-02-03 13:52 - 2012-09-25 22:51 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-02-03 13:52 - 2012-09-25 22:51 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-02-03 13:52 - 2012-09-25 22:51 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2011-07-25 16:06 - 2010-05-31 18:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2011-07-25 16:06 - 2010-05-31 18:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Microsoft:J4RikgIZLX9uPtBPfx24
AlternateDataStreams: C:\ProgramData\Microsoft:zXRunr2kvZ4GKtlAV47bp8R3CVfQ
AlternateDataStreams: C:\ProgramData\TEMP:054B9966
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: FontCache3.0.0.0 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: SolutoLauncherService => 2
MSCONFIG\Services: SolutoRemoteService => 3
MSCONFIG\Services: SolutoService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: vToolbarUpdater15.5.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\JR-MRL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\JR-MRL\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\JR-MRL\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: GoogleChromeAutoLaunch_950CD14F43615A1036CBCB696D4CDFBF => "C:\Users\JR-MRL\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: icq => C:\Users\JR-MRL\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: Intel AppUp(R) center Systray => "C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe" --domain F0399437-FD0C-4A48-B101-F0314A6172E4 --openmode trayicon
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
MSCONFIG\startupreg: Intel AppUp(SM) center Systray => "C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe" --domain F0399437-FD0C-4A48-B101-F0314A6172E4 --openmode trayicon
MSCONFIG\startupreg: Intel AppUp(SM) center_Nagware => "C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.lnk"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Ocs_SM => C:\Users\JR-MRL\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
MSCONFIG\startupreg: Realtime Audio Engine => "mmrtkrnl.exe" /i
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SMASH => "C:\Program Files (x86)\Ashampoo\Ashampoo Office 2010\smash.exe"
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE

========================= Accounts: ==========================

Administrator (S-1-5-21-254137929-1569946910-4247913364-500 - Administrator - Disabled)
Gast (S-1-5-21-254137929-1569946910-4247913364-501 - Limited - Disabled)
JR-MRL (S-1-5-21-254137929-1569946910-4247913364-1000 - Administrator - Enabled) => C:\Users\JR-MRL

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 05:25:28 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (11/17/2014 09:15:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 09:15:18 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/16/2014 10:31:27 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: HTTP-Status 404: Die angeforderte URL ist auf diesem Server nicht vorhanden.
 ErrorCode: 14007(0x36b7).

Error: (11/14/2014 09:35:11 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x3: Das System kann den angegebenen Pfad nicht finden.

Error: (11/14/2014 09:32:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 09:31:04 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/14/2014 02:52:47 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: HTTP-Status 404: Die angeforderte URL ist auf diesem Server nicht vorhanden.
 ErrorCode: 14007(0x36b7).

Error: (11/14/2014 02:42:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 02:41:01 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (11/18/2014 05:25:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.

Error: (11/17/2014 09:17:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error: (11/17/2014 09:15:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (11/17/2014 09:13:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/16/2014 10:33:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intel(R) Management & Security Application User Notification Service" wurde nicht richtig gestartet.

Error: (11/14/2014 09:34:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (11/14/2014 09:34:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (11/14/2014 09:32:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error: (11/14/2014 09:31:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (11/14/2014 09:31:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SBSD Security Center Service erreicht.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-04-13 19:21:08.557
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-13 19:21:08.490
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-13 19:21:06.347
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-13 19:21:06.279
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-13 19:21:04.155
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-13 19:21:04.087
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-13 19:21:01.915
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-13 19:21:01.849
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-13 19:20:59.543
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-13 19:20:59.477
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 61%
Total physical RAM: 3950.11 MB
Available physical RAM: 1512.19 MB
Total Pagefile: 7898.39 MB
Available Pagefile: 4465.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:71.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 53FA1C7C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)


==================== End Of Log ============================
--- --- ---

schrauber 19.11.2014 16:19
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jacky2512 19.11.2014 17:58
Fixlog.txt
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by JR-MRL at 2014-11-19 17:18:46 Run:1
Running from C:\Users\JR-MRL\Desktop
Loaded Profile: JR-MRL (Available profiles: JR-MRL)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====

