Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Internetexplorer (unsichtbar) spielt Werbung ein. (https://www.trojaner-board.de/162300-windows-7-internetexplorer-unsichtbar-spielt-werbung.html)

FM8 30.12.2014 18:22
Windows 7: Internetexplorer (unsichtbar) spielt Werbung ein.
 
Guten Tag

Ich hatte vor kurzem auf Chip-online(!) einen MKV player heruntergeladen. Beim installieren ging das anklickbare fensterchen pipapo los und Avira meldete einen Virus. Seither wird alle paar minuten Werbung eingespielt. Im Taskmanager seh ich das internetexplorer mit wechselnden url's aktiv ist. Sichtbar ist er nicht aber leider hörbar.

Bisher unternommen:
Ich habe Malwarbytes und Addwarecleaner eingesetzt, ohne Erfolg. Leider habe ich diese zwischenzeitlich wieder gelöscht, weshalb ich keine logs davon posten kann.
Bei Avira habe ich die funde in quarantäne versetzten lassen und diese dann mit 'aus quarantäne löschen' bearbeitet.

Bei Avira weiss ich übrigens nicht wo sich das exportierte Logfile befindet (nach mit F3 exportieren). Eine rasche googlesuche hat mir leider nicht weitergeholfen, bitte um aufklärung.


Besten Dank für die Hilfe :)



Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:02 on 30/12/2014 (Michi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-






Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Michi (administrator) on M-PC on 30-12-2014 16:03:59
Running from C:\Users\Michi\Downloads
Loaded Profiles: Michi &  (Available profiles: Michi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Launcher)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(BitTorrent Inc.) C:\Users\Michi\AppData\Roaming\BitTorrent\BitTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Autodesk Inc.) C:\Users\Michi\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\...\Run: [BitTorrent] => C:\Users\Michi\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-462835693-3900197004-2541521047-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent] => C:\Users\Michi\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-462835693-3900197004-2541521047-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-462835693-3900197004-2541521047-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-462835693-3900197004-2541521047-1000] => http=127.0.0.1:49166;https=127.0.0.1:49166
ProxyServer: [S-1-5-21-462835693-3900197004-2541521047-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:49166;https=127.0.0.1:49166
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKU\S-1-5-21-462835693-3900197004-2541521047-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
SearchScopes: HKU\S-1-5-21-462835693-3900197004-2541521047-1000 -> {4E3248B4-A162-49C4-996F-6961CB82D93C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-462835693-3900197004-2541521047-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4E3248B4-A162-49C4-996F-6961CB82D93C} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default
FF Homepage: https://www.google.ch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Avira Browser Safety - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Avira Savings Advisor - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default\Extensions\ciuvo-extension@avira.de [2014-05-05]
FF Extension: No Youtube Comments - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default\Extensions\jid1-YMBCq41qvDdqcA@jetpack.xpi [2014-05-22]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-18]
CHR Extension: (Google Drive) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Google-Suche) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Google Wallet) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (Google Mail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-12-05] ()
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [648472 2014-08-14] (Wacom Technology, Corp.)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-25] (Disc Soft Ltd)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 rig3avs; C:\Windows\System32\Drivers\rig3avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 rig3usb_svc; C:\Windows\System32\Drivers\rig3usb.sys [100200 2012-12-18] (Native Instruments GmbH)
S3 SaiK1703; C:\Windows\System32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek)
S3 SaiU1703; C:\Windows\System32\DRIVERS\SaiU1703.sys [47168 2012-09-20] (Saitek)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 16:03 - 2014-12-30 16:04 - 00013916 _____ () C:\Users\Michi\Downloads\FRST.txt
2014-12-30 16:03 - 2014-12-30 16:04 - 00000000 ____D () C:\FRST
2014-12-30 16:03 - 2014-12-30 16:03 - 02123264 _____ (Farbar) C:\Users\Michi\Downloads\FRST64.exe
2014-12-30 16:02 - 2014-12-30 16:02 - 00000542 _____ () C:\Users\Michi\Downloads\defogger_disable.log
2014-12-30 16:02 - 2014-12-30 16:02 - 00000168 _____ () C:\Users\Michi\defogger_reenable
2014-12-30 16:01 - 2014-12-30 16:01 - 00050477 _____ () C:\Users\Michi\Downloads\Defogger.exe
2014-12-30 15:58 - 2014-12-30 15:59 - 00000000 ____D () C:\Users\Michi\Desktop\Neuer Ordner
2014-12-30 13:36 - 2014-12-30 16:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 13:35 - 2014-12-30 13:35 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 13:35 - 2014-12-30 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 13:35 - 2014-12-30 13:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 13:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-30 13:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-30 13:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-29 17:21 - 2014-12-29 17:21 - 02173952 _____ () C:\Users\Michi\Downloads\adwcleaner_4.106.exe
2014-12-29 13:40 - 2014-12-29 13:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-29 13:40 - 2014-12-29 13:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 19:48 - 2014-12-27 19:52 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Glitchmachines
2014-12-27 19:46 - 2014-12-27 19:47 - 09933002 _____ () C:\Users\Michi\Downloads\GM_HYSTERESIS.zip
2014-12-27 19:46 - 2014-12-27 19:47 - 09933002 _____ () C:\Users\Michi\Downloads\GM_HYSTERESIS (1).zip
2014-12-27 13:59 - 2014-12-27 14:01 - 89173025 _____ () C:\Users\Michi\Downloads\DSK_Overture.zip
2014-12-27 13:53 - 2014-12-29 13:38 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\ernden
2014-12-25 22:01 - 2014-12-28 15:07 - 00000000 ____D () C:\Users\Michi\AppData\Local\Opera Software
2014-12-25 22:00 - 2014-12-28 15:07 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Opera Software
2014-12-25 21:59 - 2014-12-28 15:07 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-25 17:36 - 2014-12-25 17:36 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 16:37 - 2014-12-19 16:37 - 01180819 _____ () C:\Users\Michi\Downloads\Weihnachtswünsche vom Selbsthilfecenter.eml
2014-12-18 14:37 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 14:37 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 15:47 - 2014-12-17 17:27 - 00000000 ____D () C:\tmp
2014-12-17 15:45 - 2014-12-17 15:45 - 00002104 _____ () C:\Users\Michi\Desktop\Blender.lnk
2014-12-17 15:45 - 2014-12-17 15:45 - 00000000 ____D () C:\Users\Michi\.thumbnails
2014-12-17 15:45 - 2014-12-17 15:45 - 00000000 ____D () C:\Program Files (x86)\Blender Foundation
2014-12-17 15:44 - 2014-12-17 15:44 - 53895385 _____ () C:\Users\Michi\Downloads\blender-2.72b-windows32.exe
2014-12-16 17:06 - 2014-12-16 17:06 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-12-12 17:25 - 2014-12-12 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-12-12 17:25 - 2014-12-12 17:25 - 00000000 ____D () C:\ProgramData\ATI
2014-12-12 17:24 - 2014-12-30 13:27 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Raptr
2014-12-12 17:24 - 2014-12-12 17:24 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412121724288180.log
2014-12-12 17:24 - 2014-12-12 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-12 17:24 - 2014-12-12 17:24 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-12 17:23 - 2014-12-12 17:23 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-12 02:45 - 2014-12-12 02:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-11 19:38 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 19:38 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 19:38 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 19:38 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 19:38 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 19:38 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 19:38 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 19:38 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 19:38 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 19:38 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 19:38 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 19:38 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 19:38 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 19:38 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 19:38 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 19:38 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 19:38 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 19:38 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 19:38 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 19:38 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 19:38 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 19:38 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 19:38 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 19:38 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 19:38 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 19:38 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 19:38 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 19:38 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 19:38 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 19:38 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 19:38 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 19:38 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 19:38 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 19:38 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 19:38 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 19:38 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 19:38 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 19:38 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 19:38 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 19:38 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 19:38 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 19:38 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 19:38 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 19:38 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 19:38 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 19:38 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 19:38 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 19:38 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 19:38 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 19:38 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 19:38 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 19:38 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 19:38 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 19:38 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 19:38 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 19:38 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 14:34 - 2014-12-10 14:34 - 00000000 ____D () C:\Users\Michi\Documents\Adobe
2014-12-06 20:18 - 2014-12-06 20:18 - 00000000 ____D () C:\Users\Michi\Documents\CAPCOM
2014-12-06 20:18 - 2014-12-06 20:18 - 00000000 ____D () C:\Users\Michi\AppData\Local\CAPCOM
2014-12-06 15:45 - 2014-12-06 15:48 - 00000000 ____D () C:\Users\Michi\Desktop\3ds max 2010

