Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Adware EoRezo kommt täglich (https://www.trojaner-board.de/168662-windows-7-adware-eorezo-kommt-taeglich.html)

knisbits 13.07.2015 10:51
Windows 7: Adware EoRezo kommt täglich
 
Hallo,

seit ein paar Wochen möchte sich täglich ein Programm installieren, das zur Adware EoRezo gehört. Trotz Virenscanner und Malwarebytes kommen die Meldungen mehrfach täglich. Die Dateien speichern sich überwiegend in User/Appdata/local/temp ab und tragen die Bezeichnung is~xxxx. Ich habe die Dateien schon mehrfach direkt in dem Ordner (auch im abgesicherten Modus) entfernt, aber sie kommen immer wieder.

Des Weiteren habe ich bereits Malwarebytes Premium, Avira Security Suite, Adwarecleaner, Spyblaster und Security Task Manager installiert, aber die Programme gehen nicht weg. Ich weiss auch nicht, was ursächlich dafür war. Vielleicht ein Update von Mozilla oder Windows Update? Letzteres hatte ich monatelang ausgeschalten, aber mit den jetzigen Problemem wieder aktiviert.

Jetzt hoffe ich auf Eure Hilfe.

Anbei noch meine Logs.

schrauber 13.07.2015 10:51
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


knisbits 13.07.2015 11:03
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:21 on 09/07/2015 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by ***** (administrator) on DELL on 09-07-2015 20:23:34
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** & Gast (Available Profiles: ***** & Gast)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avwebg7.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\MaxComputerCleaner_v40.544\MaxComputerCleaner_Maintenance.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Neuber Software - www.neuber.com) C:\Program Files\Security Task Manager\SpyProtector.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2010-01-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [MaxComputerCleaner_v40.544] => C:\Program Files\MaxComputerCleaner_v40.544\MaxComputerCleaner_Maintenance.exe [31432 2015-05-26] ()
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\Run: [Spy Protector] => C:\Program Files\Security Task Manager\SpyProtector.exe [143696 2015-01-20] (Neuber Software - www.neuber.com)
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\MountPoints2: {54ed6286-1c33-11e3-8771-002219ee5804} - F:\ting.exe
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\MountPoints2: {8de25a6b-a53c-11e4-8a7f-002219ee5804} - F:\AutoRun.exe
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\MountPoints2: {cab727f6-f453-11e2-9522-002219ee5804} - G:\LGAutoRun.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:51489;https=127.0.0.1:51489
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/de-de/?ocid=U218DHP&pc=U218
HKU\S-1-5-21-2658783408-2872151984-4163876688-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2658783408-2872151984-4163876688-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{40291A9A-F343-4464-AE17-E07FD7983EC2}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{83642F9C-5316-4FBD-86F3-C5568057A4A7}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{D1A00C5C-B00A-41C1-BC16-B4F2AB0BA1F4}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Ask Search
FF Homepage: hxxp://web.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_205.dll [2015-07-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\mailcheck@web.de [2015-05-27]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-19]
FF Extension: Browser-Security - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\firefox@browser-security.de.xpi [2015-05-27]
FF Extension: Forecastfox (fix version) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\forecastfox@s3_fix_version.xpi [2015-05-11]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-10-01]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-03-11] (SupportSoft, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-24] (soft Xpansion)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. )
S3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 20:23 - 2015-07-09 20:23 - 00014952 _____ C:\Users\*****\Desktop\FRST.txt
2015-07-09 20:23 - 2015-07-09 20:23 - 00000000 ____D C:\FRST
2015-07-09 20:22 - 2015-07-09 20:22 - 01636352 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-07-09 20:21 - 2015-07-09 20:21 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2015-07-09 20:21 - 2015-07-09 20:21 - 00000474 _____ C:\Users\*****\Desktop\defogger_disable.log
2015-07-09 20:21 - 2015-07-09 20:21 - 00000000 _____ C:\Users\*****\defogger_reenable
2015-07-09 20:16 - 2015-07-09 20:17 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-07-09 20:16 - 2015-07-09 20:16 - 00000000 ____D C:\Users\*****\AppData\Local\SecTaskMan
2015-07-09 20:13 - 2015-07-09 20:13 - 00000000 ____D C:\Users\*****\Desktop\trojanerboard
2015-07-09 12:29 - 2015-07-09 12:29 - 00001170 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-07-09 12:23 - 2015-07-09 15:18 - 00000000 ____D C:\Users\*****\AppData\Local\AviraSpeedup
2015-07-09 12:23 - 2015-07-09 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-07-09 12:20 - 2015-07-09 12:21 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-07-09 12:19 - 2015-07-09 12:19 - 06908464 _____ (Avira Operations GmbH & Co. KG ) C:\Users\*****\Desktop\avira_speedup_internetsecuritysuite(1).exe
2015-07-07 11:44 - 2015-07-07 11:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Avira
2015-07-07 11:43 - 2015-07-07 12:09 - 00002011 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-07-07 11:41 - 2015-06-16 09:36 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-07 11:41 - 2015-06-16 09:36 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-07 11:41 - 2015-06-16 09:36 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-07-07 11:41 - 2015-06-16 09:36 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-07-07 10:45 - 2015-07-07 10:45 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\*****\avira_de_issudl_3006934079_lq4nm1wfrkq8fkierj46_wd.exe
2015-07-07 10:40 - 2015-07-07 10:40 - 00000000 ____D C:\Users\*****\Mozilla
2015-06-29 09:38 - 2015-07-09 19:51 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 09:38 - 2015-07-02 09:33 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-29 09:38 - 2015-07-02 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 09:38 - 2015-06-18 09:38 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 09:38 - 2015-06-18 09:38 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-29 09:38 - 2015-06-18 09:38 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-25 11:33 - 2015-06-25 11:43 - 00000000 ____D C:\ProgramData\TEMP
2015-06-25 11:33 - 2015-06-25 11:36 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-06-25 11:33 - 2015-06-25 11:33 - 00001048 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-06-25 11:33 - 2015-06-25 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-06-25 11:33 - 2015-06-25 11:33 - 00000000 ____D C:\ProgramData\Licenses
2015-06-25 11:33 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL
2015-06-23 21:05 - 2015-01-09 04:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-23 21:05 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-23 21:05 - 2015-01-09 04:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-06-20 11:02 - 2015-06-20 11:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-20 11:02 - 2015-06-20 11:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-20 10:26 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-20 10:17 - 2015-01-09 01:44 - 00419936 _____ C:\Windows\system32\locale.nls