Combofix Logfile:
Code:
ComboFix 14-11-17.01 - JR-MRL 19.11.2014  17:29:47.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3950.1809 [GMT 1:00]
ausgeführt von:: c:\users\JR-MRL\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\END
C:\Install.exe
C:\prefs.js
c:\users\JR-MRL\4.0
c:\users\JR-MRL\AppData\Local\TempDIR
c:\users\JR-MRL\AppData\Local\TempDIR\PIP2691_NDV2_.exe
c:\users\JR-MRL\AppData\Roaming\Microsoft\~DFKf2c7c.tmp
c:\users\JR-MRL\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\JR-MRL\AppData\Roaming\Microsoft\bass.dll
c:\users\JR-MRL\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\JR-MRL\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\JR-MRL\AppData\Roaming\Microsoft\peaadje.dll
c:\users\JR-MRL\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\JR-MRL\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\msdownld.tmp
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\tmpB12A.tmp
c:\windows\SysWow64\tmpB1B8.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-10-19 bis 2014-11-19  ))))))))))))))))))))))))))))))
.
.
2014-11-19 16:47 . 2014-11-19 16:47        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-11-19 13:14 . 2014-11-02 04:20        11632448        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B8DF921-4EDB-4D53-8524-2E0C1F709FAA}\mpengine.dll
2014-11-18 16:37 . 2014-11-19 16:18        --------        d-----w-        C:\FRST
2014-11-17 17:34 . 2014-10-14 19:59        11627712        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-16 09:52 . 2014-09-16 19:42        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC74B62F-61D7-412C-8ED4-2BCA03D50D22}\gapaengine.dll
2014-11-12 15:47 . 2014-09-19 09:42        342016        ----a-w-        c:\windows\system32\schannel.dll
2014-11-12 15:46 . 2014-10-18 02:05        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-11-12 15:46 . 2014-10-18 01:33        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-17 20:15 . 2012-08-09 08:29        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-17 20:15 . 2012-08-09 08:29        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-14 11:06 . 2011-07-25 15:23        103374192        ----a-w-        c:\windows\system32\MRT.exe
2014-10-30 11:25 . 2010-11-21 03:27        275080        ------w-        c:\windows\system32\MpSigStub.exe
2014-10-09 10:22 . 2013-05-07 14:01        43064        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-10-09 10:22 . 2013-03-28 15:02        131608        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-10-09 10:22 . 2013-03-28 15:02        119272        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSerifCondensed.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSerifCondensed-Italic.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSerifCondensed-BoldItalic.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSerifCondensed-Bold.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSerif.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSerif-Italic.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSerif-BoldItalic.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSerif-Bold.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSansMono.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSansMono-Oblique.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSansMono-BoldOblique.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSansMono-Bold.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSansCondensed.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSansCondensed-Oblique.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSansCondensed-BoldOblique.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSansCondensed-Bold.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSans.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSans-Oblique.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSans-ExtraLight.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSans-BoldOblique.fot
2014-09-30 15:08 . 2014-09-30 15:08        1409        ----a-w-        c:\windows\Fonts\DejaVuSans-Bold.fot
2014-09-25 02:08 . 2014-10-01 18:52        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 18:52        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-09-16 19:42 . 2013-08-23 10:25        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-12 17:54 . 2012-07-17 13:37        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-12 17:50 . 2014-09-12 17:50        0        ----a-w-        c:\windows\SysWow64\shoA822.tmp
2014-09-09 22:11 . 2014-09-24 11:50        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 11:50        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-09-05 02:11 . 2014-10-16 12:56        6584320        ----a-w-        c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-16 12:56        5703168        ----a-w-        c:\windows\SysWow64\mstscax.dll
2014-09-04 05:23 . 2014-10-16 12:58        424448        ----a-w-        c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 12:58        372736        ----a-w-        c:\windows\SysWow64\rastls.dll
2014-08-23 02:07 . 2014-08-27 18:32        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 18:32        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-02-18 12:52 . 2014-02-18 12:51        49940480        ----a-w-        c:\program files (x86)\GUT2001.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"Intel AppUp(R) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-09-25 156000]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-18 703736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERANTISPYWARE\SASCORE64.EXE;c:\program files\SUPERANTISPYWARE\SASCORE64.EXE [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\JR-MRL\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe;c:\users\JR-MRL\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 20:15]
.
2014-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core.job
- c:\users\JR-MRL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-25 13:27]
.
2014-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA.job
- c:\users\JR-MRL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-25 13:27]
.
2014-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 18:43]
.
2014-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 18:43]
.
2014-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core.job
- c:\users\JR-MRL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-26 20:23]
.
2014-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA.job
- c:\users\JR-MRL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-26 20:23]
.
2014-11-19 c:\windows\Tasks\WpsNotifyTask_JR-MRL.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-30 16:00]
.
2014-11-19 c:\windows\Tasks\WpsUpdateTask_JR-MRL.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-03-30 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-28 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-28 2040352]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2010-09-15 212480]
"Ocs_SM"="c:\users\JR-MRL\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-01-18 106496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?l=dis&o=15768
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
mSearchAssistant = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-SolutoService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BurningWheels - c:\program files\Cobra 11 - Burning Wheels\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\S-1-5-21-254137929-1569946910-4247913364-1000\Software\SecuROM\License information*]
"datasecu"=hex:0a,04,df,76,0b,7d,bc,79,7b,2c,65,db,d7,0d,6f,4a,57,cc,92,4a,d0,
  6f,59,90,fb,a9,5c,7d,33,bc,03,75,22,7a,26,1c,9d,a1,fa,60,2d,4b,36,ec,d5,4d,\
"rkeysecu"=hex:7f,c8,6f,e7,6a,90,c0,35,fa,af,33,ad,58,7d,4c,17
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-19  17:57:25
ComboFix-quarantined-files.txt  2014-11-19 16:57
.
Vor Suchlauf: 25 Verzeichnis(se), 80,262,356,992 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 82,764,902,400 Bytes frei
.
- - End Of File - - F62DAEA6871A6EDCEC5BDEDE1B4F67C6
--- --- ---

schrauber 20.11.2014 16:24
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Jacky2512 21.11.2014 14:56
Suchlauf Protokoll
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 20.11.2014
Suchlauf-Zeit: 17:48:50
Logdatei: Suchlauf Protokoll.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2014.11.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: JR-MRL

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 375267
Verstrichene Zeit: 20 Std, 12 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 13
PUP.Optional.Snapdo.T, HKU\S-1-5-21-254137929-1569946910-4247913364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Keine Aktion durch Benutzer, [51b5e35b7804a294d196c92f2fd3a45c],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Keine Aktion durch Benutzer, [51b5e35b7804a294d196c92f2fd3a45c],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Keine Aktion durch Benutzer, [858151edd8a483b3b18329cc8082817f],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Keine Aktion durch Benutzer, [e125142a007cc47278bdb4412bd72cd4],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Keine Aktion durch Benutzer, [fa0c5fdf2c5096a091e296c382815da3],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Keine Aktion durch Benutzer, [39cd0d317b0172c45f94a2d49271e61a],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-254137929-1569946910-4247913364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Keine Aktion durch Benutzer, [e32349f5e498ab8be52e2567a75d748c],
PUP.Optional.Conduit.A, HKU\S-1-5-21-254137929-1569946910-4247913364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Keine Aktion durch Benutzer, [c93d80be8af2af87a87c89af659e4fb1],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-254137929-1569946910-4247913364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, Keine Aktion durch Benutzer, [28dedb63fb8156e0b73ea1a05fa440c0],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-254137929-1569946910-4247913364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Keine Aktion durch Benutzer, [4db918268af22f07ef13db9b08fb9e62],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-254137929-1569946910-4247913364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Keine Aktion durch Benutzer, [30d6d26cd4a8c5710334a6e6eb1903fd],
PUP.Optional.BProtector.A, HKU\S-1-5-21-254137929-1569946910-4247913364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Keine Aktion durch Benutzer, [27df142adf9d80b678e48609798b936d],
PUP.Optional.Softonic.A, HKU\S-1-5-21-254137929-1569946910-4247913364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Keine Aktion durch Benutzer, [2ed8aa94ceaecf677fc99ec77f846d93],

