Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   RunDLL "Problem beim Starten von ..." (https://www.trojaner-board.de/168535-rundll-problem-beim-starten.html)

pgross 08.07.2015 10:15
RunDLL "Problem beim Starten von ..."
 
Hallo,

ein Bekannter bat mich um Hilfe, da er bei jedem Systemstart unter Windows 7 die Fehlermeldung "RunDLL: Problem beim Starten von C:\Users\Rudi\AppData\Local\Temp\hmoaakrlgrukqikqcip.bfg Das angegebene Modul wurde nicht gefunden." erhält.
Er hat mir berichtet, dass er vor einiger Zeit ein Fenster mit "Bezahlen Sie 100€" bekommen hätte. An den genauen Wortlaut erinnert er sich nicht. Er hat danach, nach seinen Angaben, mit Spybot Search & Destroy Malware gefunden und entfernt. Seither erscheint oben angegebene Fehlermeldung.

Ich gehe davon aus, dass die Malwar nicht vollständig entfernt wurde. Ist das korrekt? Wie kann ich weiter vorgehen?

Schritt 1: defogger ausgeführt. Keine Fehlermeldung.
Schritt 2: FRST Scan ausgeführt.
FRST.txt:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Rudi (administrator) on PCVN on 08-07-2015 10:54:22
Running from I:\
Loaded Profiles: Rudi (Available Profiles: Rudi & Maggi & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$fb2d895754f06f3359c2d32ce3521ea7\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\MountPoints2: {562b5b6b-0525-11e1-bc8e-842b2bab75b6} - I:\NPSAI.exe
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3471903468-164558032-738513436-1001\$fb2d895754f06f3359c2d32ce3521ea7\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Rudi\AppData\Roaming\Srinblfopf\FRITZ!DSL Protect.lnk [2012-11-20]
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Rudi\AppData\Roaming\Srinblfopf\picpkiqkurglrkaaomh.lnk [2013-08-05]
ShortcutTarget: picpkiqkurglrkaaomh.lnk -> C:\Users\Rudi\AppData\Local\Temp\hmoaakrlgrukqikpcip.bfg (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
HKU\S-1-5-21-3471903468-164558032-738513436-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3471903468-164558032-738513436-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
SearchScopes: HKLM -> DefaultScope {CB869646-DFE9-4868-AD2C-83567275CA22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CB869646-DFE9-4868-AD2C-83567275CA22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D298F812-DA32-4781-B36B-06868A9551BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D298F812-DA32-4781-B36B-06868A9551BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-1001 -> DefaultScope {CB869646-DFE9-4868-AD2C-83567275CA22} URL =
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-1001 -> {CB869646-DFE9-4868-AD2C-83567275CA22} URL =
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-1001 -> {D298F812-DA32-4781-B36B-06868A9551BE} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-07] (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18] (Sun Microsystems, Inc.)
BHO-x32: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3471903468-164558032-738513436-1001 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Winsock: Catalog5 10 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog5-x64 10 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 01 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 02 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 03 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 14 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1392CDF6-BB6F-4E01-88E8-448D855300B7}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: GMX Suche
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-12-07] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\user.js [2012-06-24]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-20] (Apple Inc.)
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\11-suche.xml [2014-06-06]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\avira-safesearch.xml [2015-02-27]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\englische-ergebnisse.xml [2014-06-06]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\gmx-suche.xml [2014-06-06]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\lastminute.xml [2014-04-13]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\webde-suche.xml [2014-06-06]
FF Extension: Avira Browser Safety - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\abs@avira.com [2015-07-02]
FF Extension: GMX MailCheck - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\mailcheck@gmx.net [2015-06-22]
FF Extension: Avira SafeSearch - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\safesearch@avira.com [2015-06-19]
FF Extension: Garmin Communicator - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-30]
FF Extension: Yahoo! Toolbar - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-03]

Chrome:
=======
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U23) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Toolbar) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2012-05-09]
CHR Extension: (YouTube) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (Google Search) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-02]
CHR Extension: (Skype Click to Call) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-02]
CHR Extension: (Gmail) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-02]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 10:53 - 2015-07-08 10:53 - 00000000 _____ C:\Users\Rudi\defogger_reenable
2015-07-08 10:07 - 2015-07-08 10:54 - 00000000 ____D C:\FRST
2015-07-08 09:37 - 2015-07-08 09:37 - 00000085 _____ C:\Windows\wininit.ini
2015-07-08 09:37 - 2015-07-08 09:37 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-04 20:14 - 2015-07-04 20:15 - 24656929 _____ C:\Users\Rudi\Downloads\Update_FmWin_6031(1).exe
2015-07-04 20:08 - 2015-04-25 00:18 - 3429766358 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.exe
2015-07-04 20:07 - 2015-07-04 20:30 - 00000000 ____D C:\Users\Rudi\AppData\Local\Flymap Win
2015-07-04 20:07 - 2015-07-04 20:07 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flymap Win
2015-07-04 19:49 - 2015-07-04 20:01 - 502859710 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part5.rar
2015-07-04 17:08 - 2015-07-04 17:26 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part4.rar
2015-07-04 16:46 - 2015-07-04 17:04 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part3.rar
2015-07-04 15:16 - 2015-07-04 15:34 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part1.exe
2015-07-03 14:58 - 2015-07-04 20:16 - 00001095 _____ C:\Users\Rudi\Desktop\Flymap Win.lnk
2015-07-03 14:56 - 2015-07-03 14:57 - 33857200 _____ C:\Users\Rudi\Downloads\FmWin_6029_L.exe
2015-07-03 13:47 - 2015-07-04 09:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 13:26 - 2015-07-03 13:43 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part2.rar
2015-07-03 13:17 - 2015-07-03 13:20 - 138837899 _____ C:\Users\Rudi\Downloads\ICAO_Germany_2015.exe
2015-07-03 13:04 - 2015-07-03 13:04 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-07-03 13:03 - 2015-07-03 13:04 - 24656929 _____ C:\Users\Rudi\Downloads\Update_FmWin_6031.exe
2015-06-29 18:19 - 2015-06-29 18:19 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-26 22:06 - 2015-06-26 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-24 18:00 - 2015-06-24 19:00 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-12 16:34 - 2015-06-12 16:34 - 00002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-10 09:47 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:47 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:47 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:47 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:47 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:47 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 09:47 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 09:47 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 09:47 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 09:47 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 09:46 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:46 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 09:46 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:46 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 09:46 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:46 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:46 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:46 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:46 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:46 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 09:46 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 09:46 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 09:46 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 09:46 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 09:46 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 09:46 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 09:46 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 09:46 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 09:46 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:46 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:46 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 09:46 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 09:46 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:46 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 09:46 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 09:46 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 09:46 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 09:46 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 09:46 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 09:46 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 09:46 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 09:46 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 09:46 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 09:46 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 09:46 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 09:46 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 09:46 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 09:46 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 09:46 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 09:46 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 09:46 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 09:46 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 09:46 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 09:46 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 09:46 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 09:46 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 09:46 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 09:46 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 09:46 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 09:46 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:46 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:46 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:46 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:46 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:46 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:46 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:46 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:46 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:46 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:46 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:46 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:46 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:46 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:46 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:46 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:46 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:46 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:46 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:46 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:46 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:46 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:46 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:46 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:46 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:46 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:46 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:46 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:46 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:46 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 09:46 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 09:46 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 09:46 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 10:53 - 2010-12-10 14:45 - 00000000 ____D C:\Users\Rudi
2015-07-08 10:50 - 2009-07-14 07:10 - 01420077 _____ C:\Windows\WindowsUpdate.log
2015-07-08 10:30 - 2011-02-18 23:09 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-08 10:09 - 2009-07-14 19:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2015-07-08 10:09 - 2009-07-14 19:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2015-07-08 10:09 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 10:06 - 2015-01-20 18:22 - 00012152 _____ C:\Windows\setupact.log
2015-07-08 10:00 - 2012-04-15 19:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 09:37 - 2013-08-07 16:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-08 09:29 - 2011-02-18 23:09 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 09:09 - 2009-07-14 06:45 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 09:09 - 2009-07-14 06:45 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 09:02 - 2012-01-20 21:15 - 1370908386 _____ C:\Users\Rudi\DesktopStCenter.txt
2015-07-08 09:02 - 2010-12-10 14:45 - 00000000 ____D C:\Users\Rudi\AppData\Local\SoftThinks
2015-07-08 09:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-07 20:54 - 2012-01-20 21:37 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\FRITZ!
2015-07-07 17:14 - 2010-12-10 15:13 - 00000000 ____D C:\Users\Maggi\AppData\Local\SoftThinks
2015-07-05 13:00 - 2010-12-10 14:35 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-07-05 12:56 - 2010-12-13 15:44 - 00000000 ____D C:\Users\Rudi\Documents\Texte
2015-07-04 09:40 - 2015-01-20 18:22 - 00189752 _____ C:\Windows\PFRO.log
2015-07-04 09:40 - 2012-04-24 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 13:59 - 2014-04-22 17:53 - 00000000 ____D C:\Users\Rudi\AppData\Local\Deployment
2015-07-02 21:06 - 2014-10-22 23:26 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2015-06-29 20:07 - 2010-12-13 16:21 - 00000000 ____D C:\Users\Maggi\Documents\Texte
2015-06-25 07:53 - 2014-10-22 23:30 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2015-06-25 07:53 - 2014-10-22 23:30 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2015-06-25 07:53 - 2014-10-22 23:27 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-06-25 07:53 - 2014-10-22 23:27 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-06-25 07:53 - 2014-10-22 23:27 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2015-06-24 19:06 - 2014-12-16 09:22 - 00000000 ____D C:\Users\Maggi\AppData\Local\Windows Live
2015-06-24 19:04 - 2013-01-16 20:24 - 00002209 _____ C:\Users\Maggi\Desktop\Google Chrome.lnk
2015-06-24 19:00 - 2012-04-15 19:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 19:00 - 2012-04-15 19:22 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 19:00 - 2011-05-20 20:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-12 16:34 - 2011-02-18 23:09 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-11 13:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 10:36 - 2009-07-14 06:45 - 00409144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 10:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 10:19 - 2010-12-10 15:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 10:16 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-06-11 10:14 - 2013-08-14 11:49 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 10:09 - 2010-12-13 17:50 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 22:52 - 2014-05-10 16:36 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-09 10:13 - 2013-03-29 09:12 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 10:13 - 2013-03-29 09:12 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2012-04-25 17:36 - 2012-04-25 17:36 - 0002508 _____ () C:\Users\Rudi\AppData\Roaming\$_hpcst$.hpc
2012-03-11 21:25 - 2013-04-03 21:32 - 0000695 _____ () C:\Users\Rudi\AppData\Roaming\DriveCalculator Preferences
2015-05-10 09:09 - 2015-05-10 09:09 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{5D6EBB7B-2D3E-4374-87DF-5BEEEBF03FA7}
2015-05-22 09:29 - 2015-05-22 09:29 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{CBE5C5C6-1615-464B-A5CD-9DE3FB2A8629}
2015-04-05 15:31 - 2015-04-05 15:31 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{E1DA222C-A767-43F6-B3CA-69D17388AA2D}
2012-07-15 19:13 - 2012-07-15 20:57 - 4503728 ____T () C:\ProgramData\0tbpw.pad
2012-06-17 20:23 - 2012-06-17 20:33 - 0000098 _____ () C:\ProgramData\ccdebcafedbgfdgfdgdfg.cfg
2012-06-17 20:23 - 2012-06-17 20:23 - 0040960 _____ () C:\ProgramData\dimpxqfetwntqbp
2012-06-17 20:33 - 2012-06-17 20:33 - 0055808 _____ () C:\ProgramData\dsvxcdyrcqabehw
2013-08-05 15:52 - 2013-08-05 15:52 - 0000070 _____ () C:\ProgramData\picpkiqkurglrkaaomh.bat
2013-08-05 15:52 - 2013-08-05 15:52 - 0000165 _____ () C:\ProgramData\picpkiqkurglrkaaomh.reg