2015-06-20 10:11 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-06-20 10:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-20 10:03 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-20 10:03 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-20 10:03 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-20 09:41 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-20 09:41 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-20 09:41 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-20 09:41 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-20 09:41 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-20 09:41 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-20 09:41 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-20 09:41 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-20 09:41 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-20 09:41 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-20 09:41 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-20 09:41 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-20 09:41 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-20 09:41 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-20 09:41 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-20 09:41 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-20 09:41 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-20 09:41 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-20 09:41 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-20 09:41 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-20 09:41 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-20 09:41 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-20 09:41 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-20 09:41 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-20 09:41 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-20 09:41 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-20 09:41 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-20 09:41 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-20 09:41 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-20 09:41 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-20 09:41 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-20 09:41 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-20 09:41 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-20 09:41 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-20 09:41 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-20 09:41 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-20 09:41 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-20 09:41 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-20 09:41 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-20 09:41 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-20 09:41 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-20 09:41 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-20 09:41 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-20 09:41 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-20 09:40 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-20 09:40 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-20 09:40 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-20 09:40 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-20 09:40 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-20 09:40 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-20 09:40 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-20 09:40 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-20 09:40 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-20 09:40 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-20 09:40 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-20 09:40 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-20 09:39 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-20 09:39 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-20 09:39 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-20 09:39 - 2015-01-28 01:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-06-20 09:39 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-20 09:39 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-20 09:39 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-20 09:39 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-20 09:39 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-20 09:39 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-06-20 09:39 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-20 09:39 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-06-20 09:39 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-06-20 09:39 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-06-20 09:39 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-06-20 09:39 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-06-20 09:39 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-20 09:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-20 09:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-20 09:38 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-20 09:38 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-20 09:38 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-20 09:38 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-20 09:38 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-20 09:38 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-20 09:38 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-20 09:38 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-20 09:38 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-20 09:38 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-20 09:38 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-20 09:38 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-20 09:38 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-20 09:38 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-20 09:38 - 2014-12-11 19:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-20 09:38 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-20 09:38 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-06-20 09:38 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-20 09:38 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-20 09:38 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-06-20 09:38 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-06-20 09:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-20 09:37 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-20 09:37 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-20 09:37 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-20 09:37 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-20 09:37 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-20 09:37 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-20 09:37 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-20 09:37 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-20 09:37 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-20 09:37 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-20 