Registrierungswerte: 4
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Community Smart Bar, Keine Aktion durch Benutzer, [8581241a1468b97d8ca1c184dc2725db]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Community Smart Bar, Keine Aktion durch Benutzer, [c83e41fd7a02a2944fde9ca9d330f010]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|crossriderapp435@crossrider.com, C:\ProgramData\CodecCheck\firefox, Keine Aktion durch Benutzer, [c541ef4fb1cbb581200415382bd8d030]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-254137929-1569946910-4247913364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0G2Y1R2X0G1M2S1M0G1S1H, Keine Aktion durch Benutzer, [30d6d26cd4a8c5710334a6e6eb1903fd]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 13
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\848905F43E6A4180BE5EEB9A9462A83D, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\92368358ADF04054A3D080A76C387D59, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\E5206B16E0D94BC098862F8CCF8DF8C0, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_DEA9ADA9FDBD4824AFECCAA97C2B2280, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_FFE1BA46EE33466D9154138A05E94ED7, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.Babylon.A, C:\Users\JR-MRL\AppData\LocalLow\BabylonToolbar, Keine Aktion durch Benutzer, [21e572cca4d89e9848e922f80300a858],
PUP.Optional.Babylon.A, C:\Users\JR-MRL\AppData\LocalLow\BabylonToolbar\BabylonToolbar, Keine Aktion durch Benutzer, [21e572cca4d89e9848e922f80300a858],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService, Keine Aktion durch Benutzer, [21e571cd8fed3afc26204fd6ac573bc5],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot, Keine Aktion durch Benutzer, [8383f84682fa1c1a0971909e28dbb44c],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, Keine Aktion durch Benutzer, [8383f84682fa1c1a0971909e28dbb44c],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\wtxpcom, Keine Aktion durch Benutzer, [8383f84682fa1c1a0971909e28dbb44c],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components, Keine Aktion durch Benutzer, [8383f84682fa1c1a0971909e28dbb44c],

Dateien: 25
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, Keine Aktion durch Benutzer, [c93d1d216b1156e046cca67bb44c758b],
PUP.Optional.Softonic.A, C:\Users\JR-MRL\Downloads\SoftonicDownloader_fuer_save-flash.exe, Keine Aktion durch Benutzer, [ac5a18265a229c9a34100b2fa35e956b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\Downloads\PhotoScape_V3-6-3.exe, Keine Aktion durch Benutzer, [4db9cc72750790a612f4492c41c4c739],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\848905F43E6A4180BE5EEB9A9462A83D\2332.ico, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\848905F43E6A4180BE5EEB9A9462A83D\EBB77268-338F-4C6A-8590-AD88FED26F4A, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\848905F43E6A4180BE5EEB9A9462A83D\LinkuryInstaller.msi, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\848905F43E6A4180BE5EEB9A9462A83D\LinkuryInstaller_p1v6.exe, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\848905F43E6A4180BE5EEB9A9462A83D\OCBrowserHelper_1.0.2.73.dll, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\92368358ADF04054A3D080A76C387D59\driverscannerDE.exe, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\E5206B16E0D94BC098862F8CCF8DF8C0\TuneUpUtilities2012_de-DE-p2v0.exe, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_DEA9ADA9FDBD4824AFECCAA97C2B2280\2332.ico, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_DEA9ADA9FDBD4824AFECCAA97C2B2280\EBB77268-338F-4C6A-8590-AD88FED26F4A, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_DEA9ADA9FDBD4824AFECCAA97C2B2280\LinkuryInstaller.msi, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_DEA9ADA9FDBD4824AFECCAA97C2B2280\LinkuryInstaller_p1v5.exe, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_DEA9ADA9FDBD4824AFECCAA97C2B2280\OCBrowserHelper_1.0.2.72.dll, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_FFE1BA46EE33466D9154138A05E94ED7\2332.ico, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_FFE1BA46EE33466D9154138A05E94ED7\EBB77268-338F-4C6A-8590-AD88FED26F4A, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_FFE1BA46EE33466D9154138A05E94ED7\LinkuryInstaller.msi, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_FFE1BA46EE33466D9154138A05E94ED7\LinkuryInstaller_p1v5.exe, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.OpenCandy, C:\Users\JR-MRL\AppData\Roaming\OpenCandy\OpenCandy_FFE1BA46EE33466D9154138A05E94ED7\OCBrowserHelper_1.0.2.72.dll, Keine Aktion durch Benutzer, [d92db48a225a50e6f4b01bedc043b54b],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService\repository.xml, Keine Aktion durch Benutzer, [21e571cd8fed3afc26204fd6ac573bc5],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml, Keine Aktion durch Benutzer, [8383f84682fa1c1a0971909e28dbb44c],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml, Keine Aktion durch Benutzer, [8383f84682fa1c1a0971909e28dbb44c],
Trojan.Ransom.Gend, C:\Users\JR-MRL\AppData\Roaming\ntuser.dat, In Quarantäne, [dc2ad46ae597b680dd6d6cb968997090],
Trojan.Agent, C:\Users\JR-MRL\AppData\Roaming\desktop.ini, In Quarantäne, [63a3b18df686b1857e049f23e31eb749],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner Logfile:
Code:
# AdwCleaner v4.101 - Bericht erstellt am 21/11/2014 um 14:24:51
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : JR-MRL - JR-MRL-PC
# Gestartet von : C:\Users\JR-MRL\Downloads\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : SearchAnonymizer

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Spigot
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Local\apn
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\JR-MRL\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\JR-MRL\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\JR-MRL\AppData\LocalLow\Bandoo
Ordner Gelöscht : C:\Users\JR-MRL\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\JR-MRL\AppData\LocalLow\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Roaming\Bandoo
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl
Datei Gelöscht : C:\Windows\SysWOW64\bandoolmx.dll
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\foxydeal.sqlite

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\5b4d88bb13fbd44
Schlüssel Gelöscht : HKLM\SOFTWARE\5b4d88bb13fbd44
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2247187
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4064EA35-578D-4073-A834-C96D82CBCF40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4064EA35-578D-4073-A834-C96D82CBCF40}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4064EA35-578D-4073-A834-C96D82CBCF40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4064EA35-578D-4073-A834-C96D82CBCF40}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4BC4-A1DC-ECB62712FF99}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0471D77F-B5FF-42A1-8C47-D6A1C38001CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18D4267A-A7B1-4255-A1EC-F3D3D335CD6A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{22D672FC-FE16-4D9B-B18F-8347EC454077}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{467193E8-79F4-44D0-B1FA-E19E8C79427B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D0948BA1-7DB3-4F97-A08D-153808805C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DBF12FF2-9122-4EA4-BC0E-9FE25166FC91}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E119B19E-5B3E-460E-8273-0CE12E494014}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Bandoo
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v32.0.1 (x86 de)