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3471903468-164558032-738513436-1001\$fb2d895754f06f3359c2d32ce3521ea7

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$fb2d895754f06f3359c2d32ce3521ea7

Files to move or delete:
====================
C:\ProgramData\0tbpw.pad
C:\ProgramData\picpkiqkurglrkaaomh.bat
C:\ProgramData\picpkiqkurglrkaaomh.reg


Some files in TEMP:
====================
C:\Users\Maggi\AppData\Local\Temp\avgnt.exe
C:\Users\Rudi\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 09:14

==================== End of log ============================
--- --- ---


Addition.txt:
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Rudi at 2015-07-08 10:55:02
Running from I:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3471903468-164558032-738513436-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3471903468-164558032-738513436-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3471903468-164558032-738513436-1004 - Limited - Enabled)
Maggi (S-1-5-21-3471903468-164558032-738513436-1002 - Administrator - Enabled) => C:\Users\Maggi
Rudi (S-1-5-21-3471903468-164558032-738513436-1001 - Administrator - Enabled) => C:\Users\Rudi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AntiVir Desktop (Enabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Enabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1PLUS_2013.f  (Portable Version) (HKLM-x32\...\1PLUS_2013.f_is1) (Version: 2013.f - SPV)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.7.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0517.1741 - )
Avery Wizard 5.0 (HKLM\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.48 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.0.2.0 - )
EPSON PhotoQuicker3.5 (HKLM-x32\...\{65F5B7AF-3363-11D7-BB6B-00018021113F}) (Version:  - )
EPSON PRINT Image Framer Tool2.1 (HKLM-x32\...\{23B59ED4-C360-11D7-875B-0090CC005647}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Smart Panel (HKLM-x32\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
EPSON Web-To-Page (HKLM-x32\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
ESPRX420 Ref. Handbuch (HKLM-x32\...\ESPRX420 Ref. Handbuch) (Version:  - )
ESPRX420 Softwarehandbuch (HKLM-x32\...\ESPRX420 Softwarehandbuch) (Version:  - )
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java TopTask (HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Java TopTask) (Version:  - Deutscher Wetterdienst)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower)
Multimedia Card Reader (x32 Version: 1.6.915.87 - Fitipower) Hidden
MULTIPLEX Launcher (HKLM-x32\...\MULTIPLEX Launcher) (Version:  - )
Multiplex PC Interface (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&81A9) (Version:  - Multiplex Modellsport GmbH & Co. KG)
PC-Link (HKLM-x32\...\{8F90870D-E092-43C8-9F11-38C6D2C43783}) (Version: 1.0.0 - Futaba)
PhotoImpression 5 (HKLM-x32\...\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}) (Version:  - )
PIF DESIGNER2.1 (HKLM-x32\...\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
REFLEX Modellflugsimulator (HKLM-x32\...\{6B06C8A7-0BDC-4623-BA43-F2F208D8A17F}) (Version: 5.05.4 - Dipl.-Ing. Stefan Kunde)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
SBD-Link (HKLM-x32\...\{20DE1DF5-71C5-4124-9280-5E4736CDE6B3}) (Version: 1.0.0 - Futaba)
ScanToWeb (HKLM-x32\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{5D0636C3-6571-49C1-9F68-2A7EEA347001}) (Version: 6.5 - Silicon Laboratories, Inc.)
Skins (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
S-Link (HKLM-x32\...\{18393093-CE7E-4374-A891-8F83E7C5A0CD}) (Version: 1.0.1 - Futaba)
SM UniSens-E Tool (HKLM-x32\...\{2194DF7D-B6F7-486C-A547-1F32BE3F2586}) (Version: 1.0.2.1 - SM-Modellbau)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
webGAMET (HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\webGAMET) (Version:  - Deutscher Wetterdienst)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Wondershare TunesGo ( Version 4.1.5 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 4.1.5 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3471903468-164558032-738513436-1001_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Rudi\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3471903468-164558032-738513436-1001_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Rudi\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3471903468-164558032-738513436-1001_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Rudi\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3471903468-164558032-738513436-1001_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Rudi\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3471903468-164558032-738513436-1001_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Rudi\AppData\Roaming\Avery\Avery Wizard 5.0\AvWizRes.dll (Avery Products Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-3471903468-164558032-738513436-1001_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Rudi\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-3471903468-164558032-738513436-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