09:37 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-20 09:37 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-20 09:37 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-20 09:37 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-20 09:37 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-20 09:37 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-20 09:37 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-20 09:37 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-20 09:37 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-20 09:37 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-20 09:37 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-20 09:37 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-20 09:37 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-20 09:37 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-20 09:37 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-20 09:37 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-20 09:37 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-20 09:37 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-20 09:37 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-20 09:37 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-20 09:37 - 2014-11-11 03:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-06-20 09:37 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-20 09:37 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-06-20 09:37 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-20 09:37 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-20 09:37 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-20 09:37 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-20 09:37 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-06-20 09:37 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-20 09:37 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-20 09:37 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-20 09:37 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-20 09:37 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-20 09:37 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-20 09:37 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-06-20 09:31 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-20 09:31 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-06-20 09:23 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-06-19 20:09 - 2015-07-05 12:55 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-06-19 20:00 - 2015-06-19 20:00 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-06-19 20:00 - 2015-06-19 20:00 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-06-19 20:00 - 2015-06-19 20:00 - 00001104 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-06-19 20:00 - 2015-06-19 20:00 - 00000000 ____D C:\Program Files\Security Task Manager
2015-06-19 12:24 - 2015-06-19 12:24 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-19 12:23 - 2015-07-09 19:52 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000UA.job
2015-06-19 12:23 - 2015-07-09 12:28 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000Core.job
2015-06-19 12:23 - 2015-06-19 12:23 - 00000000 ____D C:\Users\*****\AppData\Local\Dropbox
2015-06-19 12:23 - 2015-06-19 12:23 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-09 13:16 - 2015-07-07 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 20:21 - 2013-07-12 16:21 - 00000000 ____D C:\Users\*****
2015-07-09 20:15 - 2015-03-09 20:44 - 00000000 ____D C:\Users\*****\Desktop\DAK
2015-07-09 19:51 - 2013-07-12 16:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-09 19:51 - 2013-07-12 16:13 - 01562214 _____ C:\Windows\WindowsUpdate.log
2015-07-09 15:18 - 2013-07-24 13:26 - 00000000 ____D C:\Windows\Minidump
2015-07-09 15:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-07-09 14:42 - 2010-11-20 23:01 - 01620796 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-09 14:39 - 2014-01-18 21:30 - 00000000 ___RD C:\Users\*****\Dropbox
2015-07-09 14:39 - 2014-01-18 21:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2015-07-09 12:55 - 2009-07-14 06:34 - 00021264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-09 12:55 - 2009-07-14 06:34 - 00021264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-09 12:46 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 12:46 - 2009-07-14 06:33 - 00266744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-09 12:23 - 2013-07-24 17:28 - 00059640 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-09 12:21 - 2013-07-21 10:34 - 00000000 ____D C:\Program Files\Avira
2015-07-09 12:20 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-07-08 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\TAPI
2015-07-08 12:34 - 2013-07-12 16:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-08 12:34 - 2013-07-12 16:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-07 11:41 - 2013-07-21 10:34 - 00000000 ____D C:\ProgramData\Avira
2015-07-07 10:58 - 2015-04-10 09:56 - 00020480 ___SH C:\Users\*****\Thumbs.db
2015-07-07 10:54 - 2014-08-14 09:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-07 07:23 - 2013-07-12 16:43 - 00000000 ____D C:\Users\*****\AppData\Roaming\SoftGrid Client
2015-07-03 21:09 - 2014-07-04 20:29 - 00048410 _____ C:\Users\*****\Desktop\Aufstellung Arbeitsstunden.xlsx
2015-07-02 10:31 - 2014-06-05 09:40 - 00000000 __SHD C:\Users\*****\AppData\Local\EmieUserList
2015-07-02 10:31 - 2014-06-05 09:40 - 00000000 __SHD C:\Users\*****\AppData\Local\EmieSiteList
2015-07-02 09:33 - 2015-03-25 22:52 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-30 11:30 - 2015-03-25 20:55 - 00000000 ____D C:\AdwCleaner
2015-06-25 11:14 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-25 11:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-06-24 08:54 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-23 21:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2015-06-22 09:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2015-06-20 14:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-06-20 11:06 - 2009-07-14 04:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-20 11:02 - 2014-05-08 09:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-20 11:02 - 2010-11-21 02:54 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-20 11:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-20 11:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-20 09:58 - 2014-01-23 13:03 - 00000000 ____D C:\Windows\system32\MRT
2015-06-19 20:22 - 2013-08-07 07:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-19 20:19 - 2013-08-07 07:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-19 19:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Globalization
2015-06-19 09:36 - 2013-07-12 16:29 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla
2015-06-16 09:36 - 2013-07-21 10:34 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-06-12 10:41 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\Offline Web Pages
2015-06-12 09:55 - 2014-09-23 19:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-11 18:30 - 2014-09-23 19:41 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-11 18:30 - 2013-07-12 16:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-09 20:36 - 2013-07-24 16:14 - 00000000 ____D C:\Users\*****\Desktop\fotos zum entwickeln