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 16:04 - 2014-05-05 15:30 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\BitTorrent
2014-12-30 16:02 - 2014-05-02 20:41 - 00000000 ____D () C:\Users\Michi
2014-12-30 15:59 - 2014-05-05 18:05 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Skype
2014-12-30 15:52 - 2009-07-14 04:51 - 00081424 _____ () C:\Windows\setupact.log
2014-12-30 15:47 - 2014-05-10 15:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 15:07 - 2014-05-18 16:38 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 15:07 - 2014-05-18 16:38 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 14:26 - 2014-06-19 19:40 - 01249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\Michi\AppData\Roaming\msvcr90-ruby191.dll
2014-12-30 14:16 - 2014-05-18 16:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-30 13:33 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 13:33 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 13:29 - 2014-05-02 19:34 - 01916946 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 13:25 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 17:56 - 2010-11-21 03:47 - 00239964 _____ () C:\Windows\PFRO.log
2014-12-29 17:23 - 2014-09-13 12:31 - 00000000 ____D () C:\AdwCleaner
2014-12-29 14:19 - 2014-05-02 23:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-29 14:05 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\schemas
2014-12-29 13:15 - 2014-06-30 14:49 - 00000000 ____D () C:\Program Files\Google
2014-12-28 15:06 - 2014-06-30 14:49 - 00000000 ____D () C:\ProgramData\Google
2014-12-28 15:06 - 2014-05-18 16:38 - 00000000 ____D () C:\Users\Michi\AppData\Local\Google
2014-12-28 00:44 - 2014-09-19 16:06 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Audacity
2014-12-27 19:48 - 2014-05-03 15:50 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-12-27 13:51 - 2011-04-12 07:43 - 00709156 _____ () C:\Windows\system32\perfh007.dat
2014-12-27 13:51 - 2011-04-12 07:43 - 00153592 _____ () C:\Windows\system32\perfc007.dat
2014-12-27 13:51 - 2009-07-14 05:13 - 01647256 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 21:55 - 2014-10-19 17:56 - 00000000 ____D () C:\Users\Michi\Downloads\UFC.Fight.Night.54.MacDonald.vs.Saffiedine.HDTV.x264-KOENiG[rarbg]
2014-12-22 16:53 - 2014-06-02 17:15 - 00000000 ____D () C:\ProgramData\Origin
2014-12-22 16:53 - 2014-06-02 17:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-22 16:45 - 2014-05-05 18:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 16:45 - 2014-05-05 18:05 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 15:56 - 2014-05-05 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 15:56 - 2014-05-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-19 15:56 - 2014-05-02 22:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-13 17:16 - 2014-05-02 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 20:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 17:28 - 2014-10-27 16:14 - 00000000 ____D () C:\Users\Michi\Downloads\Raunchy - 2010 - A Discord Electric
2014-12-12 17:27 - 2014-07-17 14:26 - 00000000 ____D () C:\Users\Michi\Downloads\Guilty Pleasures EP
2014-12-12 17:25 - 2014-05-02 22:25 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-12 17:24 - 2014-05-02 22:25 - 00000000 ____D () C:\ProgramData\AMD
2014-12-12 17:19 - 2014-05-02 22:24 - 00000000 ____D () C:\Program Files\AMD
2014-12-12 17:18 - 2014-05-02 22:20 - 00000000 ____D () C:\AMD
2014-12-12 03:07 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:05 - 2014-05-02 20:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:02 - 2014-05-02 20:07 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 23:47 - 2014-05-10 15:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 23:47 - 2014-05-02 21:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 23:47 - 2014-05-02 21:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 17:26 - 2014-05-03 16:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 17:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-10 14:34 - 2014-05-02 20:49 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Adobe
2014-12-07 16:45 - 2014-05-03 16:19 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-06 22:55 - 2014-07-17 14:24 - 00000000 ____D () C:\Users\Michi\Downloads\Hits
2014-12-06 18:17 - 2014-08-20 14:54 - 00000000 ____D () C:\Users\Michi\Downloads\Masters of chill out music vol. 1
2014-12-05 14:18 - 2014-06-02 23:06 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-05 14:17 - 2014-06-02 23:06 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

Some content of TEMP:
====================
C:\Users\Michi\AppData\Local\Temp\AcDeltree.exe
C:\Users\Michi\AppData\Local\Temp\Adobe Photoshop CC 14.2.1 Final.exe
C:\Users\Michi\AppData\Local\Temp\avgnt.exe
C:\Users\Michi\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Michi\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Michi\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Michi\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Michi\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Michi\AppData\Local\Temp\irsetup.exe
C:\Users\Michi\AppData\Local\Temp\ms.exe
C:\Users\Michi\AppData\Local\Temp\PCSpeedMaximizer_new.exe
C:\Users\Michi\AppData\Local\Temp\post1.exe
C:\Users\Michi\AppData\Local\Temp\post2.dll
C:\Users\Michi\AppData\Local\Temp\post2.exe
C:\Users\Michi\AppData\Local\Temp\qms.exe
C:\Users\Michi\AppData\Local\Temp\raptrpatch.exe
C:\Users\Michi\AppData\Local\Temp\raptr_stub.exe
C:\Users\Michi\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Michi\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Michi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Michi\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Michi\AppData\Local\Temp\System.Data.SQLite31694.dll
C:\Users\Michi\AppData\Local\Temp\System.Data.SQLite36998.dll
C:\Users\Michi\AppData\Local\Temp\System.Data.SQLite73094.dll
C:\Users\Michi\AppData\Local\Temp\tmp4B1.exe
C:\Users\Michi\AppData\Local\Temp\tmp7F5C.exe
C:\Users\Michi\AppData\Local\Temp\utt9C03.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 19:12

==================== End Of Log ============================









Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Michi at 2014-12-30 16:05:11
Running from C:\Users\Michi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft Montreal)
Assassin's Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 1.0.59.0 - Autodesk)
Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk Inventor Server Engine for 3ds Max 2015 (HKLM\...\{9167CA34-4E48-49E3-8892-3C439739D2D3}) (Version: 17.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.107.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.107.0 - Autodesk) Hidden
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-462835693-3900197004-2541521047-1000\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-462835693-3900197004-2541521047-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
Command and Conquer 4: Tiberian Twilight (HKLM-x32\...\Steam App 47700) (Version:  - EA Los Angeles)
Cortex Command (HKLM-x32\...\Steam App 209670) (Version:  - Data Realms, LLC)
Crysis Wars (HKLM-x32\...\Steam App 17340) (Version:  - Crytek)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DarkWave Studio 4.4.2 (HKLM-x32\...\DarkWave Studio) (Version: 4.4.2 - ExperimentalScene)
Devil May Cry 4 (HKLM-x32\...\Steam App 45700) (Version:  - Capcom)
Digits VST (HKLM-x32\...\DigitsVst) (Version:  - )
Edirol Super Quartet v1.52 TALiO (HKLM-x32\...\Edirol Super Quartet v1.52 TALiO) (Version:  - )
ENSLAVED™: Odyssey to the West™ Premium Edition (HKLM-x32\...\Steam App 245280) (Version:  - Ninja Theory)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Firebird v2.0 (HKLM-x32\...\Tone2 Firebird_is1) (Version:  - Tone2)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Focusrite Scarlett Plug-in Suite 1.1 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.1 - Focusrite Audio Engineering Ltd.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
FreeRIP MP3 Converter 4.5.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
GlaceVerb 1.01 (HKLM-x32\...\GlaceVerb_is1) (Version:  - Dasample)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Halo: Spartan Assault (HKLM-x32\...\Steam App 277430) (Version:  - Vanguard Games)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Hilfe (HKLM-x32\...\{6B953497-169C-4929-9AA9-A9F510347468}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HybridReverb2 (HKLM-x32\...\{9EBB34E3-C29E-49A8-A95F-C61F3108D37F}_is1) (Version:  - Christian Borß)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Live 8.2.4 (HKLM-x32\...\Live 8.2.4) (Version:  - )
Magrunner: Dark Pulse (HKLM-x32\...\Steam App 209630) (Version:  - Frogwares)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minimum (HKLM-x32\...\Steam App 214190) (Version:  - Human Head Studios)
Montague's Mount (HKLM-x32\...\Steam App 258950) (Version:  - PolyPusher Studios)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version:  - NetherRealm Studios)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
My Game Long Name (HKLM\...\UDK-432abfe7-3be1-4dbe-b924-0ebf09aa1b59) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-7812b37b-084a-49ac-b90f-cb48cd91d239) (Version:  - Epic Games, Inc.)
Native Instruments Abbey Road 60s Drums (HKLM-x32\...\Native Instruments Abbey Road 60s Drums) (Version:  - Native Instruments)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version: 5.2.0.1277 - Native Instruments)
Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Battery Library Importer for Maschine (HKLM-x32\...\Native Instruments Battery Library Importer for Maschine) (Version:  - Native Instruments)
Native Instruments Berlin Concert Grand (HKLM-x32\...\Native Instruments Berlin Concert Grand) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.3.0.1244 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.0.2770 - Native Instruments)
Native Instruments Guitar Rig Mobile IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Mobile IO Driver) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Session IO Driver) (Version:  - Native Instruments)
Native Instruments Komplete 8 (HKLM-x32\...\Native Instruments Komplete 8) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.1.37 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: 1.1.0.6 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.4.0.292 - Native Instruments)
Native Instruments New York Concert Grand (HKLM-x32\...\Native Instruments New York Concert Grand) (Version:  - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version: 2.0.0.4 - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.0.725 - Native Instruments)
Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version: 1.4.0.3 - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Reflektor (HKLM-x32\...\Native Instruments Reflektor) (Version: 2.0.0.1 - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version:  - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Studio Drummer (HKLM-x32\...\Native Instruments Studio Drummer) (Version:  - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Traktors 12 (HKLM-x32\...\Native Instruments Traktors 12) (Version: 2.0.0.2 - Native Instruments)
Native Instruments Transient Master (HKLM-x32\...\Native Instruments Transient Master) (Version:  - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version:  - Native Instruments)
Native Instruments Vienna Concert Grand (HKLM-x32\...\Native Instruments Vienna Concert Grand) (Version:  - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version:  - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version:  - Native Instruments)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
Project Root (HKLM-x32\...\Steam App 284970) (Version:  - OPQAM)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razor2: Hidden Skies (HKLM-x32\...\Steam App 34920) (Version:  - Invent4 Entertainment)
RgcAudio z3ta Plus DXi VSTi  v1.41 (HKLM-x32\...\RgcAudio z3ta Plus DXi VSTi  v1.41) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Space Hulk (HKLM-x32\...\Steam App 242570) (Version:  - Full Control Studios)
SpinAudio RoomVerb M2 2.0  (HKLM-x32\...\RoomVerb M2 2.0) (Version:  - )
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - Raven Software)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Storm (HKLM-x32\...\Steam App 231020) (Version:  - Eko Software)
Strike Suit Zero: Director's Cut (HKLM-x32\...\Steam App 288370) (Version:  - Born Ready Games)
Strike Vector (HKLM-x32\...\Steam App 246700) (Version:  - Ragequit Corporation)
Sugar Bytes Cyclop 1.0.1 (HKLM\...\Cyclop_is1) (Version: 1.0.1 - Sugar Bytes)
SyncerSoft Bass Landscapes VST (HKLM-x32\...\SyncerSoft Bass Landscapes VST) (Version:  - )
SynthMaster 2.6 VST/VSTi/RTAS/AAX Software Synthesizer Update version 2.6.16 (HKLM-x32\...\{724D6BD0-88D0-4354-A124-6EE4D36E9EF2}_is1) (Version: 2.6.16 - KV331 Audio)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
Transformers: Fall of Cybertron (HKLM-x32\...\Steam App 213120) (Version:  - Mercenary Technologies)
Viking: Battle for Asgard (HKLM-x32\...\Steam App 211160) (Version:  - Creative Assembly, PC Port - Hardlight)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.9w3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
X Rebirth (HKLM-x32\...\Steam App 2870) (Version:  - Egosoft)
ZeroVector 1.0 DEMO (HKLM-x32\...\ZeroVector DEMO_is1) (Version: 1.0 - White Noise Audio Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-462835693-3900197004-2541521047-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll No File
CustomCLSID: HKU\S-1-5-21-462835693-3900197004-2541521047-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Michi\AppData\Roaming\ernden\berdis.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-462835693-3900197004-2541521047-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll No File
CustomCLSID: HKU\S-1-5-21-462835693-3900197004-2541521047-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files (x86)\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-462835693-3900197004-2541521047-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll No File