==================== Restore Points =========================

18-06-2015 12:29:00 Geplanter Prüfpunkt
27-06-2015 13:56:38 Geplanter Prüfpunkt
05-07-2015 00:00:04 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {017BA314-9353-4961-AE4F-67C3C7EE1212} - System32\Tasks\{296158A7-0ED9-45E7-8293-074699181D9F} => D:\SETUP.EXE
Task: {01D2412C-15D3-43AB-A113-42211C7E57F0} - System32\Tasks\{C7888A0F-6D50-4D0E-97D7-E14C14CC52EF} => C:\Program Files\Reflex\SETUP.EXE
Task: {0A158586-D141-49DF-BAF1-87A49EF903A5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3471903468-164558032-738513436-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {0B6864C4-1EF8-43AA-BD36-9F4216694F6B} - System32\Tasks\{31CB75DD-170A-4BFD-8D10-C51169271807} => C:\Program Files (x86)\REFLEX\RMK.exe
Task: {10FBD7FB-5610-4208-8F8A-B77BBE562F03} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
Task: {17CE2C70-D823-40B1-BAA5-16D6D1CC4CA2} - System32\Tasks\{9461A4F1-7D5B-4BC2-8992-74C25B8E5C91} => D:\Setup.exe
Task: {263B154B-8712-46FC-96E1-BB9D8162FF72} - System32\Tasks\{5672098F-8DF6-47FE-B21C-092D1447425A} => D:\SETUP.EXE
Task: {3622E8CD-6D00-43DF-8E60-BB1B94005E77} - System32\Tasks\{60B22B75-779C-4102-AC07-E651AFFAF57F} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-05-20] (Mozilla Corporation)
Task: {3B32EC82-758F-4F19-A849-D6622FFB4CE5} - System32\Tasks\{F5AF2892-0D94-43E6-9816-85B45F874F12} => C:\Program Files\Reflex\SETUP.EXE
Task: {40B84E5F-694D-44F3-9D41-D6E0B0AAB4AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {4B9B9073-3CE7-46AC-83AE-AB3EF48CAB8A} - System32\Tasks\{D8B20252-73BC-4BC7-A5A4-F14DABE888FB} => D:\SETUP.EXE
Task: {4F40870B-5F7C-4233-AA7C-050D4F61D092} - System32\Tasks\{BCEAFC5A-B511-4F9F-9FD2-E33956920226} => C:\Program Files\Reflex\SETUP.EXE
Task: {5075E2C9-B913-48BA-B7B9-9FB4F33D54F9} - System32\Tasks\{A732B303-DBB8-47AC-96BB-7798FF265EF6} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-05-20] (Mozilla Corporation)
Task: {51758997-B4AC-461A-9E60-D910E6596B96} - System32\Tasks\{E3B23282-B606-4A49-ABF5-91B71C8115A8} => D:\SETUP.EXE
Task: {5B4CB910-BEB2-4E5B-843D-7F260700FFEB} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {64B29175-3A75-4ED5-8606-6F2B422AC62D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-06] (PC-Doctor, Inc.)
Task: {66DF9FCE-029E-4866-921F-F401C94A76D8} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-06] (PC-Doctor, Inc.)
Task: {6AD62AED-631E-41F8-9631-3E6EED9D8EF2} - System32\Tasks\{FA9BA242-8748-4A2A-B627-5FB9EF5A69C0} => D:\Reflex_Update_5010de.exe
Task: {6F6866AD-96DE-4C1C-A630-8C3206B25B18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {70AAD91C-9F4B-4049-B3AB-B4DE4EFFB1CA} - System32\Tasks\{7BA66B8C-A276-4654-BF9B-B803C8AB4EE2} => D:\Setup.exe
Task: {70BE72D5-A28A-4D03-B8C0-7A6193AD6B7A} - System32\Tasks\{546B3B28-183B-4B87-A793-ACA04F9D70F9} => D:\Setup.exe
Task: {8039F56E-102E-429B-BFBA-E33C469E92D8} - System32\Tasks\{DCEC0511-1415-4E6E-A205-12773CB7B006} => C:\Program Files\Reflex\SETUP.EXE
Task: {90BC21F3-6912-4FCB-9E98-5A5FE46C08C5} - System32\Tasks\{04BDA2D5-247C-472C-AC17-68AFE3DDA92C} => C:\Program Files (x86)\REFLEX\RMK.exe
Task: {A7C57175-2FAF-49D5-B56D-82B7789537E4} - System32\Tasks\{101F7AA2-DB8A-4262-9FBF-BDD507B4A238} => D:\Setup.exe
Task: {A7DAF564-779A-49A3-B578-40978495F3B0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {B07E430A-506B-4816-AABD-8171740605A4} - System32\Tasks\{2FA1D4B2-B06F-4885-9945-3B115AF017E4} => C:\Program Files (x86)\REFLEX\REFLEX.exe
Task: {B3F16E28-46A5-491C-94E0-A29B01547A44} - System32\Tasks\{719C92B2-8FFC-4896-90F9-F94598A44C3D} => D:\SETUP.EXE
Task: {B5F86342-B320-4CA8-AA73-E1DC5927E856} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
Task: {B912364D-257B-4BE6-AC25-540A556D4538} - System32\Tasks\{7623C51E-10ED-4715-8188-CDD466DE2522} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {BA241E42-08CE-4F2F-B21D-6FD7FA5AC66E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {BDB4807E-BC93-4991-A559-23BF41FA660F} - System32\Tasks\{99907E28-6CB4-4ECB-B4C8-62E63F8534A3} => C:\Program Files (x86)\REFLEX\REFLEX.exe
Task: {CC7DB15A-FD33-4663-9AEE-3BADE7108EB4} - System32\Tasks\{23B1598F-8939-4309-A1D3-B6FB82C13B9E} => C:\Program Files (x86)\REFLEX\RMK.exe
Task: {CD1B4507-5D73-464E-B9BA-DF6B51CD32AE} - System32\Tasks\{681E2A35-D1E4-4977-BA94-001D60F91ABC} => D:\SETUP.EXE
Task: {CF638950-335E-45FC-922F-D24AFF78F330} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {CF6E85ED-9C28-4DB5-B16B-065079AC0E3F} - System32\Tasks\{6BCD5F85-F1CF-41AE-8E83-E77C3C2C124B} => D:\SETUP.EXE
Task: {DCA0C9BE-3EB0-489B-BF0F-FC76A1184B1D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3471903468-164558032-738513436-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {DCDD7F87-7D47-4ED8-85F0-037AA793DD57} - System32\Tasks\{F55AD194-5932-4BDC-BCA9-35F5B83589EC} => C:\Users\Maggi\Desktop\Winnote Dateien\WinNote\WINNOTE.EXE [2005-01-11] ()
Task: {DEE89236-2992-451D-B05E-8604B969E4C8} - System32\Tasks\{BF5D67D1-491D-4535-A703-2A7CDB5467E5} => C:\Program Files\Reflex\SETUP.EXE
Task: {E503ACB5-F190-497A-8F54-B1AA97D5D312} - System32\Tasks\{980F779E-0913-489A-90CD-FC34DBA69126} => D:\Setup.exe
Task: {EC668F4F-E3A9-4792-A28B-648FB0B58E98} - System32\Tasks\{E0D64681-21D6-4878-90C5-0913A07E3365} => pcalua.exe -a C:\Users\Rudi\Desktop\Driver_vista\x64\Setup.exe -d C:\Users\Rudi\Desktop\Driver_vista\x64
Task: {EDF5DE51-AB5B-4BF8-B747-B715B241D6A9} - System32\Tasks\{604D758E-8428-493E-9A8E-1E6F03A2DFD8} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\REFLEX\RMK.exe"
Task: {F7435B49-A5BC-4EF5-A0A1-593BB48E570A} - System32\Tasks\{B83D52F1-2B0D-4C81-ABEF-A76CDE951BA3} => D:\SETUP.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-12-07 21:08 - 2010-07-21 18:36 - 00783680 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2009-12-15 22:14 - 2009-12-15 22:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2008-11-18 13:00 - 2008-11-18 13:00 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-17 18:40 - 2010-05-17 18:40 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-07 21:07 - 2010-07-21 18:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-12-07 21:07 - 2010-07-21 18:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-12-07 21:07 - 2010-07-21 18:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-12-07 21:07 - 2010-07-21 18:33 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-12-07 21:07 - 2010-07-21 18:34 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-12-07 21:07 - 2010-07-21 18:33 - 00234816 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-12-07 21:07 - 2010-07-21 18:34 - 00075072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-12-07 21:07 - 2010-07-21 18:33 - 00111936 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-12-07 21:07 - 2010-07-21 18:33 - 00121152 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2014-05-19 15:29 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3471903468-164558032-738513436-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\startupreg: 2E26929A => C:\Users\Rudi\AppData\Roaming\Pmgryet\cypmpmlmw.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48DF6BCC-686F-4D38-B5F0-5277108FB29C}] => (Allow) LPort=80
FirewallRules: [{FD69E350-B9D1-4C26-B378-579DF3F772AD}] => (Allow) LPort=80
FirewallRules: [{8275D868-492E-4B66-945C-56E59DC84702}] => (Allow) LPort=80
FirewallRules: [TCP Query User{B073BCC8-8A2F-4141-B3F1-30BD4183527F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{364963C3-D105-4DB9-99F0-1E1F65888DBE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8A2FA884-966D-4A12-88A3-75A5C8638944}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe
FirewallRules: [UDP Query User{C03EA990-FF54-4555-A8AA-71D8FFD10C36}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe
FirewallRules: [TCP Query User{3BFE50C8-C962-4895-A1E5-E4AEF8CBFD40}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{4C98BD92-0566-46C9-8EC8-D6508BD48104}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [TCP Query User{88C3408F-717F-4293-982A-17E3AFC4E971}C:\program files\fritz!dsl\webwaigd.exe] => (Allow) C:\program files\fritz!dsl\webwaigd.exe
FirewallRules: [UDP Query User{25495619-8122-4B06-8122-E9231D13CAF9}C:\program files\fritz!dsl\webwaigd.exe] => (Allow) C:\program files\fritz!dsl\webwaigd.exe
FirewallRules: [TCP Query User{17B6D5D0-16D8-4DBB-ABD8-B150800FF736}C:\program files\fritz!dsl\webwaigd.exe] => (Allow) C:\program files\fritz!dsl\webwaigd.exe
FirewallRules: [UDP Query User{3176FCF0-8C67-499B-BE7A-330CF14D3F09}C:\program files\fritz!dsl\webwaigd.exe] => (Allow) C:\program files\fritz!dsl\webwaigd.exe
FirewallRules: [{996E2B9D-ADEF-4695-94F8-254BE6FB8BD6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5445A64C-3CEC-4B20-9821-8C030F2A564E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{255F638B-7C52-4254-85A4-15632BC13BEF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{2A6C2B4C-2A7A-4780-9412-625CCBFDD005}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{6617F988-98E1-458A-A8AD-1558265412A1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{030D8196-5495-4BF8-9CBB-BF92F817FBD1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{1ACEE300-4E70-4958-9EF6-4E7F1C1D3568}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{9724D252-052D-4766-A26A-6CF44A941F39}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{2B2CAC85-A339-44CF-B71D-4C5970EAF5D5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [TCP Query User{7EB65C47-77CD-4312-B87D-B368489003DF}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{DDCD024E-A986-4286-8EF7-84017C57A5F4}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [{70424F5B-9D4F-4B8A-894B-F150D13992A5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{20DC37F0-2B6C-4C19-B12D-0F951F205D35}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Block) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{C8CB67A9-B7B0-44DA-89A3-04A1F60B02AD}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Block) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{F4C83B2F-0B99-4081-9189-7EC0A0974477}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4AD86287-8490-4126-AED7-3BF37C40A122}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E57BAAB9-AA5F-40DB-A04F-7E83857D74EE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F89E33A0-1E7A-48A9-94AB-BBAC8ED3C227}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{77B4FC70-F10F-45CB-8DC5-3011FA9ECCD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "J:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/02/2015 09:05:35 PM) (Source: MsiInstaller) (EventID: 11321) (User: PCVN)
Description: Produkt: TuneUp Utilities 2014 (de-DE) -- Fehler 1321. Das Installationsprogramm besitzt keine ausreichenden Berechtigungen, um diese Datei zu ändern: C:\ProgramData\TuneUp Software\TuneUp Utilities 2014\de-DE\main_vista_7.chm.  Systemfehler 5.

Error: (06/30/2015 10:01:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006

Error: (06/30/2015 10:01:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006

Error: (06/30/2015 10:01:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/30/2015 10:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5007

Error: (06/30/2015 10:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5007

Error: (06/30/2015 10:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/30/2015 10:01:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009

Error: (06/30/2015 10:01:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4009


System errors:
=============
Error: (07/07/2015 05:11:54 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (07/07/2015 05:11:54 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (07/05/2015 09:35:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/05/2015 08:53:38 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (07/04/2015 09:40:31 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (07/03/2015 02:00:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/01/2015 10:23:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" ist vom Dienst "Peernetzwerkidentitäts-Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053

Error: (07/01/2015 10:23:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peernetzwerkidentitäts-Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053

Error: (07/01/2015 10:23:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Peernetzwerkidentitäts-Manager" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/01/2015 10:23:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Peernetzwerkidentitäts-Manager erreicht.


Microsoft Office:
=========================
Error: (07/05/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: J:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/02/2015 09:05:35 PM) (Source: MsiInstaller) (EventID: 11321) (User: PCVN)
Description: Produkt: TuneUp Utilities 2014 (de-DE) -- Fehler 1321. Das Installationsprogramm besitzt keine ausreichenden Berechtigungen, um diese Datei zu ändern: C:\ProgramData\TuneUp Software\TuneUp Utilities 2014\de-DE\main_vista_7.chm.  Systemfehler 5.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/30/2015 10:01:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006

Error: (06/30/2015 10:01:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006

Error: (06/30/2015 10:01:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/30/2015 10:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5007

Error: (06/30/2015 10:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5007

Error: (06/30/2015 10:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/30/2015 10:01:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009

Error: (06/30/2015 10:01:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4009


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 29%
Total physical RAM: 6103.12 MB
Available physical RAM: 4305.82 MB
Total Virtual: 12204.44 MB
Available Virtual: 10290.21 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1384.34 GB) (Free:1270.34 GB) NTFS
Drive i: (PG) (Removable) (Total:7.31 GB) (Free:7.31 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1384.3 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7.3 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
--- --- ---