==================== Files in the root of some directories =======

2013-08-03 21:20 - 2013-08-03 21:20 - 0007606 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\*****\avira_de_issudl_3006934079_lq4nm1wfrkq8fkierj46_wd.exe


Some files in TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkwv98m.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-04 09:01

==================== End of log ============================
--- --- ---

Code:
Additional
FRST Logfile:

       
Code:

       
scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by ***** at 2015-07-09 20:24:24
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2658783408-2872151984-4163876688-500 - Administrator - Disabled)
Gast (S-1-5-21-2658783408-2872151984-4163876688-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2658783408-2872151984-4163876688-1002 - Limited - Enabled)
***** (S-1-5-21-2658783408-2872151984-4163876688-1000 - Administrator - Enabled) => C:\Users\*****

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.590 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.205 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM\...\Avira System Speedup_is1) (Version: 1.6.10.1246 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Security (HKLM\...\Browser-Security) (Version: 1.0.5.0 - )
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version:  - )
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.224 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Digital Photo Navigator 1.5 (HKLM\...\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}) (Version:  - )
Dropbox (HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Elements 10 Organizer (Version: 10.0 - Ihr Firmenname) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.16483 - Landesfinanzdirektion Thüringen)
Ericsson Wireless Manager (HKLM\...\{FF203294-02C1-4632-832C-762CBD15CF2D}) (Version: 5.2.1045.57 - Dell)
Everio MediaBrowser (HKLM\...\{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}) (Version: 1.00.013 - PIXELA)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LG Bluetooth Drivers (HKLM\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG United Mobile Drivers (HKLM\...\{7BF5C379-41FF-4C6D-842C-DF82D74C2B14}) (Version: 3.7.2.0 - LG Electronics)
MaintenanceService 1.0.0 (HKLM\...\zz.544.mcc) (Version: 1.0.0 - CSDI)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.21.00.03 - Huawei Technologies Co.,Ltd)
Modem Diagnostics Tool (HKLM\...\{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}) (Version: 1.0.22.0 - Dell)
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photo Notifier and Animation Creator (HKLM\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)
PRE10STIInstaller (Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (Version: 10.0 - Adobe Systems Incorporated) Hidden
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
RICOH Media Driver ver.2.07.01.00 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH)
Security Task Manager 2.0d (HKLM\...\Security Task Manager) (Version: 2.0d - Neuber Software)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 Plugin (HKLM\...\{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (Version: 5.7.1 - SmartSound Software Inc.) Hidden
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Windows Utils (HKLM\...\Windows Utils) (Version:  - )
Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

23-06-2015 21:05:06 Windows Update
01-07-2015 12:11:22 Geplanter Prüfpunkt
09-07-2015 12:21:37 Avira System Speedup 1.6.5
09-07-2015 12:27:24 Avira System Speedup 1.6.10

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06F201F4-7317-459A-8259-684E50928846} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {0ECD9356-DFF8-4554-83ED-A7EE666D9F4A} - \WordShark Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: {1A48A01E-08C1-4D40-A8DF-B6A606D96057} - System32\Tasks\{A92944FD-F0B9-4234-B874-4024D4477A1A} => pcalua.exe -a C:\Users\*****\Downloads\smwin143de.exe -d C:\Users\*****\Downloads
Task: {3B397781-4EDC-4618-B437-D29A14BE766F} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2015-06-17] (Avira Operations GmbH & Co. KG)
Task: {4A07045C-1EFA-4BF9-9F7F-C0A8C69E6DAC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000UA => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {53BCA81D-C5E3-4C18-AC7D-72E3043C1579} - System32\Tasks\{8F7467BB-3E53-4C26-A088-5C10E86EC387} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {5CA41FFE-1409-44E9-A716-FB88A759EDE1} - System32\Tasks\{C1569C5F-25C8-490B-97F1-7E6F2EA91ECA} => pcalua.exe -a "C:\Program Files\LG Electronics\LG Bluetooth Drivers\UninstallShld.exe" -d C:\Windows\system32 -c C:\Program Files\LG Electronics\LG Bluetooth Drivers
Task: {AD190E38-CF11-45A4-A00E-3D3F1466D5AE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000Core => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {B521A6D2-F19C-480E-89FC-F83D4E408438} - System32\Tasks\{395E5F92-BDD4-476A-BE90-74251E11422D} => pcalua.exe -a E:\ZIPFILES\_R194237.EXE -d E:\ZIPFILES
Task: {BB54A577-3CB8-4986-8455-60A2594A563C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {C92C3045-7204-462B-98E2-ECEA367A9659} - System32\Tasks\PostPoneInstall => C:\Users\*****\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {CAA932AC-F0A8-421C-91C7-29017F1ED91C} - System32\Tasks\{9EBBAC0B-B4DF-446B-8A9A-9F04CFD56246} => pcalua.exe -a E:\ZIPFILES\_R194235.EXE -d E:\ZIPFILES
Task: {D60CD9CB-6499-499E-9ABD-1F4929E90D49} - System32\Tasks\{2B175F30-DB77-4283-9289-0C0D17830036} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {F3972A81-211D-4296-8EDF-F77C91F501E6} - \WordShark Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
Task: {FF56B09C-E20F-4772-8773-45E658BE4163} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000Core.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000UA.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-07-12 17:01 - 2008-11-17 07:29 - 00026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2013-07-12 17:01 - 2008-11-17 07:29 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-26 16:34 - 2013-07-23 05:47 - 00239696 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2015-05-26 18:18 - 2015-05-26 18:18 - 00031432 _____ () C:\Program Files\MaxComputerCleaner_v40.544\MaxComputerCleaner_Maintenance.exe
2015-07-09 14:39 - 2015-07-09 14:39 - 00043008 ____N () c:\users\*****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkwv98m.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2658783408-2872151984-4163876688-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Scanner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2658783408-2872151984-4163876688-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk => C:\Windows\pss\MBCameraMonitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Dropbox Update => "C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{85599A72-E26C-46F3-89D0-B837945A236F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{610645C8-B63A-408D-AA9E-AC847FD7D023}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{96FB713E-3710-46FD-8178-9325EE7DEADE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCB211D4-62B3-4A00-8248-E626DF572CC9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ABF8BBE6-5B64-4C9C-BBB3-E5F4A2AC2F76}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C55F8FF1-2DF3-4B2A-ABE6-B3EB083E5FBC}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{F2BAB387-2E42-4DC0-AC82-7486EB647FCA}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8543C986-7BA0-40EF-A337-193EB2F30115}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B8A5AF3B-6FFE-4EA1-98A5-23384D4748B2}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{58895474-99A4-4AE6-83FF-0B04AD68A410}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{EB581668-FA28-4F3F-8E94-A7FED21BA583}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B1A820FD-1279-4CC4-AC77-B12299558573}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9B59272F-3CFF-4686-82A7-C0871A2A64CF}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F77FDC70-8E5A-4A5D-A30A-9DA655131490}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B57F3F73-D8DF-4EAF-9D12-1DE640680539}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Canon MP620 ser Network
Description: Canon MP620 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2015 03:24:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6100