-\\ Google Chrome v39.0.2171.65

[C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109718&tt=0313_7&babsrc=SP_ss&mntrId=026b53a5000000000000889ffae369e0
[C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109718&tt=0313_7&babsrc=SP_ss&mntrId=026b53a5000000000000889ffae369e0
[C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={C2D613A7-E2D0-480C-9353-DA7D8233987F}&mid=1279a45e243b47d3966559d6bc078013-15019ff23147542243074db25bcb4bfcf318c14b&lang=de&ds=AVG&pr=fr&d=2013-07-21 19:20:47&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovigo.com/Results.aspx?q={searchTerms}&Suggest=davaj+po&stype=Homepage&useHistory=1&SelfSearch=1&SearchType=SearchWeb&SearchSource=48&ctid=CT2269050&octid=CT2269050
[C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovigo.com/Results.aspx?q={searchTerms}&Suggest=davaj+po&stype=Homepage&useHistory=1&SelfSearch=1&SearchType=SearchWeb&SearchSource=48&ctid=CT2269050&octid=CT2269050

*************************

AdwCleaner[R0].txt - [29867 octets] - [21/11/2014 14:22:04]
AdwCleaner[S0].txt - [26435 octets] - [21/11/2014 14:24:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26496 octets] ##########
--- --- ---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Professional x64
Ran by JR-MRL on 21.11.2014 at 14:38:36.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\CodecCheck
Successfully deleted: [Folder] "C:\Users\JR-MRL\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\JR-MRL\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\crossriderwebapps"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.11.2014 at 14:48:11.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by JR-MRL (administrator) on JR-MRL-PC on 21-11-2014 14:51:04
Running from C:\Users\JR-MRL\Desktop
Loaded Profile: JR-MRL (Available profiles: JR-MRL)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-09-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Ocs_SM] => C:\Users\JR-MRL\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-25] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6BAF9227E14ACC01
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> DefaultScope {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\JR-MRL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: @tools.google.com/Google Update;version=3 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: @tools.google.com/Google Update;version=9 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF Extension: YouTube Unblocker - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\youtubeunblocker@unblocker.yt [2014-11-05]
FF Extension: Flashblock - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-08-10]
FF Extension: DownloadHelper - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-16]
FF Extension: ProxTube - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\ich@maltegoetz.de.xpi [2014-09-16]
FF Extension: Adblock Plus - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp435@crossrider.com] - C:\ProgramData\CodecCheck\firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-05-11]
FF HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Torasrk Firefox\App\Torpark\firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://search.babylon.com/?affID=109718&tt=0313_7&babsrc=HP_ss&mntrId=026b53a5000000000000889ffae369e0"
CHR Profile: C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (WOT) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-29]
CHR Extension: (YouTube) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-14]
CHR Extension: (Adblock Plus) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-31]
CHR Extension: (Google-Suche) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-14]
CHR Extension: (AdBlock) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-02]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE [172344 2014-09-21] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-12-17] (Nalpeiron Ltd.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-19] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed]
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-09-01] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-17] (DT Soft Ltd)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-09-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 14:50 - 2014-11-21 14:50 - 00000000 ____D () C:\Users\JR-MRL\Desktop\FRST-OlderVersion
2014-11-21 14:48 - 2014-11-21 14:48 - 00001046 _____ () C:\Users\JR-MRL\Desktop\JRT.txt
2014-11-21 14:38 - 2014-11-21 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-11-21 14:37 - 2014-11-21 14:37 - 01707532 _____ (Thisisu) C:\Users\JR-MRL\Downloads\JRT.exe
2014-11-21 14:21 - 2014-11-21 14:25 - 00000000 ____D () C:\AdwCleaner
2014-11-21 14:21 - 2014-11-21 14:21 - 02140160 _____ () C:\Users\JR-MRL\Downloads\AdwCleaner_4.101.exe
2014-11-21 14:21 - 2014-11-21 14:21 - 02140160 _____ () C:\Users\JR-MRL\Downloads\AdwCleaner_4.101 (1).exe
2014-11-21 14:19 - 2014-11-21 14:19 - 00011149 _____ () C:\Users\JR-MRL\Desktop\Suchlauf Protokoll.txt
2014-11-20 17:47 - 2014-11-21 14:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 17:47 - 2014-11-20 17:47 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 17:47 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-20 17:47 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-20 17:46 - 2014-11-20 17:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-20 17:44 - 2014-11-20 17:45 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\JR-MRL\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-20 15:37 - 2014-11-20 15:37 - 03374374 _____ () C:\Users\JR-MRL\Downloads\RAP.pptx
2014-11-20 15:35 - 2014-11-20 15:35 - 04232192 _____ () C:\Users\JR-MRL\Downloads\zick-zack (1).ppt
2014-11-20 14:36 - 2014-11-20 14:36 - 04232192 _____ () C:\Users\JR-MRL\Downloads\zick-zack.ppt
2014-11-19 21:30 - 2014-11-19 21:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-19 17:57 - 2014-11-19 17:57 - 00027464 _____ () C:\ComboFix.txt
2014-11-19 17:26 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-19 17:26 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-19 17:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-19 17:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-19 17:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-19 17:26 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-19 17:26 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-19 17:26 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-19 17:25 - 2014-11-19 17:57 - 00000000 ____D () C:\Qoobox
2014-11-19 17:24 - 2014-11-19 17:50 - 00000000 ____D () C:\Windows\erdnt
2014-11-19 17:21 - 2014-11-19 17:21 - 05598319 ____R (Swearware) C:\Users\JR-MRL\Downloads\ComboFix.exe
2014-11-19 14:35 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 14:35 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 14:35 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 14:35 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 14:09 - 2014-11-19 14:12 - 17101208 _____ (Electronic Arts, Inc.) C:\Users\JR-MRL\Downloads\OriginThinSetup (3).exe
2014-11-18 17:51 - 2014-11-21 14:51 - 00021936 _____ () C:\Users\JR-MRL\Desktop\FRST.txt
2014-11-18 17:51 - 2014-11-21 14:50 - 02117632 _____ (Farbar) C:\Users\JR-MRL\Desktop\FRST64.exe
2014-11-18 17:42 - 2014-11-18 17:43 - 00055824 _____ () C:\Users\JR-MRL\Desktop\Addition.txt
2014-11-18 17:38 - 2014-11-18 17:43 - 00050146 _____ () C:\Users\JR-MRL\Downloads\FRST.txt
2014-11-18 17:37 - 2014-11-21 14:51 - 00000000 ____D () C:\FRST
2014-11-18 17:36 - 2014-11-18 17:36 - 02117120 _____ (Farbar) C:\Users\JR-MRL\Downloads\FRST64.exe
2014-11-17 21:38 - 2014-11-17 21:38 - 00000000 ____D () C:\Users\JR-MRL\Desktop\maplelektionenohne15
2014-11-17 18:46 - 2014-11-17 18:46 - 02681856 _____ () C:\Users\JR-MRL\Downloads\Symbolgehalt_der_Reisezeile.ppt
2014-11-17 18:14 - 2014-11-17 18:14 - 00000056 _____ () C:\Windows\system32\s000012.dat
2014-11-12 16:48 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:48 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:48 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 16:48 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:48 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 16:48 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:48 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 16:48 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 16:48 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 16:48 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:48 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:48 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:48 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 16:48 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 16:48 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 16:48 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 16:48 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 16:48 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:48 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 16:48 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:48 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 16:48 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:48 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:48 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:48 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:48 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:48 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:48 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:48 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:48 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:48 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 16:48 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:48 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 16:48 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 16:48 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:48 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:48 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:48 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:48 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:48 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 16:48 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:48 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:48 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:48 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:48 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:48 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:48 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:48 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:48 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 16:48 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:48 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:48 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:48 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 16:48 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:48 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:48 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 16:48 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:48 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 16:48 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:48 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:48 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:48 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 16:48 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 16:48 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:48 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 16:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 16:47 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:47 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 16:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 16:47 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 16:47 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:47 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:47 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 16:47 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 16:47 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 16:47 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 16:46 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:46 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-07 14:44 - 2014-11-07 14:44 - 00244051 _____ () C:\Users\JR-MRL\Downloads\AB_Probleme lösen im Umfeld der Tangente.mw
2014-11-07 14:44 - 2014-11-07 14:44 - 00197457 _____ () C:\Users\JR-MRL\Downloads\Vermischte Übungen zu Extremstellen_Wendestellen.mw
2014-10-28 21:28 - 2014-10-28 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-28 21:27 - 2014-10-28 21:27 - 00880272 _____ (Google Inc.) C:\Users\JR-MRL\Downloads\ChromeSetup.exe
2014-10-28 15:58 - 2014-11-18 21:51 - 00000000 ____D () C:\Users\JR-MRL\Desktop\Schule
2014-10-28 15:57 - 2014-11-20 16:11 - 00000000 ____D () C:\Users\JR-MRL\Desktop\GFS 2014