Schritt 3: GMER ausgeführt.
Gmer.log:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-08 11:04:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31500341AS rev.CC4G 1397,27GB
Running: Gmer-19357.exe; Driver: C:\Users\Rudi\AppData\Local\Temp\fxldapog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                  0000000075931401 2 bytes JMP 759cb21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                    0000000075931419 2 bytes JMP 759cb346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                  0000000075931431 2 bytes JMP 75a48f29 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                  000000007593144a 2 bytes CALL 759a489d C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                      00000000759314dd 2 bytes JMP 75a48822 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17              00000000759314f5 2 bytes JMP 75a489f8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                      000000007593150d 2 bytes JMP 75a48718 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17              0000000075931525 2 bytes JMP 75a48ae2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                    000000007593153d 2 bytes JMP 759bfca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                          0000000075931555 2 bytes JMP 759c68ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                  000000007593156d 2 bytes JMP 75a48fe3 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                    0000000075931585 2 bytes JMP 75a48b42 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                        000000007593159d 2 bytes JMP 75a486dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                    00000000759315b5 2 bytes JMP 759bfd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                  00000000759315cd 2 bytes JMP 759cb2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20              00000000759316b2 2 bytes JMP 75a48ea4 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31              00000000759316bd 2 bytes JMP 75a48671 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                            0000000075931401 2 bytes JMP 759cb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                              0000000075931419 2 bytes JMP 759cb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                            0000000075931431 2 bytes JMP 75a48f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                            000000007593144a 2 bytes CALL 759a489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                00000000759314dd 2 bytes JMP 75a48822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                        00000000759314f5 2 bytes JMP 75a489f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                000000007593150d 2 bytes JMP 75a48718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                        0000000075931525 2 bytes JMP 75a48ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                              000000007593153d 2 bytes JMP 759bfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                    0000000075931555 2 bytes JMP 759c68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                            000000007593156d 2 bytes JMP 75a48fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                              0000000075931585 2 bytes JMP 75a48b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                  000000007593159d 2 bytes JMP 75a486dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                              00000000759315b5 2 bytes JMP 759bfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                            00000000759315cd 2 bytes JMP 759cb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                        00000000759316b2 2 bytes JMP 75a48ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                        00000000759316bd 2 bytes JMP 75a48671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17            0000000075931401 2 bytes JMP 759cb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17              0000000075931419 2 bytes JMP 759cb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17            0000000075931431 2 bytes JMP 75a48f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42            000000007593144a 2 bytes CALL 759a489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17              00000000759314dd 2 bytes JMP 75a48822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17        00000000759314f5 2 bytes JMP 75a489f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17              000000007593150d 2 bytes JMP 75a48718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17        0000000075931525 2 bytes JMP 75a48ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17              000000007593153d 2 bytes JMP 759bfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                  0000000075931555 2 bytes JMP 759c68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17            000000007593156d 2 bytes JMP 75a48fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17              0000000075931585 2 bytes JMP 75a48b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                000000007593159d 2 bytes JMP 75a486dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17              00000000759315b5 2 bytes JMP 759bfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17            00000000759315cd 2 bytes JMP 759cb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20        00000000759316b2 2 bytes JMP 75a48ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31        00000000759316bd 2 bytes JMP 75a48671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075931401 2 bytes JMP 759cb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075931419 2 bytes JMP 759cb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075931431 2 bytes JMP 75a48f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007593144a 2 bytes CALL 759a489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17        00000000759314dd 2 bytes JMP 75a48822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000759314f5 2 bytes JMP 75a489f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17        000000007593150d 2 bytes JMP 75a48718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075931525 2 bytes JMP 75a48ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007593153d 2 bytes JMP 759bfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17            0000000075931555 2 bytes JMP 759c68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007593156d 2 bytes JMP 75a48fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075931585 2 bytes JMP 75a48b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17          000000007593159d 2 bytes JMP 75a486dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000759315b5 2 bytes JMP 759bfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000759315cd 2 bytes JMP 759cb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000759316b2 2 bytes JMP 75a48ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000759316bd 2 bytes JMP 75a48671 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                    0000000075931401 2 bytes JMP 759cb21b C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                      0000000075931419 2 bytes JMP 759cb346 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                    0000000075931431 2 bytes JMP 75a48f29 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                    000000007593144a 2 bytes CALL 759a489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                      00000000759314dd 2 bytes JMP 75a48822 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                00000000759314f5 2 bytes JMP 75a489f8 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                      000000007593150d 2 bytes JMP 75a48718 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                0000000075931525 2 bytes JMP 75a48ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                      000000007593153d 2 bytes JMP 759bfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                          0000000075931555 2 bytes JMP 759c68ef C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                    000000007593156d 2 bytes JMP 75a48fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                      0000000075931585 2 bytes JMP 75a48b42 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                        000000007593159d 2 bytes JMP 75a486dc C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                      00000000759315b5 2 bytes JMP 759bfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                    00000000759315cd 2 bytes JMP 759cb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                00000000759316b2 2 bytes JMP 75a48ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                00000000759316bd 2 bytes JMP 75a48671 C:\Windows\syswow64\kernel32.dll

---- EOF - GMER 2.1 ----
Über Hilfe wäre ich sehr dankbar!

schrauber 08.07.2015 10:37
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

pgross 08.07.2015 13:02
Hallo,

danke für deine Antwort.

combofix.log:
Code:
ComboFix 15-07-07.01 - Rudi 08.07.2015  13:49:12.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.6103.4639 [GMT 2:00]
ausgeführt von:: I:\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Phone\Skype.exe
c:\programdata\0tbpw.pad
c:\programdata\ccdebcafedbgfdgfdgdfg.cfg
C:\timerintray
c:\timerintray\config.bin
c:\users\Rudi\AppData\Local\assembly\tmp
c:\users\Rudi\AppData\Roaming\Roaming
c:\users\Rudi\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bugashax.com\settings.sol
c:\users\Rudi\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
c:\windows\IsUn0407.exe
c:\windows\SysWow64\setup.ini
c:\windows\SysWow64\x86
c:\windows\SysWow64\x86\silabenm.sys
c:\windows\SysWow64\x86\silabser.sys
c:\windows\SysWow64\x86\WdfCoInstaller01009.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-06-08 bis 2015-07-08  ))))))))))))))))))))))))))))))
.
.
2015-07-08 11:53 . 2015-07-08 11:53        --------        d-----w-        c:\users\Maggi\AppData\Local\temp
2015-07-08 11:53 . 2015-07-08 11:53        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-07-08 08:07 . 2015-07-08 08:55        --------        d-----w-        C:\FRST
2015-07-04 18:07 . 2015-07-04 18:30        --------        d-----w-        c:\users\Rudi\AppData\Local\Flymap Win
2015-07-03 11:04 . 2015-07-03 11:04        348160        ----a-w-        c:\windows\SysWow64\msvcr71.dll
2015-06-24 16:00 . 2015-06-24 17:00        18174128        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-06-10 07:46 . 2015-05-25 18:19        1255424        ----a-w-        c:\windows\system32\diagtrack.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-25 05:53 . 2014-10-22 21:27        40760        ----a-w-        c:\windows\system32\TURegOpt.exe
2015-06-25 05:53 . 2014-10-22 21:30        43320        ----a-w-        c:\windows\system32\uxtuneup.dll
2015-06-25 05:53 . 2014-10-22 21:30        36152        ----a-w-        c:\windows\SysWow64\uxtuneup.dll
2015-06-25 05:53 . 2014-10-22 21:27        29496        ----a-w-        c:\windows\system32\authuitu.dll
2015-06-25 05:53 . 2014-10-22 21:27        25400        ----a-w-        c:\windows\SysWow64\authuitu.dll
2015-06-24 17:00 . 2012-04-15 17:22        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-24 17:00 . 2011-05-20 18:13        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-11 08:09 . 2010-12-13 15:50        140135120        ----a-w-        c:\windows\system32\MRT.exe
2015-06-09 08:13 . 2013-03-29 07:12        153256        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-06-09 08:13 . 2013-03-29 07:12        132656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-05-25 18:01 . 2015-06-10 07:46        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-05-22 18:18 . 2015-06-06 14:53        700416        ----a-w-        c:\windows\system32\generaltel.dll
2015-05-22 18:18 . 2015-06-06 14:53        757248        ----a-w-        c:\windows\system32\invagent.dll
2015-05-22 18:18 . 2015-06-06 14:53        423424        ----a-w-        c:\windows\system32\devinv.dll
2015-05-22 18:18 . 2015-06-06 14:53        1021440        ----a-w-        c:\windows\system32\appraiser.dll
2015-05-22 18:18 . 2015-06-06 14:53        45568        ----a-w-        c:\windows\system32\acmigration.dll
2015-05-22 18:18 . 2015-06-06 14:53        227328        ----a-w-        c:\windows\system32\aepdu.dll
2015-05-22 18:13 . 2015-06-06 14:53        1119232        ----a-w-        c:\windows\system32\aeinv.dll
2015-05-21 13:19 . 2015-06-06 14:53        193536        ----a-w-        c:\windows\system32\aepic.dll
2015-05-01 13:17 . 2015-05-14 21:47        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 21:47        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-14 12:15        1647104        ----a-w-        c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-14 12:15        1179136        ----a-w-        c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-14 12:15        1250816        ----a-w-        c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-14 12:17        460800        ----a-w-        c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-14 12:17        342016        ----a-w-        c:\windows\SysWow64\certcli.dll
2015-04-14 01:33 . 2015-04-14 01:33        1614504        ----a-w-        c:\windows\system32\FM20.DLL
2015-04-13 03:28 . 2015-05-14 12:16        328704        ----a-w-        c:\windows\system32\services.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2015-03-18 911032]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-07 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-04 1080104]
"Wondershare Helper Compact"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-15 498160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-06-09 730416]
"Wondershare Helper Compact"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\tray.exe" [2015-04-08 1010008]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\users\Maggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\users\Rudi\AppData\Roaming\Srinblfopf\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-17 1105208]
picpkiqkurglrkaaomh.lnk - c:\windows\System32\rundll32.exe c:\users\Rudi\AppData\Local\Temp\hmoaakrlgrukqikpcip.bfg,OKL00 [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 silabser;MPX PC Interface with CP210x USB to UART Bridge Controller Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-07 15:29        991048        ----a-w-        c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 17:00]
.
2015-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-18 06:44]
.
2015-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-18 06:44]
.
2015-05-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2015-07-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %ProgramFiles%\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\
FF - prefs.js: browser.search.selectedEngine - GMX Suche
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-SLABCOMM&10C4&81A9 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&81A9
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-07-08  14:00:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-07-08 12:00
.
Vor Suchlauf: 13 Verzeichnis(se), 1.364.930.965.504 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 1.364.439.138.304 Bytes frei
.
- - End Of File - - 32FB42ADC1A9B94C5C11DFB234871E04
A36C5E4F47E84449FF07ED3517B43A31

schrauber 08.07.2015 17:53
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

pgross 08.07.2015 19:44
Hallo, danke für die Anweisungen. Hier die Logs.