Error: (07/09/2015 03:24:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6100

Error: (07/09/2015 03:24:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/09/2015 03:24:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5102

Error: (07/09/2015 03:24:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5102

Error: (07/09/2015 03:24:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/09/2015 03:24:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4103

Error: (07/09/2015 03:24:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4103

Error: (07/09/2015 03:24:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/09/2015 03:24:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3105


System errors:
=============
Error: (07/09/2015 02:25:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/09/2015 00:45:59 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (07/09/2015 10:14:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.

Error: (07/08/2015 04:52:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (07/08/2015 00:42:39 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (07/08/2015 07:59:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (07/07/2015 08:41:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (07/07/2015 10:06:50 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (07/03/2015 10:56:06 AM) (Source: DCOM) (EventID: 10016) (User: dell)
Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}dell*****S-1-5-21-2658783408-2872151984-4163876688-1000LocalHost (unter Verwendung von LRPC)

Error: (07/03/2015 10:56:06 AM) (Source: DCOM) (EventID: 10016) (User: dell)
Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}dell*****S-1-5-21-2658783408-2872151984-4163876688-1000LocalHost (unter Verwendung von LRPC)


Microsoft Office:
=========================
Error: (07/09/2015 03:24:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6100

Error: (07/09/2015 03:24:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6100

Error: (07/09/2015 03:24:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/09/2015 03:24:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5102

Error: (07/09/2015 03:24:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5102

Error: (07/09/2015 03:24:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/09/2015 03:24:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4103

Error: (07/09/2015 03:24:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4103

Error: (07/09/2015 03:24:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/09/2015 03:24:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3105


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 57%
Total physical RAM: 3030.89 MB
Available physical RAM: 1285.05 MB
Total Virtual: 6060.1 MB
Available Virtual: 3868.75 MB

==================== Drives ================================

Drive c: (win7-32) (Fixed) (Total:270.35 GB) (Free:186.1 GB) NTFS
Drive d: (Daten) (Fixed) (Total:195.31 GB) (Free:156.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1EFCCBBE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== End of log ============================

--- --- ---


       
Code:

       
GMER Logfile:

       
Code:

       
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-09 20:41:47
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LM012_HN-M500MBB rev.2AR10002 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\pgldapod.sys


---- System - GMER 2.1 ----

SSDT            92E537F6                                                                                                                         ZwCreateSection
SSDT            92E537CE                                                                                                                         ZwCreateSymbolicLinkObject
SSDT            92E537D3                                                                                                                         ZwLoadDriver
SSDT            92E537C9                                                                                                                         ZwOpenSection
SSDT            92E53800                                                                                                                         ZwRequestWaitReplyPort
SSDT            92E537FB                                                                                                                         ZwSetContextThread
SSDT            92E53805                                                                                                                         ZwSetSecurityObject
SSDT            92E537D8                                                                                                                         ZwSetSystemInformation
SSDT            92E5380A                                                                                                                         ZwSystemDebugControl
SSDT            92E53797                                                                                                                         ZwTerminateProcess
SSDT            92E53792                                                                                                                         ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRequestPort + 14AD                                                                                                82C7BBB5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                           82CB5B92 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                              82CBD0BC 4 Bytes  [F6, 37, E5, 92] {DIV BYTE [EDI]; IN EAX, 0x92}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                                                              82CBD0C4 4 Bytes  [CE, 37, E5, 92] {INTO ; AAA ; IN EAX, 0x92}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                                              82CBD1D8 4 Bytes  [D3, 37, E5, 92] {SAL [EDI], CL; IN EAX, 0x92}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                                                              82CBD274 4 Bytes  [C9, 37, E5, 92] {LEAVE ; AAA ; IN EAX, 0x92}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                              82CBD418 4 Bytes  [00, 38, E5, 92] {ADD [EAX], BH; IN EAX, 0x92}
.text           ...                                                                                                                             