==================== Restore Points  =========================

19-12-2014 03:00:20 Windows Update
26-12-2014 21:45:15 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F36BE78-C63D-4AB1-8E6A-4CC67D176994} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4E3D94C2-4702-4CAB-B7FD-8522BE4BAB33} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {519547C8-B35C-430B-BF5D-51035F2EFE74} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {5BAB867D-1BAA-4CAE-8C6D-54F46872D3DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {9F345E82-A6DF-4C25-B6AD-69E6E6F4733D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {B716C6DB-D956-405E-ADC6-9CB5ED3652A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-17 21:32 - 2014-11-17 21:32 - 00145920 _____ () C:\Users\Michi\AppData\Roaming\ernden\berdis.dll
2014-06-02 23:06 - 2014-12-05 14:18 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-06 19:37 - 2014-08-14 17:41 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-03-19 08:21 - 2014-03-19 08:21 - 19000952 _____ () C:\Program Files (x86)\Image-Line\Shared\dsp_ipp_x64.dll
2013-03-13 08:46 - 2013-03-13 08:46 - 00806520 _____ () C:\Program Files (x86)\Image-Line\Shared\QuickFontCache_x64.dll
2012-09-25 08:20 - 2012-09-25 08:20 - 00607352 _____ () C:\Program Files (x86)\Image-Line\Shared\freetype_x64.dll
2014-05-28 14:21 - 2013-12-22 06:22 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-05-28 14:21 - 2013-12-22 06:22 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-11-17 21:32 - 2014-11-17 21:32 - 00122880 _____ () C:\Users\Michi\AppData\Roaming\ernden\rewardca.dll
2010-11-22 22:56 - 2010-11-22 22:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 23:26 - 2014-05-13 23:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 23:26 - 2014-05-13 23:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 23:26 - 2014-05-13 23:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 23:26 - 2014-05-13 23:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 22:57 - 2010-11-22 22:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 22:56 - 2010-11-22 22:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 22:57 - 2010-11-22 22:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 22:57 - 2010-11-22 22:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 18:17 - 2011-02-15 18:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 22:57 - 2010-11-22 22:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 23:26 - 2014-05-13 23:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 22:57 - 2010-11-22 22:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 00:37 - 2014-08-14 00:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 00:37 - 2014-08-14 00:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 22:56 - 2010-11-22 22:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 22:57 - 2010-11-22 22:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 00:05 - 2013-11-21 00:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2014-12-30 13:26 - 2013-12-22 06:22 - 00104328 _____ () C:\Users\Michi\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2010-11-22 22:57 - 2010-11-22 22:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 00:56 - 2014-06-18 00:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 18:17 - 2011-02-15 18:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 23:06 - 2010-11-22 23:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 23:52 - 2013-05-09 23:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 23:52 - 2013-05-09 23:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 23:52 - 2013-05-09 23:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 18:56 - 2013-05-03 18:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 18:56 - 2013-05-03 18:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 18:56 - 2013-05-03 18:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2013-12-11 15:49 - 2013-12-11 15:49 - 00184400 _____ () C:\Program Files (x86)\avira\Internet Explorer\avira32.dll
2014-12-12 02:46 - 2014-12-12 02:46 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Michi\Downloads\Weihnachtswünsche vom Selbsthilfecenter.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-462835693-3900197004-2541521047-500 - Administrator - Disabled)
ASPNET (S-1-5-21-462835693-3900197004-2541521047-1004 - Limited - Enabled)
Gast (S-1-5-21-462835693-3900197004-2541521047-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-462835693-3900197004-2541521047-1002 - Limited - Enabled)
Michi (S-1-5-21-462835693-3900197004-2541521047-1000 - Administrator - Enabled) => C:\Users\Michi

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2014 01:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 02:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17496, Zeitstempel: 0x546fdf97
Name des fehlerhaften Moduls: berdis.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x546a6975
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fef4e41f4c
ID des fehlerhaften Prozesses: 0x17c4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (12/30/2014 00:18:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 07:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17496, Zeitstempel: 0x546ff2f9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0008d360
ID des fehlerhaften Prozesses: 0x3cc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (12/29/2014 05:58:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 05:53:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1d2c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (12/29/2014 05:53:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 34.0.5.5443 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c1c

Startzeit: 01d0238fe26f1256

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:

Error: (12/29/2014 05:50:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x644
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (12/29/2014 05:50:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 34.0.5.5443 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1770

Startzeit: 01d0238ea916d818

Endzeit: 28

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:

Error: (12/29/2014 05:38:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 14.0.7.462 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1dfc

Startzeit: 01d0238dfa7dc4bf

Endzeit: 51302

Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

Berichts-ID: 55e2d6f1-8f81-11e4-b49f-e0cb4e5e1605


System errors:
=============
Error: (12/30/2014 03:51:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/30/2014 03:51:36 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/30/2014 03:01:21 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/30/2014 02:56:23 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/30/2014 02:32:53 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (12/30/2014 02:27:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/30/2014 02:27:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/30/2014 02:20:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/30/2014 02:19:57 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (12/30/2014 02:19:49 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (12/30/2014 01:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2014 02:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17496546fdf97berdis.dll_unloaded0.0.0.0546a6975c0000005000007fef4e41f4c17c401d023d588740820C:\Program Files\Internet Explorer\iexplore.exeberdis.dlldd50f2f5-8fc8-11e4-84cf-e0cb4e5e1605

Error: (12/30/2014 00:18:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 07:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccMSHTML.dll11.0.9600.17496546ff2f9c00000050008d3603cc01d023963a32bc08C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll1fbb4a90-8f95-11e4-a98d-e0cb4e5e1605

Error: (12/29/2014 05:58:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 05:53:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014251d2c01d0238fe4b70f13C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9f73f587-8f83-11e4-b49f-e0cb4e5e1605

Error: (12/29/2014 05:53:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.54431c1c01d0238fe26f125615C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (12/29/2014 05:50:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d664800000030000142564401d0238fb21cac94C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1c6bb66d-8f83-11e4-b49f-e0cb4e5e1605

Error: (12/29/2014 05:50:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.5443177001d0238ea916d81828C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (12/29/2014 05:38:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avscan.exe14.0.7.4621dfc01d0238dfa7dc4bf51302C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe55e2d6f1-8f81-11e4-b49f-e0cb4e5e1605


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 53%
Total physical RAM: 4087.05 MB
Available physical RAM: 1908.08 MB
Total Pagefile: 8172.28 MB
Available Pagefile: 4880.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:496.16 GB) NTFS
Drive d: (PRIDE_13) (CDROM) (Total:7.35 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1AFFE1DF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================





Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-30 16:24:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8 SAMSUNG_HD103SJ rev.1AJ100E4 931.51GB
Running: Gmer-19357.exe; Driver: C:\Users\Michi\AppData\Local\Temp\pxldypog.sys


---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [9060:8908]                                                                      00000000061da96f
---- Processes - GMER 2.1 ----

Library  C:\Users\Michi\AppData\Roaming\ernden\berdis.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1776](2014-11-17 21:32:38)            000007fef3b10000
Library  C:\Users\Michi\AppData\Roaming\ernden\berdis.dll (*** suspicious ***) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [5912](2014-11  000007fef3b10000

---- EOF - GMER 2.1 ----

schrauber 30.12.2014 18:49
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

FM8 31.12.2014 15:07
voila:

zu bemerken:
ich hatte avira zwar deaktiviert (echtzeitscanner auf aus) trotzdem hatte es sich gemeldet als combofix aufstartete.