mbam log:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.07.2015
Suchlauf-Zeit: 20:00:32
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.08.05
Rootkit Datenbank: v2015.07.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Rudi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgebrochen
Durchsuchte Objekte: 65534
Verstrichene Zeit: 2 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
AdwCleaner:
Code:
# AdwCleaner v4.207 - Bericht erstellt 08/07/2015 um 20:29:07
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-21.1 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Rudi - PCVN
# Gestarted von : I:\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Maggi\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Maggi\Documents\Browser
Ordner Gelöscht : C:\Users\Rudi\AppData\Local\apn
Ordner Gelöscht : C:\Users\Rudi\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Rudi\AppData\Roaming\download Manager
Ordner Gelöscht : C:\Users\Rudi\Documents\Browser
Ordner Gelöscht : C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gelöscht : C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Datei Gelöscht : C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaangaohdajkgeopjhpbnlpkehbhmbj_0.localstorage-journal
Datei Gelöscht : C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKU\.DEFAULT\Software\APN
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 de)

[v4u2aott.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[v4u2aott.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[v4u2aott.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
[v4u2aott.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
[v4u2aott.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=754f902d-0e49-4921-b58d-7d34cb301dd4&apn_ptnrs=%5EABT&apn_sauid=278233A6-DFF0-4466[...]
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("avira.safe_search.installed", "[\"safesearch\"]");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("avira.safe_search.prev_newtab", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147b11b894828c-0cfe738bd3d64d-42504136-0-147b11b89492a7\"");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1432658649");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"c569c73652b2da82307919b9e2c4651d713424cd\"");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "4297904370");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"aac6efb8951a45f0bfe450d6cbd8648554c6c687\"");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.install", "1407425677645");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.search_offer_disabled", "true");
[cd9c4tby.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\Rudi\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\cd9c4tby.default\\\\extensions\\\\abs@avir[...]

-\\ Google Chrome v43.0.2357.132

[C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4882 Bytes] - [08/07/2015 20:27:30]
AdwCleaner[S0].txt - [4898 Bytes] - [08/07/2015 20:29:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4957  Bytes] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.7 (07.08.2015:2)
OS: Windows 7 Professional x64
Ran by Rudi on 08.07.2015 at 20:32:26,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask
Successfully deleted: [Task] C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013
Successfully deleted: [Task] C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension



~~~ Files

Successfully deleted: [File] C:\users\public\desktop\tuneup utilities 2014.lnk



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{028CD0CF-5F83-4E5E-815D-20B8308B07EC}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{032E7407-08EE-406D-96AB-D0E19275A0DC}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{03D404AD-1E46-47CE-AA0C-822A9DFAF444}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{0A11B03E-841C-4E6E-B5BF-997BDE8F83C4}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{0BBA95DF-5971-48D8-9157-B53430FEBA52}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{0FE1E776-D844-4D34-810B-738FABFED91B}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{12102A2D-10B7-441C-882F-884B8EFD1EE1}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{122A8AFE-B880-45A6-B446-91BEBAF77E6C}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{18D48EC6-5841-44BA-ABA2-2C89FE89418E}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{1D0C6314-F94E-472F-BF11-525DFA760BBD}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{22534C7A-147D-41F8-A80A-49B4F4E7BABE}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{24D89FD9-D43D-45C3-9E59-CB7B1EF0F37F}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{25583E63-AC24-4F64-A984-9F3451F568A6}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{25EEAAB6-34DC-4DB4-8AFE-6FC76EC3DE72}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{279BB582-71E4-4212-87B6-94EBE8911530}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{29D84C9F-B2E3-4B7C-BDBF-06818F82C767}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{2B91DB01-AE1F-453C-A05D-9F3FF1A3CBB8}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{31651DF6-7BB0-47B2-8506-DD5CB8361BFD}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{320F3D40-D4CB-417E-AF44-5CD6D63140BD}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{3745D703-885B-4ABC-BD13-EDA499EB6088}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{39264218-D9F4-4723-B2C0-A15138EC9446}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{400A7103-F623-42E5-BED8-7FB31159FF32}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{40867956-A282-46A2-A820-03AEBB6AB87B}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{48425A3F-3661-420D-AC37-A798EF6F8158}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{4B51EBE6-A40A-4ED8-8D1F-9C02410C90D7}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{4BE0D15F-B74E-41A0-875A-5C24060472B6}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{4C2DE20E-16F4-4064-8B22-5FA18EE547F1}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{4CE78C1A-A745-4253-AA61-EDE05D437080}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{4EDA141D-AC91-4F84-9D5B-97E716F9D522}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{5045A93B-6DC9-40BE-B909-78B76C7EFB02}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{53D60D68-DEF8-443A-8109-77467BBFFD5B}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{54931AAE-6E19-4B41-ABE8-D1C2204E2E69}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{55B438B0-F172-426E-9D2D-17DCA3CDA9C8}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{59CC68D0-73F8-452C-A5BB-A1786E0A8F9B}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{619AFCC0-4B54-4D66-ADCD-7E8AD8D56BC7}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{65AED798-C63D-42D9-8ACE-013066930963}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{70D87476-6238-48CB-815F-1D61CCCDFF2B}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{7276EB51-C873-4DF5-9BF1-67C158C76B00}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{729DFABD-AC9E-4B7E-9B45-DCD4081F5B15}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{73C2408D-0FCC-494D-83F9-74BE7107E337}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{7BD470E0-B79D-4A57-BB17-086D42F9FE8C}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{85DB6C10-B355-430F-9D24-457A03EC20AF}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{88FEBA15-2765-48EB-A068-421DA5CADDF4}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{8AE095BD-F1BD-47E1-8E9B-5D74903BF545}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{8CBBD0C9-2BE2-483B-A901-8667B5110724}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{905C84BC-EA67-46BD-8712-14A5A5B898AA}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{93E9ECFB-2B1C-4B36-B111-EAE582EB6270}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{9D977416-E13F-407E-B03A-7BA2CC0C1788}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{9DD78F9D-BFCE-45A3-9390-C9BB7BE926C0}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{9FE0747D-4219-4932-B47E-6424E1315C7F}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{A2EDFCA9-0EDB-4606-A5D3-A5B6F54B3248}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{A9AFD24D-3111-41E4-9B71-8FC12EA07704}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{AA96F60E-D7B9-472C-8287-DE2242F92222}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{AB1BFA8D-6FD2-410F-A4A6-6A143A780574}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{ACF38BB9-4C4C-4E40-BA25-17055C2B97F3}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{B03B9F6B-00EE-4125-A66F-B2680144812B}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{B8E64B45-9AA7-4308-925C-C29A68BE1BAC}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{BD155130-14B3-4CAA-9702-FC5454BAC7D3}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{C0C0A85B-5B04-489E-BB20-9709B85E5359}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{C67F6603-784F-42E8-A36F-D07B7442F6CF}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{D0937CA5-8445-4BAB-A136-B974766BBC6E}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{D3BBD2C4-32F5-4BD6-BCB2-C3F6BFDB3A49}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{D80836EA-63D4-447C-84DF-438EDEA3C845}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{D827B854-E063-4B4C-B3C4-F1CBDBD62C84}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{E4079B48-3349-414A-ACD0-17D34221894B}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{E592648D-BF87-4C0F-93D3-FDA1F6C37B74}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{F3C93475-E7E6-4083-987B-A6A5425F99CC}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{F504B142-A5F7-4D62-A19D-96A3A5A06FE9}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{F570674A-8BCE-4E2D-AB8A-2C2005A5C894}
Successfully deleted: [Empty Folder] C:\Users\Rudi\appdata\local\{F915F56A-609D-4849-96D1-3DB75BE504A2}
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\tuneup utilities 2014



~~~ FireFox

Successfully deleted: [File] C:\Users\Rudi\AppData\Roaming\mozilla\firefox\profiles\cd9c4tby.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\Rudi\AppData\Roaming\mozilla\firefox\profiles\cd9c4tby.default\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\Rudi\AppData\Roaming\mozilla\firefox\profiles\cd9c4tby.default\prefs.js