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtClose                     76DF5520 5 Bytes  JMP 54601147 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtCreateFile                76DF5620 5 Bytes  JMP 545FFE6B C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtCreateKey                 76DF5660 5 Bytes  JMP 545FD0FB C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtDeleteFile                76DF5860 5 Bytes  JMP 545FFC88 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtDeleteKey                 76DF5870 5 Bytes  JMP 545FC120 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtDeleteValueKey            76DF58A0 5 Bytes  JMP 545FC3E3 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtDuplicateObject           76DF58F0 5 Bytes  JMP 5460121D C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtEnumerateKey              76DF5940 5 Bytes  JMP 545FC1C4 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtEnumerateValueKey         76DF5970 5 Bytes  JMP 545FC33D C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtFlushKey                  76DF59E0 5 Bytes  JMP 545FC172 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtNotifyChangeKey           76DF5CC0 5 Bytes  JMP 545FC491 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtNotifyChangeMultipleKeys  76DF5CD0 5 Bytes  JMP 545FC51F C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtOpenFile                  76DF5D30 5 Bytes  JMP 545FFFF6 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtOpenKey                   76DF5D60 5 Bytes  JMP 545FCDA8 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtOpenKeyEx                 76DF5D70 5 Bytes  JMP 545FCE84 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtQueryAttributesFile       76DF5F90 5 Bytes  JMP 545FFCF3 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtQueryDirectoryFile        76DF5FF0 5 Bytes  JMP 545FEC7C C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtQueryFullAttributesFile   76DF6040 5 Bytes  JMP 545FFD63 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtQueryKey                  76DF6140 5 Bytes  JMP 545FC217 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtQueryMultipleValueKey     76DF6160 5 Bytes  JMP 545FC43E C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtQueryObject               76DF6180 5 Bytes  JMP 54601273 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtQuerySecurityObject       76DF6200 5 Bytes  JMP 546011B7 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtQueryValueKey             76DF62A0 5 Bytes  JMP 545FC2EA C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtRenameKey                 76DF6420 5 Bytes  JMP 545FC729 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtSetInformationFile        76DF6690 5 Bytes  JMP 545FFDD3 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtSetInformationKey         76DF66B0 5 Bytes  JMP 545FC27D C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtSetSecurityObject         76DF67B0 5 Bytes  JMP 546012D0 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ntdll.dll!NtSetValueKey               76DF6860 5 Bytes  JMP 545FC390 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!CreateProcessW           76B9204D 5 Bytes  JMP 545D92EF C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!CreateProcessA           76B92082 5 Bytes  JMP 545D942D C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!CreateProcessAsUserW     76BC5B07 5 Bytes  JMP 545D9663 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!ReplaceFile              76BF1838 5 Bytes  JMP 545D7782 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!ReplaceFileA             76C1D141 5 Bytes  JMP 545D76A2 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!SetDllDirectoryW         76C1DC83 5 Bytes  JMP 545D9F86 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!SetDllDirectoryA         76C1DD2C 5 Bytes  JMP 545DA2B9 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!WinExec                  76C1F2AE 5 Bytes  JMP 545D9B28 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!AllocConsole             76C3CC2D 5 Bytes  JMP 546022D1 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!AttachConsole            76C3CCFB 2 Bytes  JMP 546022E3 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] kernel32.dll!AttachConsole + 3        76C3CCFE 2 Bytes  [9C, DD]