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 14:51 - 2011-07-26 15:19 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA.job
2014-11-21 14:44 - 2011-07-28 20:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 14:39 - 2014-05-28 09:12 - 00000376 _____ () C:\Windows\Tasks\WpsNotifyTask_JR-MRL.job
2014-11-21 14:38 - 2009-07-14 05:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 14:38 - 2009-07-14 05:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 14:34 - 2011-07-25 15:18 - 01785393 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 14:33 - 2011-04-12 08:43 - 00703672 _____ () C:\Windows\system32\perfh007.dat
2014-11-21 14:33 - 2011-04-12 08:43 - 00151040 _____ () C:\Windows\system32\perfc007.dat
2014-11-21 14:33 - 2009-07-14 06:13 - 01631122 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 14:32 - 2014-05-28 09:12 - 00000376 _____ () C:\Windows\Tasks\WpsUpdateTask_JR-MRL.job
2014-11-21 14:27 - 2011-07-28 20:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 14:26 - 2014-05-26 15:47 - 00008425 _____ () C:\Windows\setupact.log
2014-11-21 14:26 - 2010-11-21 04:47 - 00696760 _____ () C:\Windows\PFRO.log
2014-11-21 14:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 14:20 - 2012-08-09 09:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 14:12 - 2011-07-27 12:53 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{050575B4-699F-4F0D-9A81-A3C63429BB44}
2014-11-21 13:40 - 2012-04-25 14:22 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA.job
2014-11-20 17:47 - 2011-07-25 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-20 15:51 - 2011-07-26 15:19 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core.job
2014-11-20 15:33 - 2012-04-25 14:22 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core.job
2014-11-19 21:35 - 2014-10-09 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-19 21:35 - 2011-07-25 16:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-19 21:31 - 2012-04-13 09:35 - 00000000 ____D () C:\ProgramData\Avira
2014-11-19 17:58 - 2011-07-26 15:19 - 00000000 ____D () C:\Users\JR-MRL\AppData\Local\Apps\2.0
2014-11-19 17:57 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-19 17:48 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-19 17:45 - 2011-07-25 15:23 - 00000000 ____D () C:\Users\JR-MRL
2014-11-19 14:31 - 2012-04-08 12:36 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-11-19 14:15 - 2011-08-27 10:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-19 14:14 - 2014-07-24 13:12 - 00000000 ____D () C:\Users\JR-MRL\AppData\Roaming\Origin
2014-11-19 14:14 - 2014-07-24 13:10 - 00000000 ____D () C:\ProgramData\Origin
2014-11-19 14:12 - 2014-07-24 13:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-19 14:06 - 2012-12-13 18:13 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-11-19 14:06 - 2011-10-10 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-18 22:03 - 2011-07-25 15:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 21:54 - 2011-09-25 17:44 - 00000000 ____D () C:\Program Files (x86)\Rovio
2014-11-17 21:38 - 2014-09-30 16:13 - 00000000 ____D () C:\Users\JR-MRL\.maplesoft
2014-11-17 21:15 - 2012-08-09 09:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-17 21:15 - 2012-08-09 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-17 21:15 - 2012-08-09 09:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-17 18:14 - 2011-11-09 14:14 - 00001224 _____ () C:\Windows\system32\sstates.sdt
2014-11-17 18:14 - 2011-11-09 14:14 - 00000040 _____ () C:\Windows\system32\sstate_prev.sdt
2014-11-16 10:39 - 2011-07-28 20:25 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 10:39 - 2011-07-28 20:25 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:59 - 2011-08-24 12:15 - 00039044 _____ () C:\test.xml
2014-11-14 12:49 - 2009-07-14 05:45 - 00538936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 12:29 - 2012-11-01 12:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 12:22 - 2013-07-18 18:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 12:06 - 2011-07-25 16:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 15:46 - 2011-07-26 15:19 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA
2014-11-13 15:46 - 2011-07-26 15:19 - 00003704 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core
2014-11-12 19:03 - 2014-08-02 20:36 - 00000000 ____D () C:\Users\JR-MRL\Desktop\Vickys♥
2014-11-09 12:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-07 15:12 - 2014-09-30 16:14 - 00000000 ____D () C:\Users\JR-MRL\.gstreamer-0.10
2014-10-31 21:05 - 2014-08-09 21:41 - 00000000 ____D () C:\Users\JR-MRL\Desktop\bewerbungen jacky
2014-10-31 10:11 - 2009-07-14 03:34 - 00000660 _____ () C:\Windows\win.ini
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 22:17 - 2012-12-24 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nadeo
2014-10-28 22:17 - 2011-08-26 21:47 - 00000000 ____D () C:\Windows\Minidump
2014-10-28 22:17 - 2011-07-25 15:39 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-10-28 22:17 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-28 22:16 - 2014-07-24 13:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-28 22:16 - 2012-12-24 19:27 - 00000000 ____D () C:\Program Files (x86)\Nadeo
2014-10-28 22:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-28 22:03 - 2014-07-10 16:05 - 00000000 ____D () C:\Users\JR-MRL\AppData\Local\Adobe
2014-10-28 21:28 - 2011-07-28 20:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-28 21:24 - 2011-08-11 09:52 - 00000000 ____D () C:\Users\JR-MRL\AppData\Local\CrashDumps