user_pref(avira.safe_search.search_was_active, false);
user_pref(extensions.bootstrappedAddons, {\safesearch@avira.com\:{\version\:\1.1.6\,\type\:\extension\,\descriptor\:\C:\\\\Users\\\\Rudi\\\\AppData\\\\Roaming\
user_pref(extensions.unitedinternet.email.runonceNewUsersShown, true);
Emptied folder: C:\Users\Rudi\AppData\Roaming\mozilla\firefox\profiles\cd9c4tby.default\minidumps [103 files]



~~~ Chrome


[C:\Users\Rudi\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Rudi\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Rudi\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Rudi\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.07.2015 at 20:35:33,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Rudi (administrator) on PCVN on 08-07-2015 20:39:11
Running from I:\
Loaded Profiles: Rudi (Available Profiles: Rudi & Maggi & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [NcpBudgetGui] => C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe [999424 2013-08-08] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] => C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncppopup.exe [1011280 2012-03-20] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpMonitor] => C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpmon.exe [7671056 2013-11-08] (NCP engineering GmbH)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Rudi\AppData\Roaming\Srinblfopf\FRITZ!DSL Protect.lnk [2012-11-20]
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Rudi\AppData\Roaming\Srinblfopf\picpkiqkurglrkaaomh.lnk [2013-08-05]
ShortcutTarget: picpkiqkurglrkaaomh.lnk -> C:\Users\Rudi\AppData\Local\Temp\hmoaakrlgrukqikpcip.bfg (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3471903468-164558032-738513436-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3471903468-164558032-738513436-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3471903468-164558032-738513436-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {CB869646-DFE9-4868-AD2C-83567275CA22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D298F812-DA32-4781-B36B-06868A9551BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-1001 -> {CB869646-DFE9-4868-AD2C-83567275CA22} URL =
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-1001 -> {D298F812-DA32-4781-B36B-06868A9551BE} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-07] (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18] (Sun Microsystems, Inc.)
BHO-x32: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3471903468-164558032-738513436-1001 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog5-x64 10 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 01 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 02 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 03 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 14 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 172.27.195.11 172.27.195.16
Tcpip\..\Interfaces\{1392CDF6-BB6F-4E01-88E8-448D855300B7}: [DhcpNameServer] 172.27.195.11 172.27.195.16

FireFox:
========
FF ProfilePath: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default
FF SelectedSearchEngine: GMX Suche
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-12-07] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-20] (Apple Inc.)
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\englische-ergebnisse.xml [2014-06-06]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\gmx-suche.xml [2014-06-06]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\lastminute.xml [2014-04-13]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\webde-suche.xml [2014-06-06]
FF Extension: Avira Browser Safety - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\abs@avira.com [2015-07-02]
FF Extension: GMX MailCheck - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\mailcheck@gmx.net [2015-06-22]
FF Extension: Garmin Communicator - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-03]
FF Extension: No Name - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]

Chrome:
=======
CHR Profile: C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (Google Search) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-02]
CHR Extension: (Skype Click to Call) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-02]
CHR Extension: (Gmail) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-02]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
S2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S2 ncpclcfg; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe [150800 2013-10-28] (NCP engineering GmbH)
S2 ncprwsnt; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe [1715464 2013-11-08] (NCP Engineering GmbH)
S2 NcpSec; C:\Program Files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] () [File not signed]
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [107312 2013-09-11] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [107312 2013-09-11] (NCP Engineering GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 20:35 - 2015-07-08 20:35 - 00010330 _____ C:\Users\Rudi\Desktop\JRT.txt
2015-07-08 20:32 - 2015-07-08 20:32 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PCVN-Windows-7-Professional-(64-bit).dat
2015-07-08 20:32 - 2015-07-08 20:32 - 00000000 ____D C:\RegBackup
2015-07-08 20:27 - 2015-07-08 20:29 - 00000000 ____D C:\AdwCleaner
2015-07-08 19:59 - 2015-07-08 20:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-08 19:59 - 2015-07-08 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-08 15:26 - 2015-07-08 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-08 15:11 - 2015-07-08 15:11 - 00000000 _____ C:\Users\Rudi\defogger_reenable
2015-07-08 15:10 - 2015-07-08 15:10 - 00002059 _____ C:\Users\Public\Desktop\LANCOM Advanced VPN Client.lnk
2015-07-08 15:10 - 2015-07-08 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LANCOM
2015-07-08 15:10 - 2015-07-08 15:10 - 00000000 ____D C:\Program Files (x86)\LANCOM
2015-07-08 15:10 - 2013-10-29 14:08 - 02162448 _____ (NCP engineering GmbH) C:\Windows\system32\NcpCredentialProvider.dll
2015-07-08 15:10 - 2013-09-11 13:33 - 00107312 _____ (NCP Engineering GmbH) C:\Windows\system32\Drivers\ncplelhp.sys
2015-07-08 15:10 - 2001-12-03 08:02 - 00000631 _____ C:\Windows\SysWOW64\ncppki.conf
2015-07-08 15:09 - 2015-07-08 15:09 - 29982377 _____ (InstallShield Software Corporation) C:\Users\Rudi\Downloads\LC-Advanced-VPN-Client-Win-2.32.exe
2015-07-08 14:00 - 2015-07-08 14:00 - 00020678 _____ C:\ComboFix.txt
2015-07-08 13:47 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-08 13:47 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-08 13:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-08 13:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-08 13:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-08 13:47 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-08 13:47 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-08 13:47 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-08 12:46 - 2015-07-08 14:00 - 00000000 ____D C:\Qoobox
2015-07-08 12:46 - 2015-07-08 13:59 - 00000000 ____D C:\Windows\erdnt
2015-07-08 10:07 - 2015-07-08 20:39 - 00000000 ____D C:\FRST
2015-07-08 09:37 - 2015-07-08 09:37 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-04 20:14 - 2015-07-04 20:15 - 24656929 _____ C:\Users\Rudi\Downloads\Update_FmWin_6031(1).exe
2015-07-04 20:08 - 2015-04-25 00:18 - 3429766358 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.exe
2015-07-04 20:07 - 2015-07-04 20:30 - 00000000 ____D C:\Users\Rudi\AppData\Local\Flymap Win
2015-07-04 20:07 - 2015-07-04 20:07 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flymap Win
2015-07-04 19:49 - 2015-07-04 20:01 - 502859710 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part5.rar
2015-07-04 17:08 - 2015-07-04 17:26 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part4.rar
2015-07-04 16:46 - 2015-07-04 17:04 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part3.rar
2015-07-04 15:16 - 2015-07-04 15:34 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part1.exe
2015-07-03 14:58 - 2015-07-04 20:16 - 00001095 _____ C:\Users\Rudi\Desktop\Flymap Win.lnk
2015-07-03 14:56 - 2015-07-03 14:57 - 33857200 _____ C:\Users\Rudi\Downloads\FmWin_6029_L.exe
2015-07-03 13:47 - 2015-07-04 09:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 13:26 - 2015-07-03 13:43 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part2.rar
2015-07-03 13:17 - 2015-07-03 13:20 - 138837899 _____ C:\Users\Rudi\Downloads\ICAO_Germany_2015.exe
2015-07-03 13:04 - 2015-07-03 13:04 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-07-03 13:03 - 2015-07-03 13:04 - 24656929 _____ C:\Users\Rudi\Downloads\Update_FmWin_6031.exe
2015-06-29 18:19 - 2015-06-29 18:19 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-26 22:06 - 2015-06-26 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-24 18:00 - 2015-07-08 20:00 - 17582768 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-12 16:34 - 2015-06-12 16:34 - 00002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-10 09:47 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:47 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:47 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:47 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:47 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:47 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 09:47 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 09:47 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 09:47 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 09:47 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 09:46 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:46 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 09:46 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:46 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 09:46 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:46 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:46 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:46 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:46 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:46 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 09:46 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 09:46 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 09:46 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 09:46 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 09:46 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 09:46 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 09:46 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 09:46 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 09:46 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:46 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:46 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 09:46 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 09:46 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:46 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 09:46 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 09:46 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 09:46 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 09:46 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 09:46 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 09:46 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 09:46 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 09:46 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 09:46 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 09:46 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 09:46 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 09:46 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 09:46 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 09:46 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 09:46 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 09:46 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 09:46 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 09:46 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 09:46 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 09:46 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 09:46 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 09:46 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 09:46 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 09:46 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 09:46 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 09:46 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:46 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:46 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:46 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:46 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:46 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:46 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:46 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:46 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:46 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:46 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:46 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:46 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:46 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:46 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:46 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:46 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:46 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:46 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:46 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:46 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:46 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:46 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:46 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:46 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:46 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:46 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:46 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:46 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:46 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 09:46 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 09:46 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 09:46 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 20:39 - 2009-07-14 06:45 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 20:39 - 2009-07-14 06:45 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 20:33 - 2011-02-18 23:09 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 20:31 - 2012-01-20 21:15 - 1370908974 _____ C:\Users\Rudi\DesktopStCenter.txt
2015-07-08 20:30 - 2015-01-20 18:22 - 00194224 _____ C:\Windows\PFRO.log
2015-07-08 20:30 - 2015-01-20 18:22 - 00012432 _____ C:\Windows\setupact.log
2015-07-08 20:30 - 2012-04-15 19:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 20:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-08 20:29 - 2011-02-18 23:09 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-08 20:29 - 2009-07-14 07:10 - 01520944 _____ C:\Windows\WindowsUpdate.log