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] USER32.dll!CreateWindowExA            75E7BF40 5 Bytes  JMP 546022A1 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] USER32.dll!CreateWindowExW            75E7EC7C 5 Bytes  JMP 546022B9 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] GDI32.dll!AddFontResourceW            76FAED83 5 Bytes  JMP 545E755E C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] GDI32.dll!AddFontResourceA            76FAF117 5 Bytes  JMP 545E7542 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!EnumDependentServicesW   75D21E3A 7 Bytes  JMP 545EA372 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!EnumServicesStatusExW    75D2B406 7 Bytes  JMP 545EB293 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!GetServiceKeyNameW       75D4792F 7 Bytes  JMP 545EAA19 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!GetServiceDisplayNameW   75D479EB 7 Bytes  JMP 545EABCA C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!EnumServicesStatusExA    75D4A412 7 Bytes  JMP 545EB359 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!CreateProcessAsUserA     75D6280A 5 Bytes  JMP 545D97A5 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!GetServiceKeyNameA       75D81FFE 7 Bytes  JMP 545EAAD1 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!GetServiceDisplayNameA   75D820A1 7 Bytes  JMP 545EAC82 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!EnumServicesStatusA      75D82491 7 Bytes  JMP 545EB1D5 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!EnumDependentServicesA   75D82574 7 Bytes  JMP 545EA429 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ADVAPI32.dll!EnumServicesStatusW      75D82691 5 Bytes  JMP 545EB117 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoRegisterPSClsid           7574C56E 5 Bytes  JMP 545F0D98 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoResumeClassObjects + 7    7574EA09 7 Bytes  JMP 545F1369 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!OleRun                      757507DE 5 Bytes  JMP 545F1224 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoRegisterClassObject       757521E1 5 Bytes  JMP 545F1E99 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!OleUninitialize             7575EBA1 6 Bytes  JMP 545F1143 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!OleInitialize               7575EFD7 5 Bytes  JMP 545F10D3 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoGetPSClsid                757626B9 5 Bytes  JMP 545F0F10 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoGetClassObject            757754AD 5 Bytes  JMP 545F2427 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoInitializeEx              757809AD 5 Bytes  JMP 545F0F83 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoUninitialize              757886D3 5 Bytes  JMP 545F1005 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoCreateInstance            75789D0B 5 Bytes  JMP 545F36F5 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoCreateInstanceEx          75789D4E 5 Bytes  JMP 545F1830 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoSuspendClassObjects + 7   757ABB09 7 Bytes  JMP 545F1294 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoRevokeClassObject         757CEACF 5 Bytes  JMP 545F07F5 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!CoGetInstanceFromFile       7580340B 5 Bytes  JMP 545F28E7 C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[2740] ole32.dll!OleRegEnumFormatEtc         7584CFD9 5 Bytes  JMP 545F11AE C:\Windows\system32\sftldr.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] ntdll.dll!NtCreateFile                                                        76DF5620 5 Bytes  JMP 104A0BCB C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] ntdll.dll!NtFlushBuffersFile                                                  76DF59B0 5 Bytes  JMP 104A0916 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] ntdll.dll!NtQueryFullAttributesFile                                           76DF6040 5 Bytes  JMP 104A0A43 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] ntdll.dll!NtReadFile                                                          76DF6310 5 Bytes  JMP 104A0950 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] ntdll.dll!NtReadFileScatter                                                   76DF6320 5 Bytes  JMP 107B9BCE C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] ntdll.dll!NtWriteFile                                                         76DF6AC0 5 Bytes  JMP 104A0D6F C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] ntdll.dll!NtWriteFileGather                                                   76DF6AD0 5 Bytes  JMP 107B9C1E C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] ntdll.dll!LdrLoadDll                                                          76E124C6 5 Bytes  JMP 71DC921C C:\Program Files\Mozilla Firefox\mozglue.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                                 76BD952E 7 Bytes  JMP 107A5622 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] kernel32.dll!QueryPerformanceCounter + 13                                     76BDC535 7 Bytes  JMP 107A6DFA C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] kernel32.dll!LoadAppInitDlls + 355                                            76BDF5F6 7 Bytes  JMP 10546358 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] USER32.dll!GetWindowInfo                                                      75E84B5E 5 Bytes  JMP 111B8E4A C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5028] GDI32.dll!GetViewportOrgEx + 26C                                              76F8884B 7 Bytes  JMP 107A3E16 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                         fltmgr.sys