Files to move or delete:
====================
C:\Users\JR-MRL\Maple1302WindowsX86_64Upgrade.exe
C:\Users\JR-MRL\update.bat


Some content of TEMP:
====================
C:\Users\JR-MRL\AppData\Local\Temp\avgnt.exe
C:\Users\JR-MRL\AppData\Local\Temp\Quarantine.exe
C:\Users\JR-MRL\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-09 12:21

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 22.11.2014 12:10

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Jacky2512 22.11.2014 20:17
ESET log
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b748b6792b905a42b6be1772f3307987
# engine=21218
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-22 06:57:02
# local_time=2014-11-22 07:57:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 15916 282105912 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6140185 57992338 0 0
# scanned=326179
# found=7
# cleaned=7
# scan_time=15738
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=5353C2021C1DB25B027D5E97680131AC9CB2C43D ft=1 fh=a62584fabc5db667 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=9A3543916F5F5C343EF81923396B1A35D998E687 ft=1 fh=c71c0011e8464a4f vn="Variante von Win32/InstallCore.JW evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\JR-MRL\Downloads\COMPUTER_BILD-Download-Manager_fuer_solutoinstaller-_wXx3s7YQp4i.exe"
sh=6DB6F231F3FE0C6B8DEB8266993D324CDCF2BC14 ft=1 fh=d82c4af9dd07ed3a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\JR-MRL\Downloads\Dropbox - CHIP-Downloader (1).exe"
sh=1A78B20DD918056D8A1777FCFA5ED2BA89E435F0 ft=1 fh=32277e8ea0ec9e68 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\JR-MRL\Downloads\Dropbox - CHIP-Downloader.exe"
sh=DA0251BD3C1ACE5C428DCFED818F3BCDEC3362F1 ft=1 fh=0eaf8fad3fab96f9 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\JR-MRL\Downloads\odp-3.2-bin-windows-en-US - CHIP-Installer.exe"
sh=D4F2D83F19617C4B7AB8A5BB195F9E5396DC541E ft=1 fh=3b1c4ca7da82ac9e vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\JR-MRL\Downloads\SoftonicDownloader_fuer_save-flash.exe"



Security Check:

Das Programm startet, bringt jedoch die Fehlermeldung: UNSUPPORTED OPERATING SYSTEM! ABORTED!