2015-07-08 20:00 - 2012-04-15 19:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 20:00 - 2012-04-15 19:22 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 20:00 - 2011-05-20 20:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 15:26 - 2014-10-28 18:51 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-08 15:26 - 2010-12-07 21:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-08 15:26 - 2010-12-07 21:08 - 00000000 ____D C:\ProgramData\Skype
2015-07-08 15:24 - 2012-01-20 21:37 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\FRITZ!
2015-07-08 15:19 - 2009-07-14 04:34 - 00000521 _____ C:\Windows\win.ini
2015-07-08 15:11 - 2010-12-10 14:45 - 00000000 ____D C:\Users\Rudi
2015-07-08 15:10 - 2010-12-07 21:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-08 14:00 - 2012-10-09 11:34 - 00000000 ____D C:\Users\Neuer Ordner
2015-07-08 14:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-08 13:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-08 13:00 - 2010-12-10 14:35 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-07-08 11:13 - 2010-12-10 14:45 - 00000000 ____D C:\Users\Rudi\AppData\Local\SoftThinks
2015-07-08 11:12 - 2013-08-07 16:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-08 10:09 - 2009-07-14 19:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2015-07-08 10:09 - 2009-07-14 19:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2015-07-08 10:09 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 17:14 - 2010-12-10 15:13 - 00000000 ____D C:\Users\Maggi\AppData\Local\SoftThinks
2015-07-05 12:56 - 2010-12-13 15:44 - 00000000 ____D C:\Users\Rudi\Documents\Texte
2015-07-04 09:40 - 2012-04-24 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 13:59 - 2014-04-22 17:53 - 00000000 ____D C:\Users\Rudi\AppData\Local\Deployment
2015-07-02 21:06 - 2014-10-22 23:26 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
2015-06-29 20:07 - 2010-12-13 16:21 - 00000000 ____D C:\Users\Maggi\Documents\Texte
2015-06-25 07:53 - 2014-10-22 23:30 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2015-06-25 07:53 - 2014-10-22 23:30 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2015-06-25 07:53 - 2014-10-22 23:27 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-06-25 07:53 - 2014-10-22 23:27 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-06-25 07:53 - 2014-10-22 23:27 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2015-06-24 19:06 - 2014-12-16 09:22 - 00000000 ____D C:\Users\Maggi\AppData\Local\Windows Live
2015-06-24 19:04 - 2013-01-16 20:24 - 00002209 _____ C:\Users\Maggi\Desktop\Google Chrome.lnk
2015-06-23 13:30 - 2010-12-10 15:11 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-12 16:34 - 2011-02-18 23:09 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-11 13:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 10:36 - 2009-07-14 06:45 - 00409144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 10:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 10:19 - 2010-12-10 15:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 10:14 - 2013-08-14 11:49 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 10:09 - 2010-12-13 17:50 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 22:52 - 2014-05-10 16:36 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-09 10:13 - 2013-03-29 09:12 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 10:13 - 2013-03-29 09:12 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2012-04-25 17:36 - 2012-04-25 17:36 - 0002508 _____ () C:\Users\Rudi\AppData\Roaming\$_hpcst$.hpc
2012-03-11 21:25 - 2013-04-03 21:32 - 0000695 _____ () C:\Users\Rudi\AppData\Roaming\DriveCalculator Preferences
2015-05-10 09:09 - 2015-05-10 09:09 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{5D6EBB7B-2D3E-4374-87DF-5BEEEBF03FA7}
2015-05-22 09:29 - 2015-05-22 09:29 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{CBE5C5C6-1615-464B-A5CD-9DE3FB2A8629}
2015-04-05 15:31 - 2015-04-05 15:31 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{E1DA222C-A767-43F6-B3CA-69D17388AA2D}
2012-06-17 20:23 - 2012-06-17 20:23 - 0040960 _____ () C:\ProgramData\dimpxqfetwntqbp
2012-06-17 20:33 - 2012-06-17 20:33 - 0055808 _____ () C:\ProgramData\dsvxcdyrcqabehw
2013-08-05 15:52 - 2013-08-05 15:52 - 0000070 _____ () C:\ProgramData\picpkiqkurglrkaaomh.bat
2013-08-05 15:52 - 2013-08-05 15:52 - 0000165 _____ () C:\ProgramData\picpkiqkurglrkaaomh.reg

Files to move or delete:
====================
C:\ProgramData\picpkiqkurglrkaaomh.bat
C:\ProgramData\picpkiqkurglrkaaomh.reg


Some files in TEMP:
====================
C:\Users\Rudi\AppData\Local\Temp\avgnt.exe
C:\Users\Rudi\AppData\Local\Temp\Quarantine.exe
C:\Users\Rudi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 09:14

==================== End of log ============================
Der beschriebene RunDLL Fehler tritt leider nach wie vor auf.

schrauber 09.07.2015 08:36

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

pgross 09.07.2015 12:38
Super, vielen Dank für deine Mühe! Ich habe ESET wie in der Anleitung angegeben so eingestellt, dass er erkannte Malware nicht löscht. Hoffe das war richtig.

ESET log
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=79365c3365512c4e9d5b127129686e2d
# end=init
# utc_time=2015-07-09 07:42:08
# local_time=2015-07-09 09:42:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24713
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=79365c3365512c4e9d5b127129686e2d
# end=updated
# utc_time=2015-07-09 07:44:51
# local_time=2015-07-09 09:44:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=79365c3365512c4e9d5b127129686e2d
# engine=24713
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-09 10:47:16
# local_time=2015-07-09 12:47:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 11759 188068686 0 0
# scanned=246390
# found=11
# cleaned=0
# scan_time=10944
sh=C5DB8386C3A901DD6D4FB8B66685B889FA1099F9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3471903468-164558032-738513436-1001\$ROHJ4GT\Quarantine\C\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\user.js.vir"
sh=07F921BD4823CE7D6ABF4E298C917FE85CB9905D ft=0 fh=0000000000000000 vn="Win32/Spy.SpyEye.CFG.A Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\timerintray\config.bin.vir"
sh=F62301FEAC1BC67D54876FF576ECE5500A958A5B ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\prefs.js"
sh=B00481BAFD4C2C393115400B2388B8D9DF6C8F90 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\prefs.js.BAK"
sh=3ED9DFC70717216FCDF87FED48F412AA536AABFA ft=1 fh=a8d18090d7e27e23 vn="Win32/Peerfrag.BG Wurm" ac=I fn="J:\System Volume Information\_restore{670FD972-80EE-4795-8ACB-C60DC95E48EE}\RP1847\A0243811.exe"
sh=DB22E1F56262C31E6A2839566D5307934C9A5D8E ft=0 fh=0000000000000000 vn="INF/Autorun Wurm" ac=I fn="J:\System Volume Information\_restore{670FD972-80EE-4795-8ACB-C60DC95E48EE}\RP1847\A0243812.inf"
sh=0B2E1DAF263078E64D43B0F34A33CCECC65B3A49 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="J:\PCVN\Backup Set 2014-05-07 163240\Backup Files 2014-05-07 163240\Backup files 19.zip"
sh=1A2283D24DF27783E95161F8975B3E26F579C918 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="J:\PCVN\Backup Set 2014-05-07 163240\Backup Files 2014-12-28 170747\Backup files 19.zip"
sh=87417EB99C0E8C0EF1D31766BA2C4E73C0BC8E78 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="J:\PCVN\Backup Set 2014-05-07 163240\Backup Files 2015-01-04 190000\Backup files 1.zip"
sh=BF4B7B9034926B76C8BA9AFC0507F98EB84610A4 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="J:\PCVN\Backup Set 2014-05-07 163240\Backup Files 2015-01-11 190000\Backup files 28.zip"
sh=7CBD909A14BB2815B736E8AF05C42D103D76BEA1 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="J:\PCVN\Backup Set 2015-01-18 190000\Backup Files 2015-01-18 190000\Backup files 28.zip"
SecurityCheck
Code:
Results of screen317's Security Check version 1.004 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 16 
 Java(TM) 6 Update 29 
 Java version 32-bit out of Date!
  Adobe Flash Player 17.0.0.190 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (39.0)
 Mozilla Thunderbird (31.7.0)
 Google Chrome (43.0.2357.130)
 Google Chrome (43.0.2357.132)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 ESET ESET Online Scanner OnlineScannerApp.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST Log
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Rudi (administrator) on PCVN on 09-07-2015 13:34:26
Running from I:\
Loaded Profiles: Rudi & Maggi & Administrator (Available Profiles: Rudi & Maggi & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NCP engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe
(NCP Engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe
() C:\Program Files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(NCP engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
(NCP engineering GmbH) C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpmon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [NcpBudgetGui] => C:\Program Files (x86)\LANCOM\Advanced VPN Client\NcpBudgetGui.exe [999424 2013-08-08] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] => C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncppopup.exe [1011280 2012-03-20] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpMonitor] => C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpmon.exe [7671056 2013-11-08] (NCP engineering GmbH)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-3471903468-164558032-738513436-1001\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Rudi\AppData\Roaming\Srinblfopf\FRITZ!DSL Protect.lnk [2012-11-20]
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Rudi\AppData\Roaming\Srinblfopf\picpkiqkurglrkaaomh.lnk [2013-08-05]
ShortcutTarget: picpkiqkurglrkaaomh.lnk -> C:\Users\Rudi\AppData\Local\Temp\hmoaakrlgrukqikpcip.bfg (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3471903468-164558032-738513436-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3471903468-164558032-738513436-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3471903468-164558032-738513436-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3471903468-164558032-738513436-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
HKU\S-1-5-21-3471903468-164558032-738513436-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKU\S-1-5-21-3471903468-164558032-738513436-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
HKU\S-1-5-21-3471903468-164558032-738513436-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
SearchScopes: HKLM -> {CB869646-DFE9-4868-AD2C-83567275CA22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D298F812-DA32-4781-B36B-06868A9551BE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-1001 -> {CB869646-DFE9-4868-AD2C-83567275CA22} URL =
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-1001 -> {D298F812-DA32-4781-B36B-06868A9551BE} URL =
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-1002 -> {CB869646-DFE9-4868-AD2C-83567275CA22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-1002 -> {D298F812-DA32-4781-B36B-06868A9551BE} URL =
SearchScopes: HKU\S-1-5-21-3471903468-164558032-738513436-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-07] (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18] (Sun Microsystems, Inc.)
BHO-x32: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3471903468-164558032-738513436-1001 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -  No File
Toolbar: HKU\S-1-5-21-3471903468-164558032-738513436-1002 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -  No File
Toolbar: HKU\S-1-5-21-3471903468-164558032-738513436-500 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Winsock: Catalog5 10 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472 2009-07-28] (AVM Berlin)
Winsock: Catalog5-x64 10 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 01 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 02 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 03 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Winsock: Catalog9-x64 14 C:\Program Files\FRITZ!DSL\\sarah.dll [34104 2009-07-28] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 172.27.195.11 172.27.195.16
Tcpip\..\Interfaces\{1392CDF6-BB6F-4E01-88E8-448D855300B7}: [DhcpNameServer] 172.27.195.11 172.27.195.16

FireFox:
========
FF ProfilePath: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: GMX Suche
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-12-07] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-20] (Apple Inc.)
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\englische-ergebnisse.xml [2014-06-06]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\gmx-suche.xml [2014-06-06]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\lastminute.xml [2014-04-13]
FF SearchPlugin: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\searchplugins\webde-suche.xml [2014-06-06]
FF Extension: Avira Browser Safety - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\abs@avira.com [2015-07-02]
FF Extension: GMX MailCheck - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\mailcheck@gmx.net [2015-06-22]
FF Extension: Garmin Communicator - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-07-03]
FF HKU\S-1-5-21-3471903468-164558032-738513436-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR Profile: C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (Google Search) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-02]
CHR Extension: (Skype Click to Call) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-02]
CHR Extension: (Gmail) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-02]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 ncpclcfg; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncpclcfg.exe [150800 2013-10-28] (NCP engineering GmbH)
R2 ncprwsnt; C:\Program Files (x86)\LANCOM\Advanced VPN Client\ncprwsnt.exe [1715464 2013-11-08] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files (x86)\LANCOM\Advanced VPN Client\NCPSEC.EXE [119808 2011-04-21] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [107312 2013-09-11] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [107312 2013-09-11] (NCP Engineering GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 13:34 - 2015-07-09 13:34 - 00000000 ____D C:\FRST
2015-07-09 09:41 - 2015-07-09 09:41 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-09 09:34 - 2015-07-09 09:36 - 00001652 _____ C:\Users\Rudi\Desktop\public (intern.sfl-gmbh.de).lnk
2015-07-08 20:47 - 2015-07-08 20:47 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-08 20:47 - 2015-07-08 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-08 20:32 - 2015-07-08 20:32 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PCVN-Windows-7-Professional-(64-bit).dat
2015-07-08 20:32 - 2015-07-08 20:32 - 00000000 ____D C:\RegBackup
2015-07-08 19:59 - 2015-07-08 20:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-08 19:59 - 2015-07-08 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-08 15:11 - 2015-07-08 15:11 - 00000000 _____ C:\Users\Rudi\defogger_reenable
2015-07-08 15:10 - 2015-07-08 15:10 - 00002059 _____ C:\Users\Public\Desktop\LANCOM Advanced VPN Client.lnk
2015-07-08 15:10 - 2015-07-08 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LANCOM
2015-07-08 15:10 - 2015-07-08 15:10 - 00000000 ____D C:\Program Files (x86)\LANCOM
2015-07-08 15:10 - 2013-10-29 14:08 - 02162448 _____ (NCP engineering GmbH) C:\Windows\system32\NcpCredentialProvider.dll