Code:
ComboFix 14-12-30.01 - Michi 30.12.2014  18:15:43.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.41.1031.18.4087.2726 [GMT 0:00]
ausgeführt von:: c:\users\Michi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michi\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-11-28 bis 2014-12-30  ))))))))))))))))))))))))))))))
.
.
2014-12-30 18:27 . 2014-12-30 18:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-12-30 16:03 . 2014-12-30 16:06        --------        d-----w-        C:\FRST
2014-12-29 13:40 . 2014-12-29 13:40        --------        d-----w-        c:\programdata\Malwarebytes
2014-12-27 19:48 . 2014-12-27 19:52        --------        d-----w-        c:\users\Michi\AppData\Roaming\Glitchmachines
2014-12-27 13:53 . 2014-12-29 13:38        --------        d-----w-        c:\users\Michi\AppData\Roaming\ernden
2014-12-25 22:01 . 2014-12-28 15:07        --------        d-----w-        c:\users\Michi\AppData\Local\Opera Software
2014-12-25 22:00 . 2014-12-28 15:07        --------        d-----w-        c:\users\Michi\AppData\Roaming\Opera Software
2014-12-25 21:59 . 2014-12-28 15:07        --------        d-----w-        c:\program files (x86)\Opera
2014-12-18 14:37 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-18 14:37 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-17 15:47 . 2014-12-17 17:27        --------        d-----w-        C:\tmp
2014-12-17 15:45 . 2014-12-17 15:45        --------        d-----w-        c:\users\Michi\.thumbnails
2014-12-17 15:45 . 2014-12-17 15:45        --------        d-----w-        c:\program files (x86)\Blender Foundation
2014-12-16 17:06 . 2014-12-16 17:06        --------        d-----w-        c:\program files (x86)\Lame For Audacity
2014-12-12 17:25 . 2014-12-12 17:25        --------        d-----w-        c:\programdata\ATI
2014-12-12 17:24 . 2014-12-30 17:26        --------        d-----w-        c:\users\Michi\AppData\Roaming\Raptr
2014-12-12 17:24 . 2014-12-12 17:24        --------        d-----w-        c:\program files (x86)\AMD AVT
2014-12-12 17:23 . 2014-12-12 17:23        --------        d-----w-        c:\program files (x86)\AMD
2014-12-06 20:18 . 2014-12-06 20:18        --------        d-----w-        c:\users\Michi\AppData\Local\CAPCOM
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-30 14:26 . 2014-06-19 19:40        1249792        ----a-w-        c:\users\Michi\AppData\Roaming\msvcr90-ruby191.dll
2014-12-12 03:02 . 2014-05-02 20:07        112710672        ----a-w-        c:\windows\system32\MRT.exe
2014-12-11 23:47 . 2014-05-02 21:23        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 23:47 . 2014-05-02 21:23        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-05 14:18 . 2014-06-02 23:06        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2014-12-05 14:17 . 2014-06-02 23:06        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2014-11-21 02:44 . 2014-11-21 02:44        78432        ----a-w-        c:\windows\system32\atimpc64.dll
2014-11-21 02:44 . 2014-11-21 02:44        78432        ----a-w-        c:\windows\system32\amdpcom64.dll
2014-11-21 02:44 . 2014-11-21 02:44        71704        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2014-11-21 02:44 . 2014-11-21 02:44        71704        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2014-11-21 02:44 . 2014-04-18 02:43        144328        ----a-w-        c:\windows\system32\atiuxp64.dll
2014-11-21 02:44 . 2014-04-18 02:42        126848        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2014-11-21 02:44 . 2014-04-18 02:42        118096        ----a-w-        c:\windows\system32\atiu9p64.dll
2014-11-21 02:44 . 2014-04-18 02:42        100032        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2014-11-21 02:44 . 2014-04-18 02:42        1348928        ----a-w-        c:\windows\system32\aticfx64.dll
2014-11-21 02:44 . 2014-04-18 02:42        1127496        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2014-11-21 02:44 . 2014-04-18 02:42        11076784        ----a-w-        c:\windows\system32\atidxx64.dll
2014-11-21 02:44 . 2014-04-18 02:42        9401480        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2014-11-21 02:43 . 2014-04-18 02:42        7558816        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2014-11-21 02:43 . 2014-04-18 02:42        7077776        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2014-11-21 02:43 . 2014-04-18 02:42        8379720        ----a-w-        c:\windows\system32\atiumd6a.dll
2014-11-21 02:43 . 2014-04-18 02:42        8369408        ----a-w-        c:\windows\system32\atiumd64.dll
2014-11-21 02:41 . 2014-11-21 02:41        294600        ----a-w-        c:\windows\system32\drivers\amdacpksd.sys
2014-11-21 02:40 . 2014-11-21 02:40        18959360        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2014-11-21 02:33 . 2014-11-21 02:33        235008        ----a-w-        c:\windows\system32\clinfo.exe
2014-11-21 02:33 . 2014-11-21 02:33        98816        ----a-w-        c:\windows\system32\OpenVideo64.dll
2014-11-21 02:33 . 2014-11-21 02:33        83456        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2014-11-21 02:33 . 2014-11-21 02:33        86528        ----a-w-        c:\windows\system32\OVDecode64.dll
2014-11-21 02:33 . 2014-11-21 02:33        73216        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2014-11-21 02:33 . 2014-11-21 02:33        47899136        ----a-w-        c:\windows\system32\amdocl64.dll
2014-11-21 02:32 . 2014-11-21 02:32        40987136        ----a-w-        c:\windows\SysWow64\amdocl.dll
2014-11-21 02:31 . 2014-11-21 02:31        65024        ----a-w-        c:\windows\system32\OpenCL.dll
2014-11-21 02:31 . 2014-11-21 02:31        58880        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2014-11-21 02:24 . 2014-11-21 02:24        28354560        ----a-w-        c:\windows\system32\atio6axx.dll
2014-11-21 02:19 . 2014-11-21 02:19        23621632        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2014-11-21 02:19 . 2014-11-21 02:19        49664        ----a-w-        c:\windows\system32\amdmmcl6.dll
2014-11-21 02:19 . 2014-11-21 02:19        38912        ----a-w-        c:\windows\SysWow64\amdmmcl.dll
2014-11-21 02:18 . 2014-11-21 02:18        127488        ----a-w-        c:\windows\system32\mantle64.dll
2014-11-21 02:18 . 2014-11-21 02:18        113664        ----a-w-        c:\windows\SysWow64\mantle32.dll
2014-11-21 02:18 . 2014-11-21 02:18        5837312        ----a-w-        c:\windows\system32\amdmantle64.dll
2014-11-21 02:17 . 2014-11-21 02:17        367104        ----a-w-        c:\windows\system32\atiapfxx.exe
2014-11-21 02:17 . 2014-11-21 02:17        62464        ----a-w-        c:\windows\system32\aticalrt64.dll
2014-11-21 02:17 . 2014-11-21 02:17        52224        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2014-11-21 02:16 . 2014-11-21 02:16        55808        ----a-w-        c:\windows\system32\aticalcl64.dll
2014-11-21 02:16 . 2014-11-21 02:16        49152        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2014-11-21 02:16 . 2014-11-21 02:16        15716352        ----a-w-        c:\windows\system32\aticaldd64.dll
2014-11-21 02:16 . 2014-11-21 02:16        14302208        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2014-11-21 02:15 . 2014-11-21 02:15        4590592        ----a-w-        c:\windows\SysWow64\amdmantle32.dll
2014-11-21 02:13 . 2014-11-21 02:13        91648        ----a-w-        c:\windows\system32\mantleaxl64.dll
2014-11-21 02:13 . 2014-11-21 02:13        85504        ----a-w-        c:\windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12 . 2014-11-21 02:12        31232        ----a-w-        c:\windows\system32\atimuixx.dll
2014-11-21 02:12 . 2014-04-18 01:30        442368        ----a-w-        c:\windows\system32\atidemgy.dll
2014-11-21 02:12 . 2014-11-21 02:12        774656        ----a-w-        c:\windows\system32\atieclxx.exe
2014-11-21 02:12 . 2014-11-21 02:12        244736        ----a-w-        c:\windows\system32\atiesrxx.exe
2014-11-21 02:12 . 2014-11-21 02:12        190976        ----a-w-        c:\windows\system32\atitmm64.dll
2014-11-21 02:10 . 2014-11-21 02:10        843776        ----a-w-        c:\windows\system32\coinst_14.50.dll
2014-11-21 02:09 . 2014-04-18 01:09        1214976        ----a-w-        c:\windows\system32\atiadlxx.dll
2014-11-21 02:09 . 2014-11-21 02:09        903168        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2014-11-21 02:09 . 2014-11-21 02:09        75264        ----a-w-        c:\windows\system32\atig6pxx.dll
2014-11-21 02:09 . 2014-11-21 02:09        69632        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2014-11-21 02:09 . 2014-11-21 02:09        69632        ----a-w-        c:\windows\system32\atiglpxx.dll
2014-11-21 02:08 . 2014-11-21 02:08        146944        ----a-w-        c:\windows\system32\atig6txx.dll
2014-11-21 02:08 . 2014-11-21 02:08        133632        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2014-11-21 02:08 . 2014-11-21 02:08        589312        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2014-11-21 02:08 . 2014-11-21 02:08        43520        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2014-11-20 21:36 . 2014-11-20 21:36        51200        ----a-w-        c:\windows\system32\kdbsdk64.dll
2014-11-20 21:35 . 2014-11-20 21:35        38912        ----a-w-        c:\windows\SysWow64\kdbsdk32.dll
2014-11-11 03:08 . 2014-11-19 15:24        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 15:24        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 15:24        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 15:24        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-10-27 23:11 . 2014-10-27 23:11        669184        ----a-w-        c:\windows\SysWow64\pbsvc.exe
2014-10-25 01:57 . 2014-11-12 22:26        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 22:26        67584        ----a-w-        c:\windows\SysWow64\packager.dll
2014-10-24 22:33 . 2014-06-03 17:45        348928        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2014-10-24 22:32 . 2014-06-02 23:06        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2014-10-18 02:05 . 2014-11-12 22:26        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 22:26        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 22:29        155064        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 22:29        683520        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-14 02:12 . 2014-11-12 22:29        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 22:29        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 22:29        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 22:29        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-10-14 01:49 . 2014-11-12 22:29        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 22:29        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 22:29        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 22:26        3198976        ----a-w-        c:\windows\system32\win32k.sys
2014-10-09 12:50 . 2014-05-05 20:41        43064        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-10-09 12:50 . 2014-05-05 14:39        131608        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-10-09 12:50 . 2014-05-05 14:39        119272        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-10-03 02:12 . 2014-11-12 22:26        500224        ----a-w-        c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 22:26        284672        ----a-w-        c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 22:26        680960        ----a-w-        c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 22:26        440832        ----a-w-        c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 22:26        296448        ----a-w-        c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 22:26        442880        ----a-w-        c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 22:26        374784        ----a-w-        c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 22:26        195584        ----a-w-        c:\windows\SysWow64\AudioSes.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A18A516C-AA41-46A9-92DB-60208917E442}]
2013-12-11 15:49        184400        ----a-w-        c:\program files (x86)\Avira\Internet Explorer\avira32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\Michi\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-11-26 1388888]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2013-12-22 477064]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-12-08 55568]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rig3avs;Rig Kontrol 3 WDM Audio;c:\windows\system32\Drivers\rig3avs.sys;c:\windows\SYSNATIVE\Drivers\rig3avs.sys [x]
R3 rig3usb_svc;Rig Kontrol 3;c:\windows\system32\Drivers\rig3usb.sys;c:\windows\SYSNATIVE\Drivers\rig3usb.sys [x]
R3 SaiK1703;SaiK1703;c:\windows\system32\DRIVERS\SaiK1703.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1703.sys [x]
R3 SaiU1703;SaiU1703;c:\windows\system32\DRIVERS\SaiU1703.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1703.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-02 23:47]
.
2014-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-18 16:38]
.
2014-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-18 16:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.ch/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49166;https=127.0.0.1:49166
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ch
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-462835693-3900197004-2541521047-1000\Software\SecuROM\License information*]
"datasecu"=hex:9a,d7,d0,75,10,b0,96,41,a3,05,20,40,bf,97,20,8e,58,b9,b6,5c,e0,
  83,cc,96,d5,6f,f4,0a,c7,f2,8d,be,3d,1a,37,44,f5,4e,6f,a6,38,4e,87,8c,ee,f1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Tablet\Wacom\WacomHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-30  18:41:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-12-30 18:41
.
Vor Suchlauf: 10 Verzeichnis(se), 532'438'679'552 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 540'041'314'304 Bytes frei
.
- - End Of File - - ED7B507162F52A1B22A91879F87CA9B5
A36C5E4F47E84449FF07ED3517B43A31
Hallo Schrauber