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 01
Ran by JR-MRL (administrator) on JR-MRL-PC on 22-11-2014 20:12:41
Running from C:\Users\JR-MRL\Desktop
Loaded Profile: JR-MRL (Available profiles: JR-MRL)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\Kingsoft Office\office6\wps.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-09-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Ocs_SM] => C:\Users\JR-MRL\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-25] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6BAF9227E14ACC01
HKU\S-1-5-21-254137929-1569946910-4247913364-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-254137929-1569946910-4247913364-1000 -> DefaultScope {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\JR-MRL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: @tools.google.com/Google Update;version=3 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: @tools.google.com/Google Update;version=9 -> C:\Users\JR-MRL\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-254137929-1569946910-4247913364-1000: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF Extension: YouTube Unblocker - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\youtubeunblocker@unblocker.yt [2014-11-05]
FF Extension: Flashblock - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-08-10]
FF Extension: DownloadHelper - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-16]
FF Extension: ProxTube - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\ich@maltegoetz.de.xpi [2014-09-16]
FF Extension: Adblock Plus - C:\Users\JR-MRL\AppData\Roaming\Mozilla\Firefox\Profiles\k84trogb.default-1395946096748\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp435@crossrider.com] - C:\ProgramData\CodecCheck\firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-05-11]
FF HKU\S-1-5-21-254137929-1569946910-4247913364-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Torasrk Firefox\App\Torpark\firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://search.babylon.com/?affID=109718&tt=0313_7&babsrc=HP_ss&mntrId=026b53a5000000000000889ffae369e0"
CHR Profile: C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (WOT) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-29]
CHR Extension: (YouTube) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-14]
CHR Extension: (Adblock Plus) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-31]
CHR Extension: (Google-Suche) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-14]
CHR Extension: (AdBlock) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-02]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\JR-MRL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE [172344 2014-09-21] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-12-17] (Nalpeiron Ltd.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-19] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed]
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-09-01] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-17] (DT Soft Ltd)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-09-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 20:12 - 2014-11-22 20:12 - 00000000 ____D () C:\Users\JR-MRL\Desktop\FRST-OlderVersion
2014-11-22 20:08 - 2014-11-22 20:07 - 00854414 _____ () C:\Users\JR-MRL\Desktop\SecurityCheck (1).exe
2014-11-22 20:07 - 2014-11-22 20:07 - 00854414 _____ () C:\Users\JR-MRL\Downloads\SecurityCheck (1).exe
2014-11-22 20:06 - 2014-11-22 20:06 - 00854414 _____ () C:\Users\JR-MRL\Downloads\SecurityCheck.exe
2014-11-21 14:48 - 2014-11-21 14:48 - 00001046 _____ () C:\Users\JR-MRL\Desktop\JRT.txt
2014-11-21 14:38 - 2014-11-21 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-11-21 14:37 - 2014-11-21 14:37 - 01707532 _____ (Thisisu) C:\Users\JR-MRL\Downloads\JRT.exe
2014-11-21 14:21 - 2014-11-21 14:25 - 00000000 ____D () C:\AdwCleaner
2014-11-21 14:21 - 2014-11-21 14:21 - 02140160 _____ () C:\Users\JR-MRL\Downloads\AdwCleaner_4.101.exe
2014-11-21 14:21 - 2014-11-21 14:21 - 02140160 _____ () C:\Users\JR-MRL\Downloads\AdwCleaner_4.101 (1).exe
2014-11-21 14:19 - 2014-11-21 14:19 - 00011149 _____ () C:\Users\JR-MRL\Desktop\Suchlauf Protokoll.txt
2014-11-20 17:47 - 2014-11-21 14:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 17:47 - 2014-11-20 17:47 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 17:47 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-20 17:47 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-20 17:46 - 2014-11-20 17:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-20 17:44 - 2014-11-20 17:45 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\JR-MRL\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-20 15:37 - 2014-11-20 15:37 - 03374374 _____ () C:\Users\JR-MRL\Downloads\RAP.pptx
2014-11-20 15:35 - 2014-11-20 15:35 - 04232192 _____ () C:\Users\JR-MRL\Downloads\zick-zack (1).ppt
2014-11-20 14:36 - 2014-11-20 14:36 - 04232192 _____ () C:\Users\JR-MRL\Downloads\zick-zack.ppt
2014-11-19 21:30 - 2014-11-19 21:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-19 17:57 - 2014-11-19 17:57 - 00027464 _____ () C:\ComboFix.txt
2014-11-19 17:26 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-19 17:26 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-19 17:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-19 17:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-19 17:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-19 17:26 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-19 17:26 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-19 17:26 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-19 17:25 - 2014-11-19 17:57 - 00000000 ____D () C:\Qoobox
2014-11-19 17:24 - 2014-11-19 17:50 - 00000000 ____D () C:\Windows\erdnt
2014-11-19 17:21 - 2014-11-19 17:21 - 05598319 ____R (Swearware) C:\Users\JR-MRL\Downloads\ComboFix.exe
2014-11-19 14:35 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 14:35 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 14:35 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 14:35 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 14:09 - 2014-11-19 14:12 - 17101208 _____ (Electronic Arts, Inc.) C:\Users\JR-MRL\Downloads\OriginThinSetup (3).exe
2014-11-18 17:51 - 2014-11-22 20:12 - 02118144 _____ (Farbar) C:\Users\JR-MRL\Desktop\FRST64.exe
2014-11-18 17:51 - 2014-11-22 20:12 - 00022128 _____ () C:\Users\JR-MRL\Desktop\FRST.txt
2014-11-18 17:42 - 2014-11-18 17:43 - 00055824 _____ () C:\Users\JR-MRL\Desktop\Addition.txt
2014-11-18 17:38 - 2014-11-18 17:43 - 00050146 _____ () C:\Users\JR-MRL\Downloads\FRST.txt
2014-11-18 17:37 - 2014-11-22 20:12 - 00000000 ____D () C:\FRST
2014-11-18 17:36 - 2014-11-18 17:36 - 02117120 _____ (Farbar) C:\Users\JR-MRL\Downloads\FRST64.exe
2014-11-17 21:38 - 2014-11-17 21:38 - 00000000 ____D () C:\Users\JR-MRL\Desktop\maplelektionenohne15
2014-11-17 18:46 - 2014-11-17 18:46 - 02681856 _____ () C:\Users\JR-MRL\Downloads\Symbolgehalt_der_Reisezeile.ppt
2014-11-17 18:14 - 2014-11-17 18:14 - 00000056 _____ () C:\Windows\system32\s000012.dat
2014-11-12 16:48 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:48 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:48 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 16:48 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:48 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 16:48 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:48 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 16:48 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 16:48 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 16:48 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:48 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:48 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:48 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 16:48 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 16:48 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 16:48 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 16:48 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 16:48 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:48 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 16:48 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:48 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 16:48 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:48 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:48 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:48 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:48 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:48 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:48 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:48 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:48 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:48 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 16:48 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:48 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 16:48 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 16:48 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:48 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:48 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:48 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:48 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:48 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 16:48 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:48 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:48 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:48 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:48 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:48 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:48 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:48 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:48 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 16:48 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:48 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:48 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:48 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 16:48 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:48 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:48 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 16:48 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:48 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 16:48 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:48 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:48 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:48 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 16:48 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 16:48 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:48 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 16:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 16:47 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:47 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 16:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 16:47 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 16:47 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 16:47 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:47 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:47 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 16:47 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 16:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 16:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 16:47 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 16:47 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 16:46 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:46 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-07 14:44 - 2014-11-07 14:44 - 00244051 _____ () C:\Users\JR-MRL\Downloads\AB_Probleme lösen im Umfeld der Tangente.mw
2014-11-07 14:44 - 2014-11-07 14:44 - 00197457 _____ () C:\Users\JR-MRL\Downloads\Vermischte Übungen zu Extremstellen_Wendestellen.mw
2014-10-28 21:28 - 2014-10-28 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-28 21:27 - 2014-10-28 21:27 - 00880272 _____ (Google Inc.) C:\Users\JR-MRL\Downloads\ChromeSetup.exe
2014-10-28 15:58 - 2014-11-18 21:51 - 00000000 ____D () C:\Users\JR-MRL\Desktop\Schule
2014-10-28 15:57 - 2014-11-21 19:22 - 00000000 ____D () C:\Users\JR-MRL\Desktop\GFS 2014