2015-07-08 15:10 - 2013-09-11 13:33 - 00107312 _____ (NCP Engineering GmbH) C:\Windows\system32\Drivers\ncplelhp.sys
2015-07-08 15:10 - 2001-12-03 08:02 - 00000631 _____ C:\Windows\SysWOW64\ncppki.conf
2015-07-08 15:09 - 2015-07-08 15:09 - 29982377 _____ (InstallShield Software Corporation) C:\Users\Rudi\Downloads\LC-Advanced-VPN-Client-Win-2.32.exe
2015-07-08 13:47 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-08 13:47 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-08 13:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-08 13:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-08 13:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-08 13:47 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-08 13:47 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-08 13:47 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-08 12:46 - 2015-07-08 14:00 - 00000000 ____D C:\Qoobox
2015-07-08 12:46 - 2015-07-08 13:59 - 00000000 ____D C:\Windows\erdnt
2015-07-08 09:37 - 2015-07-08 09:37 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-04 20:14 - 2015-07-04 20:15 - 24656929 _____ C:\Users\Rudi\Downloads\Update_FmWin_6031(1).exe
2015-07-04 20:08 - 2015-04-25 00:18 - 3429766358 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.exe
2015-07-04 20:07 - 2015-07-04 20:30 - 00000000 ____D C:\Users\Rudi\AppData\Local\Flymap Win
2015-07-04 20:07 - 2015-07-04 20:07 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flymap Win
2015-07-04 19:49 - 2015-07-04 20:01 - 502859710 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part5.rar
2015-07-04 17:08 - 2015-07-04 17:26 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part4.rar
2015-07-04 16:46 - 2015-07-04 17:04 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part3.rar
2015-07-04 15:16 - 2015-07-04 15:34 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part1.exe
2015-07-03 14:58 - 2015-07-04 20:16 - 00001095 _____ C:\Users\Rudi\Desktop\Flymap Win.lnk
2015-07-03 14:56 - 2015-07-03 14:57 - 33857200 _____ C:\Users\Rudi\Downloads\FmWin_6029_L.exe
2015-07-03 13:47 - 2015-07-04 09:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 13:26 - 2015-07-03 13:43 - 734003200 _____ C:\Users\Rudi\Downloads\IntelliMaps_Europe_2015.sfx.part2.rar
2015-07-03 13:17 - 2015-07-03 13:20 - 138837899 _____ C:\Users\Rudi\Downloads\ICAO_Germany_2015.exe
2015-07-03 13:04 - 2015-07-03 13:04 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-07-03 13:03 - 2015-07-03 13:04 - 24656929 _____ C:\Users\Rudi\Downloads\Update_FmWin_6031.exe
2015-06-29 18:19 - 2015-06-29 18:19 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-26 22:06 - 2015-06-26 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-24 18:00 - 2015-07-08 20:00 - 17582768 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-12 16:34 - 2015-06-12 16:34 - 00002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-10 09:47 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:47 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:47 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:47 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:47 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:47 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 09:47 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 09:47 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 09:47 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 09:47 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 09:46 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:46 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 09:46 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:46 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 09:46 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:46 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:46 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:46 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 09:46 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:46 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:46 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:46 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:46 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 09:46 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 09:46 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 09:46 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 09:46 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 09:46 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 09:46 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 09:46 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 09:46 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 09:46 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 09:46 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 09:46 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:46 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:46 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 09:46 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 09:46 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:46 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:46 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 09:46 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 09:46 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 09:46 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 09:46 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 09:46 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 09:46 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 09:46 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 09:46 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 09:46 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 09:46 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 09:46 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 09:46 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 09:46 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 09:46 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 09:46 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 09:46 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 09:46 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 09:46 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 09:46 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 09:46 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 09:46 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 09:46 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 09:46 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 09:46 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 09:46 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 09:46 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:46 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:46 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:46 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:46 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:46 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:46 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:46 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:46 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:46 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:46 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:46 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:46 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:46 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:46 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:46 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:46 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:46 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:46 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:46 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:46 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:46 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:46 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:46 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:46 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:46 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:46 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:46 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:46 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:46 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 09:46 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 09:46 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 09:46 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 13:29 - 2011-02-18 23:09 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 13:00 - 2012-04-15 19:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-09 13:00 - 2010-12-10 14:35 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-07-09 10:27 - 2011-02-18 23:09 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-09 09:47 - 2009-07-14 19:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2015-07-09 09:47 - 2009-07-14 19:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2015-07-09 09:47 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-09 09:39 - 2009-07-14 06:45 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-09 09:39 - 2009-07-14 06:45 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-09 09:33 - 2012-01-20 21:15 - 1370909415 _____ C:\Users\Rudi\DesktopStCenter.txt
2015-07-09 09:31 - 2009-07-14 07:10 - 01559868 _____ C:\Windows\WindowsUpdate.log
2015-07-09 09:20 - 2015-01-20 18:22 - 00012712 _____ C:\Windows\setupact.log
2015-07-09 09:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 09:19 - 2012-01-20 21:37 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\FRITZ!
2015-07-08 20:47 - 2010-12-07 21:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-08 20:47 - 2010-12-07 21:08 - 00000000 ____D C:\ProgramData\Skype
2015-07-08 20:30 - 2015-01-20 18:22 - 00194224 _____ C:\Windows\PFRO.log
2015-07-08 20:00 - 2012-04-15 19:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 20:00 - 2012-04-15 19:22 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 20:00 - 2011-05-20 20:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 15:19 - 2009-07-14 04:34 - 00000521 _____ C:\Windows\win.ini
2015-07-08 15:11 - 2010-12-10 14:45 - 00000000 ____D C:\Users\Rudi
2015-07-08 15:10 - 2010-12-07 21:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-08 14:00 - 2012-10-09 11:34 - 00000000 ____D C:\Users\Neuer Ordner
2015-07-08 14:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-08 13:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-08 11:13 - 2010-12-10 14:45 - 00000000 ____D C:\Users\Rudi\AppData\Local\SoftThinks
2015-07-08 11:12 - 2013-08-07 16:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-07 17:14 - 2010-12-10 15:13 - 00000000 ____D C:\Users\Maggi\AppData\Local\SoftThinks
2015-07-05 12:56 - 2010-12-13 15:44 - 00000000 ____D C:\Users\Rudi\Documents\Texte
2015-07-04 09:40 - 2012-04-24 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 13:59 - 2014-04-22 17:53 - 00000000 ____D C:\Users\Rudi\AppData\Local\Deployment
2015-06-29 20:07 - 2010-12-13 16:21 - 00000000 ____D C:\Users\Maggi\Documents\Texte
2015-06-25 07:53 - 2014-10-22 23:30 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxt9A0.tmp
2015-06-24 19:06 - 2014-12-16 09:22 - 00000000 ____D C:\Users\Maggi\AppData\Local\Windows Live
2015-06-24 19:04 - 2013-01-16 20:24 - 00002209 _____ C:\Users\Maggi\Desktop\Google Chrome.lnk
2015-06-23 13:30 - 2010-12-10 15:11 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-12 16:34 - 2011-02-18 23:09 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-11 13:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 10:36 - 2009-07-14 06:45 - 00409144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 10:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 10:19 - 2010-12-10 15:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 10:14 - 2013-08-14 11:49 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 10:09 - 2010-12-13 17:50 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 22:52 - 2014-05-10 16:36 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-09 10:13 - 2013-03-29 09:12 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 10:13 - 2013-03-29 09:12 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2012-04-25 17:36 - 2012-04-25 17:36 - 0002508 _____ () C:\Users\Rudi\AppData\Roaming\$_hpcst$.hpc
2012-03-11 21:25 - 2013-04-03 21:32 - 0000695 _____ () C:\Users\Rudi\AppData\Roaming\DriveCalculator Preferences
2015-05-10 09:09 - 2015-05-10 09:09 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{5D6EBB7B-2D3E-4374-87DF-5BEEEBF03FA7}
2015-05-22 09:29 - 2015-05-22 09:29 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{CBE5C5C6-1615-464B-A5CD-9DE3FB2A8629}
2015-04-05 15:31 - 2015-04-05 15:31 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{E1DA222C-A767-43F6-B3CA-69D17388AA2D}
2012-06-17 20:23 - 2012-06-17 20:23 - 0040960 _____ () C:\ProgramData\dimpxqfetwntqbp
2012-06-17 20:33 - 2012-06-17 20:33 - 0055808 _____ () C:\ProgramData\dsvxcdyrcqabehw
2013-08-05 15:52 - 2013-08-05 15:52 - 0000070 _____ () C:\ProgramData\picpkiqkurglrkaaomh.bat
2013-08-05 15:52 - 2013-08-05 15:52 - 0000165 _____ () C:\ProgramData\picpkiqkurglrkaaomh.reg

Files to move or delete:
====================
C:\ProgramData\picpkiqkurglrkaaomh.bat
C:\ProgramData\picpkiqkurglrkaaomh.reg


Some files in TEMP:
====================
C:\Users\Maggi\AppData\Local\Temp\avgnt.exe
C:\Users\Rudi\AppData\Local\Temp\avgnt.exe
C:\Users\Rudi\AppData\Local\Temp\Quarantine.exe
C:\Users\Rudi\AppData\Local\Temp\sqlite3.dll
C:\Users\Rudi\AppData\Local\Temp\TUUUninstallHelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 09:14

==================== End of log ============================
Der Fehler tritt leider noch immer auf.

schrauber 10.07.2015 07:44
Java und Flash updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\$RECYCLE.BIN\S-1-5-21-3471903468-164558032-738513436-1001\$ROHJ4GT\Quarantine\C\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\user.js.vir

C:\Qoobox\Quarantine\C\timerintray\config.bin.vir

C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\prefs.js

C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\cd9c4tby.default\prefs.js.BAK

J:\System Volume Information\_restore{670FD972-80EE-4795-8ACB-C60DC95E48EE}\RP1847\A0243811.exe

J:\System Volume Information\_restore{670FD972-80EE-4795-8ACB-C60DC95E48EE}\RP1847\A0243812.inf

J:\PCVN\Backup Set 2014-05-07 163240\Backup Files 2014-05-07 163240\Backup files 19.zip

J:\PCVN\Backup Set 2014-05-07 163240\Backup Files 2014-12-28 170747\Backup files 19.zip

J:\PCVN\Backup Set 2014-05-07 163240\Backup Files 2015-01-04 190000\Backup files 1.zip

J:\PCVN\Backup Set 2014-05-07 163240\Backup Files 2015-01-11 190000\Backup files 28.zip

J:\PCVN\Backup Set 2015-01-18 190000\Backup Files 2015-01-18 190000\Backup files 28.zip
Startup: C:\Users\Rudi\AppData\Roaming\Srinblfopf\picpkiqkurglrkaaomh.lnk [2013-08-05]
ShortcutTarget: picpkiqkurglrkaaomh.lnk -> C:\Users\Rudi\AppData\Local\Temp\hmoaakrlgrukqikpcip.bfg (No File)
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Alle Zeitangaben in WEZ +1. Es ist jetzt 00:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19