Ich hoffe das fällt nicht unter drängeln, aber das Problem besteht weiterhin. Nachdem ich gestern schon gefrohlockt habe als nach combofix das Zeug wegwar, ist es heute wieder aufgetaucht.

Danke für deine Mühe.

schrauber 31.12.2014 18:20
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

FM8 02.01.2015 20:46
prosit neujahr!

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 02.01.2015
Suchlauf-Zeit: 18:08:20
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.02.06
Rootkit Datenbank: v2014.12.30.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Michi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 421917
Verstrichene Zeit: 11 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)



Code:
# AdwCleaner v4.106 - Bericht erstellt am 02/01/2015 um 19:20:23
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-01.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Michi - M-PC
# Gestartet von : C:\Users\Michi\Desktop\AdwCleaner_4.106(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKLM\SOFTWARE\{6CC4BF79-7708-4ECB-8F2B-A11264A67989}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [6825 octets] - [13/09/2014 12:31:49]
AdwCleaner[R1].txt - [2394 octets] - [02/12/2014 15:19:04]
AdwCleaner[R2].txt - [1323 octets] - [29/12/2014 17:22:08]
AdwCleaner[R3].txt - [1270 octets] - [02/01/2015 19:07:52]
AdwCleaner[S0].txt - [6131 octets] - [13/09/2014 12:32:49]
AdwCleaner[S1].txt - [2164 octets] - [02/12/2014 15:20:19]
AdwCleaner[S2].txt - [1143 octets] - [02/01/2015 19:20:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1203 octets] ##########


Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Michi on 02.01.2015 at 19:33:40.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\freerip"



~~~ FireFox

Emptied folder: C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\mvilhog4.default\minidumps [43 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.01.2015 at 19:36:45.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015
Ran by Michi (administrator) on M-PC on 02-01-2015 19:40:14
Running from C:\Users\Michi\Desktop
Loaded Profile: Michi (Available profiles: Michi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(BitTorrent Inc.) C:\Users\Michi\AppData\Roaming\BitTorrent\BitTorrent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Autodesk Inc.) C:\Users\Michi\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Michi\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\...\Run: [BitTorrent] => C:\Users\Michi\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-462835693-3900197004-2541521047-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-462835693-3900197004-2541521047-1000] => 0.0.0.0:80
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-462835693-3900197004-2541521047-1000 -> {4E3248B4-A162-49C4-996F-6961CB82D93C} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default
FF Homepage: https://www.google.ch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Avira Browser Safety - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Avira Savings Advisor - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default\Extensions\ciuvo-extension@avira.de [2014-05-05]
FF Extension: No Youtube Comments - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default\Extensions\jid1-YMBCq41qvDdqcA@jetpack.xpi [2014-05-22]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-18]
CHR Extension: (Google Drive) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Google-Suche) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Google Wallet) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (Google Mail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-30] ()
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [648472 2014-08-14] (Wacom Technology, Corp.)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-25] (Disc Soft Ltd)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 rig3avs; C:\Windows\System32\Drivers\rig3avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 rig3usb_svc; C:\Windows\System32\Drivers\rig3usb.sys [100200 2012-12-18] (Native Instruments GmbH)
S3 SaiK1703; C:\Windows\System32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek)
S3 SaiU1703; C:\Windows\System32\DRIVERS\SaiU1703.sys [47168 2012-09-20] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 19:40 - 2015-01-02 19:40 - 00013610 _____ () C:\Users\Michi\Desktop\FRST.txt
2015-01-02 19:39 - 2015-01-02 19:39 - 02123264 _____ (Farbar) C:\Users\Michi\Desktop\FRST64(1).exe
2015-01-02 19:36 - 2015-01-02 19:37 - 00000914 _____ () C:\Users\Michi\Desktop\JRT.txt
2015-01-02 19:33 - 2015-01-02 19:33 - 00000000 ____D () C:\Windows\ERUNT
2015-01-02 19:32 - 2015-01-02 19:32 - 01707939 _____ (Thisisu) C:\Users\Michi\Desktop\JRT.exe
2015-01-02 19:20 - 2015-01-02 19:24 - 00001283 _____ () C:\Users\Michi\Desktop\AdwCleaner[S2].txt
2015-01-02 19:06 - 2015-01-02 19:06 - 02173952 _____ () C:\Users\Michi\Downloads\AdwCleaner_4.106(2).exe
2015-01-02 19:06 - 2015-01-02 19:06 - 02173952 _____ () C:\Users\Michi\Desktop\AdwCleaner_4.106(1).exe
2015-01-02 17:55 - 2015-01-02 19:05 - 00001201 _____ () C:\Users\Michi\Desktop\MBAM.txt
2015-01-02 17:23 - 2015-01-02 19:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-02 17:22 - 2015-01-02 17:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-02 17:22 - 2015-01-02 17:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-02 17:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-02 17:22 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-02 17:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 17:21 - 2015-01-02 17:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-01-01 22:01 - 2015-01-01 22:01 - 00000000 ____D () C:\VstPlugins
2015-01-01 21:59 - 2015-01-01 21:59 - 09473607 _____ () C:\Users\Michi\Downloads\Hive3284Win.zip
2015-01-01 16:58 - 2015-01-01 21:46 - 00000000 ____D () C:\Users\Michi\AppData\Local\Bitwig Studio
2015-01-01 16:58 - 2015-01-01 16:58 - 00000000 ____D () C:\Users\Michi\Documents\Bitwig Studio
2015-01-01 16:57 - 2015-01-01 16:57 - 00002541 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitwig Studio.lnk
2015-01-01 16:57 - 2015-01-01 16:57 - 00000000 ____D () C:\Program Files (x86)\Bitwig Studio
2015-01-01 16:53 - 2015-01-01 16:54 - 131084288 _____ () C:\Users\Michi\Downloads\Bitwig Studio 1.1.3.msi
2014-12-31 17:45 - 2014-12-31 17:49 - 00000000 ____D () C:\Users\Michi\Documents\Battlefield 4
2014-12-30 21:05 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-12-30 21:05 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-30 21:05 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-30 21:05 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-12-30 21:04 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-12-30 21:04 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-12-30 21:04 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-12-30 21:04 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-30 21:04 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-30 21:04 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-12-30 21:04 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-30 21:04 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-12-30 21:04 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-12-30 21:04 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-12-30 21:04 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-12-30 21:04 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-12-30 21:04 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-12-30 21:04 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-12-30 21:04 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-12-30 18:41 - 2014-12-30 18:41 - 00024378 _____ () C:\ComboFix.txt
2014-12-30 18:13 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-30 18:13 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-30 18:13 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-30 18:13 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-30 18:13 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-30 18:13 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-30 18:13 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-30 18:13 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-30 18:12 - 2014-12-30 18:41 - 00000000 ____D () C:\Qoobox
2014-12-30 18:12 - 2014-12-30 18:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-30 16:03 - 2015-01-02 19:40 - 00000000 ____D () C:\FRST
2014-12-30 16:03 - 2014-12-30 16:03 - 02123264 _____ (Farbar) C:\Users\Michi\Downloads\FRST64.exe
2014-12-30 16:02 - 2014-12-30 16:02 - 00000168 _____ () C:\Users\Michi\defogger_reenable
2014-12-30 16:01 - 2014-12-30 16:01 - 00050477 _____ () C:\Users\Michi\Downloads\Defogger.exe
2014-12-30 15:58 - 2014-12-30 15:59 - 00000000 ____D () C:\Users\Michi\Desktop\Neuer Ordner
2014-12-29 17:21 - 2014-12-29 17:21 - 02173952 _____ () C:\Users\Michi\Downloads\adwcleaner_4.106.exe
2014-12-29 13:40 - 2014-12-29 13:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-29 13:40 - 2014-12-29 13:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 19:48 - 2014-12-27 19:52 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Glitchmachines
2014-12-27 19:46 - 2014-12-27 19:47 - 09933002 _____ () C:\Users\Michi\Downloads\GM_HYSTERESIS.zip
2014-12-27 19:46 - 2014-12-27 19:47 - 09933002 _____ () C:\Users\Michi\Downloads\GM_HYSTERESIS (1).zip
2014-12-27 13:59 - 2014-12-27 14:01 - 89173025 _____ () C:\Users\Michi\Downloads\DSK_Overture.zip
2014-12-27 13:53 - 2014-12-29 13:38 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\ernden
2014-12-25 22:01 - 2014-12-28 15:07 - 00000000 ____D () C:\Users\Michi\AppData\Local\Opera Software
2014-12-25 22:00 - 2014-12-28 15:07 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Opera Software
2014-12-25 21:59 - 2014-12-28 15:07 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-25 17:36 - 2014-12-25 17:36 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 16:37 - 2014-12-19 16:37 - 01180819 _____ () C:\Users\Michi\Downloads\Weihnachtswünsche vom Selbsthilfecenter.eml
2014-12-18 14:37 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 14:37 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 15:47 - 2014-12-17 17:27 - 00000000 ____D () C:\tmp
2014-12-17 15:45 - 2014-12-17 15:45 - 00002104 _____ () C:\Users\Michi\Desktop\Blender.lnk
2014-12-17 15:45 - 2014-12-17 15:45 - 00000000 ____D () C:\Users\Michi\.thumbnails
2014-12-17 15:45 - 2014-12-17 15:45 - 00000000 ____D () C:\Program Files (x86)\Blender Foundation
2014-12-17 15:44 - 2014-12-17 15:44 - 53895385 _____ () C:\Users\Michi\Downloads\blender-2.72b-windows32.exe
2014-12-16 17:06 - 2014-12-16 17:06 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-12-12 17:25 - 2014-12-12 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-12-12 17:25 - 2014-12-12 17:25 - 00000000 ____D () C:\ProgramData\ATI
2014-12-12 17:24 - 2015-01-02 19:25 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Raptr
2014-12-12 17:24 - 2014-12-12 17:24 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412121724288180.log
2014-12-12 17:24 - 2014-12-12 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-12 17:24 - 2014-12-12 17:24 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-12 17:23 - 2014-12-12 17:23 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-12 02:45 - 2014-12-12 02:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-11 19:38 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 19:38 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 19:38 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 19:38 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 19:38 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 19:38 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 19:38 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 19:38 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 19:38 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 19:38 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 19:38 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 19:38 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 19:38 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 19:38 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 19:38 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 19:38 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 19:38 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 19:38 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 19:38 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 19:38 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 19:38 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 19:38 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 19:38 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 19:38 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 19:38 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 19:38 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 19:38 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 19:38 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 19:38 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 19:38 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 19:38 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 19:38 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 19:38 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 19:38 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 19:38 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 19:38 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 19:38 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 19:38 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 19:38 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 19:38 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 19:38 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 19:38 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 19:38 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 19:38 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 19:38 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 19:38 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 19:38 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 19:38 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 19:38 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 19:38 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 19:38 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 19:38 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 19:38 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 19:38 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 19:38 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 19:38 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 14:34 - 2014-12-10 14:34 - 00000000 ____D () C:\Users\Michi\Documents\Adobe
2014-12-06 20:18 - 2014-12-06 20:18 - 00000000 ____D () C:\Users\Michi\Documents\CAPCOM
2014-12-06 20:18 - 2014-12-06 20:18 - 00000000 ____D () C:\Users\Michi\AppData\Local\CAPCOM
2014-12-06 15:45 - 2014-12-06 15:48 - 00000000 ____D () C:\Users\Michi\Desktop\3ds max 2010

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 19:40 - 2014-05-05 15:30 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\BitTorrent