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 19:51 - 2011-07-26 15:19 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA.job
2014-11-22 19:44 - 2011-07-28 20:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 19:39 - 2014-05-28 09:12 - 00000376 _____ () C:\Windows\Tasks\WpsNotifyTask_JR-MRL.job
2014-11-22 19:32 - 2014-05-28 09:12 - 00000376 _____ () C:\Windows\Tasks\WpsUpdateTask_JR-MRL.job
2014-11-22 19:20 - 2012-08-09 09:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-22 18:32 - 2012-04-25 14:22 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA.job
2014-11-22 16:48 - 2011-07-27 12:53 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{050575B4-699F-4F0D-9A81-A3C63429BB44}
2014-11-22 16:26 - 2011-07-25 15:18 - 01837610 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 15:51 - 2011-07-26 15:19 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core.job
2014-11-22 15:41 - 2011-07-28 20:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-22 15:32 - 2012-04-25 14:22 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core.job
2014-11-21 18:16 - 2009-07-14 05:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 18:16 - 2009-07-14 05:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 15:37 - 2012-03-29 13:30 - 00017408 ____H () C:\Users\JR-MRL\Desktop\photothumb.db
2014-11-21 15:36 - 2012-07-28 16:24 - 00000000 ____D () C:\output
2014-11-21 14:33 - 2011-04-12 08:43 - 00703672 _____ () C:\Windows\system32\perfh007.dat
2014-11-21 14:33 - 2011-04-12 08:43 - 00151040 _____ () C:\Windows\system32\perfc007.dat
2014-11-21 14:33 - 2009-07-14 06:13 - 01631122 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 14:26 - 2014-05-26 15:47 - 00008425 _____ () C:\Windows\setupact.log
2014-11-21 14:26 - 2010-11-21 04:47 - 00696760 _____ () C:\Windows\PFRO.log
2014-11-21 14:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 14:24 - 2011-07-25 17:40 - 00000000 ____D () C:\ProgramData\ICQ
2014-11-20 17:47 - 2011-07-25 18:14 - 00000000 ____D () C:\Users\JR-MRL\AppData\Roaming\Malwarebytes
2014-11-20 17:47 - 2011-07-25 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-19 21:35 - 2014-10-09 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-19 21:35 - 2011-07-25 16:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-19 21:31 - 2012-04-13 09:35 - 00000000 ____D () C:\ProgramData\Avira
2014-11-19 17:58 - 2011-07-26 15:19 - 00000000 ____D () C:\Users\JR-MRL\AppData\Local\Apps\2.0
2014-11-19 17:57 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-19 17:48 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-19 17:45 - 2011-07-25 15:23 - 00000000 ____D () C:\Users\JR-MRL
2014-11-19 14:31 - 2012-04-08 12:36 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-11-19 14:15 - 2011-08-27 10:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-19 14:14 - 2014-07-24 13:12 - 00000000 ____D () C:\Users\JR-MRL\AppData\Roaming\Origin
2014-11-19 14:14 - 2014-07-24 13:10 - 00000000 ____D () C:\ProgramData\Origin
2014-11-19 14:12 - 2014-07-24 13:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-19 14:06 - 2012-12-13 18:13 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-11-19 14:06 - 2011-10-10 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-18 22:03 - 2011-07-25 15:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-18 21:54 - 2011-09-25 17:44 - 00000000 ____D () C:\Program Files (x86)\Rovio
2014-11-17 21:38 - 2014-09-30 16:13 - 00000000 ____D () C:\Users\JR-MRL\.maplesoft
2014-11-17 21:15 - 2012-08-09 09:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-17 21:15 - 2012-08-09 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-17 21:15 - 2012-08-09 09:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-17 18:14 - 2011-11-09 14:14 - 00001224 _____ () C:\Windows\system32\sstates.sdt
2014-11-17 18:14 - 2011-11-09 14:14 - 00000040 _____ () C:\Windows\system32\sstate_prev.sdt
2014-11-16 10:39 - 2011-07-28 20:25 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 10:39 - 2011-07-28 20:25 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:59 - 2011-08-24 12:15 - 00039044 _____ () C:\test.xml
2014-11-14 12:49 - 2009-07-14 05:45 - 00538936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 12:29 - 2012-11-01 12:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 12:22 - 2013-07-18 18:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 12:06 - 2011-07-25 16:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 15:46 - 2011-07-26 15:19 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000UA
2014-11-13 15:46 - 2011-07-26 15:19 - 00003704 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-254137929-1569946910-4247913364-1000Core
2014-11-12 19:03 - 2014-08-02 20:36 - 00000000 ____D () C:\Users\JR-MRL\Desktop\Vickys♥
2014-11-09 12:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-07 15:12 - 2014-09-30 16:14 - 00000000 ____D () C:\Users\JR-MRL\.gstreamer-0.10
2014-10-31 21:05 - 2014-08-09 21:41 - 00000000 ____D () C:\Users\JR-MRL\Desktop\bewerbungen jacky
2014-10-31 10:11 - 2009-07-14 03:34 - 00000660 _____ () C:\Windows\win.ini
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 22:17 - 2012-12-24 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nadeo
2014-10-28 22:17 - 2011-08-26 21:47 - 00000000 ____D () C:\Windows\Minidump
2014-10-28 22:17 - 2011-07-25 15:39 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-10-28 22:17 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-28 22:16 - 2014-07-24 13:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-10-28 22:16 - 2012-12-24 19:27 - 00000000 ____D () C:\Program Files (x86)\Nadeo
2014-10-28 22:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-28 22:03 - 2014-07-10 16:05 - 00000000 ____D () C:\Users\JR-MRL\AppData\Local\Adobe
2014-10-28 21:28 - 2011-07-28 20:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-28 21:24 - 2011-08-11 09:52 - 00000000 ____D () C:\Users\JR-MRL\AppData\Local\CrashDumps

Files to move or delete:
====================
C:\Users\JR-MRL\Maple1302WindowsX86_64Upgrade.exe
C:\Users\JR-MRL\update.bat


Some content of TEMP:
====================
C:\Users\JR-MRL\AppData\Local\Temp\avgnt.exe
C:\Users\JR-MRL\AppData\Local\Temp\Quarantine.exe
C:\Users\JR-MRL\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-09 12:21

==================== End Of Log ============================
--- --- ---

--- --- ---




Also Avira lässt lich nun wieder starten und scant auch :) doch sogut wie jedes der installierten Programme findet Trojaner :/ ist mein PC clean?

schrauber 23.11.2014 14:52
Zitat:
doch sogut wie jedes der installierten Programme findet Trojaner
Wer findet aktuell was wo?

Jacky2512 24.11.2014 19:52
Also: ich habe jetzt nochmal avira durchlaufen lassen und das findet nichts mehr ;)

schrauber 25.11.2014 16:20
Und was genau hast du dann mit obigem Satz gemeint? ;)

Jacky2512 27.11.2014 16:42
Dass jedes Antivierenprogramm immer wieder Trojaner findet

schrauber 28.11.2014 13:12
ok, was is nun Fakt:

wird noch was gefunden oder nicht?

Jacky2512 28.11.2014 22:17
es ist alles beseitigt. avira gehts wieder und die programme finden nun auch nichts mehr. vielen dank für ihre hilfe! ;)

schrauber 29.11.2014 18:42
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Jacky2512 08.12.2014 17:01
okay alles erledigt! pc funktioniert wieder einwandfrei :) vielen dank!

schrauber 09.12.2014 11:41
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131