2015-01-02 19:38 - 2014-05-05 18:05 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Skype
2015-01-02 19:31 - 2014-09-13 12:31 - 00000000 ____D () C:\AdwCleaner
2015-01-02 19:31 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-02 19:31 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 19:27 - 2014-05-02 19:34 - 02023032 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 19:22 - 2014-05-18 16:38 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 19:21 - 2010-11-21 03:47 - 00242664 _____ () C:\Windows\PFRO.log
2015-01-02 19:21 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-02 19:21 - 2009-07-14 04:51 - 00083776 _____ () C:\Windows\setupact.log
2015-01-02 19:07 - 2014-05-18 16:38 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 18:47 - 2014-05-10 15:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 22:01 - 2014-05-03 15:50 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-01-01 17:32 - 2014-05-02 23:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-31 23:35 - 2014-06-02 17:15 - 00000000 ____D () C:\ProgramData\Origin
2014-12-31 23:34 - 2014-06-02 17:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-31 23:28 - 2014-06-02 17:42 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-31 23:28 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-31 18:25 - 2014-06-03 20:21 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-31 17:53 - 2014-06-03 17:45 - 00000000 ____D () C:\Users\Michi\AppData\Local\PunkBuster
2014-12-31 17:53 - 2014-06-02 23:06 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-31 14:14 - 2014-06-19 19:40 - 01249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\Michi\AppData\Roaming\msvcr90-ruby191.dll
2014-12-30 21:06 - 2014-06-02 23:06 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-12-30 21:06 - 2014-06-02 23:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-30 21:06 - 2014-05-02 22:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-30 21:04 - 2014-05-03 22:37 - 00739309 _____ () C:\Windows\DirectX.log
2014-12-30 18:41 - 2014-05-29 16:12 - 00000000 ____D () C:\Users\Library
2014-12-30 18:41 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2014-12-30 18:31 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-30 16:02 - 2014-05-02 20:41 - 00000000 ____D () C:\Users\Michi
2014-12-30 14:16 - 2014-05-18 16:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-29 14:05 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\schemas
2014-12-29 13:15 - 2014-06-30 14:49 - 00000000 ____D () C:\Program Files\Google
2014-12-28 15:06 - 2014-06-30 14:49 - 00000000 ____D () C:\ProgramData\Google
2014-12-28 15:06 - 2014-05-18 16:38 - 00000000 ____D () C:\Users\Michi\AppData\Local\Google
2014-12-28 00:44 - 2014-09-19 16:06 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Audacity
2014-12-27 13:51 - 2011-04-12 07:43 - 00709156 _____ () C:\Windows\system32\perfh007.dat
2014-12-27 13:51 - 2011-04-12 07:43 - 00153592 _____ () C:\Windows\system32\perfc007.dat
2014-12-27 13:51 - 2009-07-14 05:13 - 01647256 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 21:55 - 2014-10-19 17:56 - 00000000 ____D () C:\Users\Michi\Downloads\UFC.Fight.Night.54.MacDonald.vs.Saffiedine.HDTV.x264-KOENiG[rarbg]
2014-12-22 16:45 - 2014-05-05 18:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 16:45 - 2014-05-05 18:05 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 15:56 - 2014-05-05 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 15:56 - 2014-05-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-13 17:16 - 2014-05-02 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 20:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 17:28 - 2014-10-27 16:14 - 00000000 ____D () C:\Users\Michi\Downloads\Raunchy - 2010 - A Discord Electric
2014-12-12 17:27 - 2014-07-17 14:26 - 00000000 ____D () C:\Users\Michi\Downloads\Guilty Pleasures EP
2014-12-12 17:25 - 2014-05-02 22:25 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-12 17:24 - 2014-05-02 22:25 - 00000000 ____D () C:\ProgramData\AMD
2014-12-12 17:19 - 2014-05-02 22:24 - 00000000 ____D () C:\Program Files\AMD
2014-12-12 17:18 - 2014-05-02 22:20 - 00000000 ____D () C:\AMD
2014-12-12 03:07 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:05 - 2014-05-02 20:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:02 - 2014-05-02 20:07 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 23:47 - 2014-05-10 15:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 23:47 - 2014-05-02 21:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 23:47 - 2014-05-02 21:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 17:26 - 2014-05-03 16:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 17:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-10 14:34 - 2014-05-02 20:49 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Adobe
2014-12-07 16:45 - 2014-05-03 16:19 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-06 22:55 - 2014-07-17 14:24 - 00000000 ____D () C:\Users\Michi\Downloads\Hits
2014-12-06 18:17 - 2014-08-20 14:54 - 00000000 ____D () C:\Users\Michi\Downloads\Masters of chill out music vol. 1

Some content of TEMP:
====================
C:\Users\Michi\AppData\Local\Temp\avgnt.exe
C:\Users\Michi\AppData\Local\Temp\sonarinst.exe
C:\Users\Michi\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 19:12

==================== End Of Log ============================
--- --- ---

schrauber 02.01.2015 21:35

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

FM8 05.01.2015 21:55
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=059d4bfbaa55e34c840869fe7109cf51
# engine=21815
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-04 10:44:31
# local_time=2015-01-04 10:44:31 (+0000, Westeuropäische Zeit)
# country="Switzerland"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 20397 27090207 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 21326525 172876521 0 0
# scanned=361164
# found=6
# cleaned=0
# scan_time=8193
sh=98EC9B0790FF2CCF7D6924B1C936779656984611 ft=1 fh=c71c0011574105de vn="Variante von MSIL/Adware.iBryte.O Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Extensions\Client.exe.vir"
sh=803E9C7FFAF2C610A85C67FFE6593C674D4301A6 ft=1 fh=c71c0011e145bc98 vn="Variante von Win32/AdWare.AddLyrics.BP Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver5BlockAndSurf\BlockAndSurf.exe.vir"
sh=F56F3B07A9BA0B8857BE81283F81DD45F1AE1E23 ft=1 fh=c71c0011e016a519 vn="Variante von Win32/AdWare.AddLyrics.BQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver5BlockAndSurf\l6BlockAndSurfK82.exe.vir"
sh=7C48284DF44F51BC9AFC3ED75EE16811B1E84DA8 ft=1 fh=3a5a01f61f631963 vn="Variante von Win32/Adware.AddLyrics.CG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver5BlockAndSurf\Uninstall.exe.vir"
sh=2FE13F672CC9B70A6FFC47DC0809BB35D5FE199C ft=1 fh=0cf88578eab7a221 vn="Variante von Win64/Adware.AddLyrics.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver5BlockAndSurf\x64\TandemRunner.exe.vir"
sh=6124485A8A7F6F37336496832E17633A7A62C2B3 ft=1 fh=0a728addaebc2920 vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\Downloads\SyncerSoft_BassLandscapes_2_1_Setup.exe"





Code:
Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player 15.0.0.246 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (34.0.5)
 Google Chrome 35.0.1916.114 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````








FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Michi (administrator) on M-PC on 05-01-2015 20:41:54
Running from C:\Users\Michi\Desktop
Loaded Profile: Michi (Available profiles: Michi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(BitTorrent Inc.) C:\Users\Michi\AppData\Roaming\BitTorrent\BitTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Autodesk Inc.) C:\Users\Michi\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\System\Tools\Bridge\64bit\ilbridge.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\...\Run: [BitTorrent] => C:\Users\Michi\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-462835693-3900197004-2541521047-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-462835693-3900197004-2541521047-1000] => 0.0.0.0:80
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-462835693-3900197004-2541521047-1000 -> {4E3248B4-A162-49C4-996F-6961CB82D93C} URL = https://www.google.com/search?q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-462835693-3900197004-2541521047-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default
FF Homepage: https://www.google.ch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Avira Browser Safety - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Avira Savings Advisor - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default\Extensions\ciuvo-extension@avira.de [2014-05-05]
FF Extension: No Youtube Comments - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mvilhog4.default\Extensions\jid1-YMBCq41qvDdqcA@jetpack.xpi [2014-05-22]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Browserschutz) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-05]
CHR Extension: (Google Wallet) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-30] ()
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [648472 2014-08-14] (Wacom Technology, Corp.)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-25] (Disc Soft Ltd)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 rig3avs; C:\Windows\System32\Drivers\rig3avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 rig3usb_svc; C:\Windows\System32\Drivers\rig3usb.sys [100200 2012-12-18] (Native Instruments GmbH)
S3 SaiK1703; C:\Windows\System32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek)
S3 SaiU1703; C:\Windows\System32\DRIVERS\SaiU1703.sys [47168 2012-09-20] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 20:41 - 2015-01-05 20:43 - 00014366 _____ () C:\Users\Michi\Desktop\FRST.txt
2015-01-05 20:41 - 2015-01-05 20:41 - 02123776 _____ (Farbar) C:\Users\Michi\Desktop\FRST64.exe
2015-01-05 20:41 - 2015-01-05 20:41 - 00000000 ____D () C:\Users\Michi\Desktop\FRST-OlderVersion
2015-01-05 20:40 - 2015-01-05 20:40 - 00000878 _____ () C:\Users\Michi\Desktop\checkup.txt
2015-01-05 20:33 - 2015-01-05 20:33 - 00852505 _____ () C:\Users\Michi\Desktop\SecurityCheck.exe
2015-01-05 15:47 - 2015-01-05 20:28 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Google
2015-01-05 15:45 - 2015-01-05 16:08 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-05 15:45 - 2015-01-05 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-04 20:25 - 2015-01-04 20:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-02 19:33 - 2015-01-02 19:33 - 00000000 ____D () C:\Windows\ERUNT
2015-01-02 19:06 - 2015-01-02 19:06 - 02173952 _____ () C:\Users\Michi\Downloads\AdwCleaner_4.106(2).exe
2015-01-02 17:21 - 2015-01-02 17:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-01-01 22:01 - 2015-01-01 22:01 - 00000000 ____D () C:\VstPlugins
2015-01-01 21:59 - 2015-01-01 21:59 - 09473607 _____ () C:\Users\Michi\Downloads\Hive3284Win.zip
2015-01-01 16:58 - 2015-01-01 21:46 - 00000000 ____D () C:\Users\Michi\AppData\Local\Bitwig Studio
2015-01-01 16:58 - 2015-01-01 16:58 - 00000000 ____D () C:\Users\Michi\Documents\Bitwig Studio
2015-01-01 16:57 - 2015-01-01 16:57 - 00002541 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitwig Studio.lnk
2015-01-01 16:57 - 2015-01-01 16:57 - 00000000 ____D () C:\Program Files (x86)\Bitwig Studio
2015-01-01 16:53 - 2015-01-01 16:54 - 131084288 _____ () C:\Users\Michi\Downloads\Bitwig Studio 1.1.3.msi
2014-12-31 17:45 - 2014-12-31 17:49 - 00000000 ____D () C:\Users\Michi\Documents\Battlefield 4
2014-12-30 21:05 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-12-30 21:05 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-30 21:05 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-30 21:05 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-12-30 21:04 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-12-30 21:04 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-30 21:04 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-30 21:04 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-30 21:04 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-30 21:04 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-12-30 21:04 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-12-30 21:04 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-30 21:04 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-30 21:04 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-12-30 21:04 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-12-30 21:04 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-30 21:04 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-30 21:04 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-12-30 21:04 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-30 21:04 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-12-30 21:04 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-12-30 21:04 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-12-30 21:04 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-12-30 21:04 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-12-30 21:04 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-12-30 21:04 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-12-30 21:04 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-12-30 18:41 - 2014-12-30 18:41 - 00024378 _____ () C:\ComboFix.txt
2014-12-30 18:13 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-30 18:13 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-30 18:13 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-30 18:13 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-30 18:13 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-30 18:13 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-30 18:13 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-30 18:13 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-30 18:12 - 2014-12-30 18:41 - 00000000 ____D () C:\Qoobox
2014-12-30 18:12 - 2014-12-30 18:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-30 16:03 - 2015-01-05 20:42 - 00000000 ____D () C:\FRST
2014-12-30 16:03 - 2014-12-30 16:03 - 02123264 _____ (Farbar) C:\Users\Michi\Downloads\FRST64.exe
2014-12-30 16:02 - 2014-12-30 16:02 - 00000168 _____ () C:\Users\Michi\defogger_reenable
2014-12-30 16:01 - 2014-12-30 16:01 - 00050477 _____ () C:\Users\Michi\Downloads\Defogger.exe
2014-12-30 15:58 - 2014-12-30 15:59 - 00000000 ____D () C:\Users\Michi\Desktop\Neuer Ordner
2014-12-29 17:21 - 2014-12-29 17:21 - 02173952 _____ () C:\Users\Michi\Downloads\adwcleaner_4.106.exe
2014-12-29 13:40 - 2014-12-29 13:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-29 13:40 - 2014-12-29 13:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 19:48 - 2014-12-27 19:52 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Glitchmachines
2014-12-27 19:46 - 2014-12-27 19:47 - 09933002 _____ () C:\Users\Michi\Downloads\GM_HYSTERESIS.zip
2014-12-27 19:46 - 2014-12-27 19:47 - 09933002 _____ () C:\Users\Michi\Downloads\GM_HYSTERESIS (1).zip
2014-12-27 13:59 - 2014-12-27 14:01 - 89173025 _____ () C:\Users\Michi\Downloads\DSK_Overture.zip
2014-12-27 13:53 - 2014-12-29 13:38 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\ernden
2014-12-25 22:01 - 2014-12-28 15:07 - 00000000 ____D () C:\Users\Michi\AppData\Local\Opera Software
2014-12-25 22:00 - 2014-12-28 15:07 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Opera Software
2014-12-25 21:59 - 2014-12-28 15:07 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-25 17:36 - 2014-12-25 17:36 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 16:37 - 2014-12-19 16:37 - 01180819 _____ () C:\Users\Michi\Downloads\Weihnachtswünsche vom Selbsthilfecenter.eml
2014-12-18 14:37 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 14:37 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 15:47 - 2014-12-17 17:27 - 00000000 ____D () C:\tmp
2014-12-17 15:45 - 2014-12-17 15:45 - 00002104 _____ () C:\Users\Michi\Desktop\Blender.lnk
2014-12-17 15:45 - 2014-12-17 15:45 - 00000000 ____D () C:\Users\Michi\.thumbnails
2014-12-17 15:45 - 2014-12-17 15:45 - 00000000 ____D () C:\Program Files (x86)\Blender Foundation
2014-12-17 15:44 - 2014-12-17 15:44 - 53895385 _____ () C:\Users\Michi\Downloads\blender-2.72b-windows32.exe
2014-12-16 17:06 - 2014-12-16 17:06 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-12-12 17:25 - 2014-12-12 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-12-12 17:25 - 2014-12-12 17:25 - 00000000 ____D () C:\ProgramData\ATI
2014-12-12 17:24 - 2015-01-05 19:39 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Raptr
2014-12-12 17:24 - 2014-12-12 17:24 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412121724288180.log
2014-12-12 17:24 - 2014-12-12 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-12 17:24 - 2014-12-12 17:24 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-12 17:23 - 2014-12-12 17:23 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-12 02:45 - 2014-12-12 02:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-11 19:38 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 19:38 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 19:38 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 19:38 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 19:38 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 19:38 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 19:38 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 19:38 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 19:38 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 19:38 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 19:38 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 19:38 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 19:38 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 19:38 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 19:38 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 19:38 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 19:38 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 19:38 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 19:38 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 19:38 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 19:38 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 19:38 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 19:38 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 19:38 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 19:38 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 19:38 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 19:38 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 19:38 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 19:38 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 19:38 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 19:38 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 19:38 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 19:38 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 19:38 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 19:38 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 19:38 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 19:38 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 19:38 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 19:38 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 19:38 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 19:38 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 19:38 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 19:38 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 19:38 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 19:38 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 19:38 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 19:38 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 19:38 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 19:38 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 19:38 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 19:38 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 19:38 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 19:38 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 19:38 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 19:38 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 19:38 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 14:34 - 2014-12-10 14:34 - 00000000 ____D () C:\Users\Michi\Documents\Adobe
2014-12-06 20:18 - 2014-12-06 20:18 - 00000000 ____D () C:\Users\Michi\Documents\CAPCOM
2014-12-06 20:18 - 2014-12-06 20:18 - 00000000 ____D () C:\Users\Michi\AppData\Local\CAPCOM
2014-12-06 15:45 - 2014-12-06 15:48 - 00000000 ____D () C:\Users\Michi\Desktop\3ds max 2010

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 20:41 - 2014-05-05 15:30 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\BitTorrent
2015-01-05 20:38 - 2014-05-05 18:05 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Skype
2015-01-05 20:07 - 2014-05-18 16:38 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 19:47 - 2014-05-10 15:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 17:37 - 2014-05-02 19:34 - 02084950 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 15:48 - 2014-08-27 13:32 - 00000000 ____D () C:\Users\Michi\AppData\Local\Adobe
2015-01-05 15:47 - 2014-05-18 16:38 - 00000000 ____D () C:\Users\Michi\AppData\Local\Google
2015-01-05 15:46 - 2014-06-30 14:49 - 00000000 ____D () C:\ProgramData\Google
2015-01-05 15:46 - 2014-06-30 14:49 - 00000000 ____D () C:\Program Files\Google
2015-01-05 15:46 - 2014-05-18 16:38 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-05 15:45 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 15:45 - 2009-07-14 04:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 15:44 - 2014-05-10 15:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-05 15:44 - 2014-05-02 21:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 15:44 - 2014-05-02 21:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 15:37 - 2014-05-18 16:38 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 15:37 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 15:37 - 2009-07-14 04:51 - 00084439 _____ () C:\Windows\setupact.log
2015-01-04 12:05 - 2014-06-19 19:40 - 01249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\Michi\AppData\Roaming\msvcr90-ruby191.dll
2015-01-03 16:42 - 2014-05-02 23:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-02 19:31 - 2014-09-13 12:31 - 00000000 ____D () C:\AdwCleaner
2015-01-02 19:21 - 2010-11-21 03:47 - 00242664 _____ () C:\Windows\PFRO.log
2015-01-01 22:01 - 2014-05-03 15:50 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-12-31 23:35 - 2014-06-02 17:15 - 00000000 ____D () C:\ProgramData\Origin
2014-12-31 23:34 - 2014-06-02 17:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-31 23:28 - 2014-06-02 17:42 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-31 23:28 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-31 18:25 - 2014-06-03 20:21 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-31 17:53 - 2014-06-03 17:45 - 00000000 ____D () C:\Users\Michi\AppData\Local\PunkBuster
2014-12-31 17:53 - 2014-06-02 23:06 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-30 21:06 - 2014-06-02 23:06 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-12-30 21:06 - 2014-06-02 23:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-30 21:06 - 2014-05-02 22:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-30 21:04 - 2014-05-03 22:37 - 00739309 _____ () C:\Windows\DirectX.log
2014-12-30 18:41 - 2014-05-29 16:12 - 00000000 ____D () C:\Users\Library
2014-12-30 18:41 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
2014-12-30 18:31 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-30 16:02 - 2014-05-02 20:41 - 00000000 ____D () C:\Users\Michi
2014-12-29 14:05 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\schemas
2014-12-28 00:44 - 2014-09-19 16:06 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Audacity
2014-12-27 13:51 - 2011-04-12 07:43 - 00709156 _____ () C:\Windows\system32\perfh007.dat
2014-12-27 13:51 - 2011-04-12 07:43 - 00153592 _____ () C:\Windows\system32\perfc007.dat
2014-12-27 13:51 - 2009-07-14 05:13 - 01647256 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 21:55 - 2014-10-19 17:56 - 00000000 ____D () C:\Users\Michi\Downloads\UFC.Fight.Night.54.MacDonald.vs.Saffiedine.HDTV.x264-KOENiG[rarbg]
2014-12-22 16:45 - 2014-05-05 18:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 16:45 - 2014-05-05 18:05 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 15:56 - 2014-05-05 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 15:56 - 2014-05-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-13 17:16 - 2014-05-02 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 20:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 17:28 - 2014-10-27 16:14 - 00000000 ____D () C:\Users\Michi\Downloads\Raunchy - 2010 - A Discord Electric
2014-12-12 17:27 - 2014-07-17 14:26 - 00000000 ____D () C:\Users\Michi\Downloads\Guilty Pleasures EP
2014-12-12 17:25 - 2014-05-02 22:25 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-12 17:24 - 2014-05-02 22:25 - 00000000 ____D () C:\ProgramData\AMD
2014-12-12 17:19 - 2014-05-02 22:24 - 00000000 ____D () C:\Program Files\AMD
2014-12-12 17:18 - 2014-05-02 22:20 - 00000000 ____D () C:\AMD
2014-12-12 03:07 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:05 - 2014-05-02 20:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:02 - 2014-05-02 20:07 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 17:26 - 2014-05-03 16:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 17:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-10 14:34 - 2014-05-02 20:49 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Adobe
2014-12-07 16:45 - 2014-05-03 16:19 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-06 22:55 - 2014-07-17 14:24 - 00000000 ____D () C:\Users\Michi\Downloads\Hits
2014-12-06 18:17 - 2014-08-20 14:54 - 00000000 ____D () C:\Users\Michi\Downloads\Masters of chill out music vol. 1

Some content of TEMP:
====================
C:\Users\Michi\AppData\Local\Temp\avgnt.exe
C:\Users\Michi\AppData\Local\Temp\sonarinst.exe
C:\Users\Michi\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 23:15

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 06.01.2015 11:34
Flash Player und Chrome updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-462835693-3900197004-2541521047-1000] => 0.0.0.0:80
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

FM8 11.01.2015 22:42
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015 01
Ran by Michi at 2015-01-11 21:32:07 Run:1
Running from C:\Users\Michi\Desktop
Loaded Profile: Michi (Available profiles: Michi)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-462835693-3900197004-2541521047-1000] => 0.0.0.0:80
Emptytemp:
*****************

"HKU\S-1-5-21-462835693-3900197004-2541521047-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-462835693-3900197004-2541521047-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 2.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 21:34:51 ====

schrauber 12.01.2015 09:28
fertig :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131