---- Threads - GMER 2.1 ----

Thread          System [4:716]                                                                                                                   8C2C5E50

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                              
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@64480B23                                      678

---- EOF - GMER 2.1 ----

--- --- ---

AdwCleaner Logfile:

       
Code:

       
# AdwCleaner v4.113 - Bericht erstellt 09/07/2015 um 21:04:07
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-07-09.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : ***** - DELL
# Gestarted von : C:\Users\*****\Desktop\adwcleaner_4.113.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\ProgramData\SecTaskMan
Ordner Gefunden : C:\Users\*****\AppData\Local\SecTaskMan

***** [ Geplante Tasks ] *****

Task Gefunden : PostPoneInstall

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Clara
Schlüssel Gefunden : HKLM\SOFTWARE\MaxComputerCleaner

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)

[jdbxjma1.default] - Zeile Gefunden : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
*************************

AdwCleaner[R0].txt - [11716 Bytes] - [25/03/2015 22:36:10]
AdwCleaner[R1].txt - [1732 Bytes] - [12/06/2015 10:08:34]
AdwCleaner[R2].txt - [1153 Bytes] - [19/06/2015 10:51:24]
AdwCleaner[R3].txt - [1377 Bytes] - [25/06/2015 10:42:25]
AdwCleaner[R4].txt - [1505 Bytes] - [27/06/2015 09:07:40]
AdwCleaner[R5].txt - [1579 Bytes] - [30/06/2015 11:28:20]
AdwCleaner[R6].txt - [1368 Bytes] - [09/07/2015 21:04:07]
AdwCleaner[S0].txt - [11802 Bytes] - [25/03/2015 22:38:15]
AdwCleaner[S1].txt - [1802 Bytes] - [12/06/2015 10:18:43]
AdwCleaner[S2].txt - [1224 Bytes] - [19/06/2015 10:54:42]
AdwCleaner[S3].txt - [1447 Bytes] - [25/06/2015 10:55:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1664 Bytes] ##########

--- --- ---

knisbits 13.07.2015 11:08
Code:
Exportierte Ereignisse:

Avira Antivirus Pro 09.07.2015 15:16 [System-Scanner] Malware gefunden
      Die Datei
      'C:\$Recycle.Bin\S-1-5-21-2658783408-2872151984-4163876688-1000\$RX46ZX5.tmp\pac
      kage_oursurfing_installer_multilang.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.422437.4'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e52d594.qua'
      verschoben!

09.07.2015 15:16 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\11.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.421299'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1494d103.qua'
      verschoben!

09.07.2015 15:16 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\380.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.421103.4'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51bfa84c.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\420.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.421292.2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5fa59881.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\455.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.421409.4'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2e01a16a.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\465.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.421512'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '425d8d5f.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\package_BubbleSound_installer_m
      ultilang.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.420903'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58e7b69c.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\package_oursurfing_installer_mu
      ltilang.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.421086.1'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '75bd99ed.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\380.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0a6ad9d2.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\420.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '46d2f58f.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\436.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '39d3c7eb.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\455.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7c50ead6.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\465.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1a67a529.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\package_BubbleSound_installer_m
      ultilang.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4beaff9f.qua'
      verschoben!

09.07.2015 15:15 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\package_oursurfing_installer_mu
      ltilang.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '537dd044.qua'
      verschoben!

09.07.2015 12:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\package_oursurfing_installer_mu
      ltilang.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.421086.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

09.07.2015 12:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\package_BubbleSound_installer_m
      ultilang.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.420903' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

09.07.2015 12:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\465.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.421512' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

09.07.2015 12:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\455.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.421409.4' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

09.07.2015 12:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\420.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.421292.2' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

09.07.2015 12:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\11.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.421299' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

09.07.2015 12:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\380.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.421103.4' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

09.07.2015 12:23 [Browser-Schutz] Malware gefunden
      Beim Zugriff auf Daten der URL
      "hxxp://csdi-dlstatic.sucayulma.com/UN/package_vuupc_installer_multilang.exe"
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.Gen' [adware]
      gefunden.
      Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

09.07.2015 12:23 [Browser-Schutz] Malware gefunden
      Beim Zugriff auf Daten der URL
      "hxxp://csdi-dlstatic.sucayulma.com/UN/package_vuupc_installer_multilang.exe"
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.Gen' [adware]
      gefunden.
      Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

09.07.2015 12:23 [Browser-Schutz] Malware gefunden
      Beim Zugriff auf Daten der URL
      "hxxp://csdi-dlstatic.sucayulma.com/UN/package_vuupc_installer_multilang.exe"
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.Gen' [adware]
      gefunden.
      Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

09.07.2015 12:23 [Browser-Schutz] Malware gefunden
      Beim Zugriff auf Daten der URL
      "hxxp://csdi-dlstatic.sucayulma.com/UN/package_vuupc_installer_multilang.exe"
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.Gen' [adware]
      gefunden.
      Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

09.07.2015 12:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\package_BubbleSound_installer_m
      ultilang.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

09.07.2015 12:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\package_oursurfing_installer_mu
      ltilang.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

09.07.2015 12:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\380.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

09.07.2015 12:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-QT82F.tmp\420.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

08.07.2015 12:38 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\package_oursurfing_installer_mu
      ltilang.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.422437.1'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3fee7b62.qua'
      verschoben!

08.07.2015 12:38 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\package_BubbleSound_installer_m
      ultilang.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.422266.1'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7a6a5644.qua'
      verschoben!

08.07.2015 12:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\package_BubbleSound_installer_m
      ultilang.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.420903' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

08.07.2015 12:37 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\465.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.422867.1'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c7319db.qua'
      verschoben!

08.07.2015 12:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\420.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.421292.2' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

08.07.2015 12:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\380.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.421103.4' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

08.07.2015 12:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\455.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.421409.4' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

08.07.2015 12:37 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\436.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.422382.1'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e2f432f.qua'
      verschoben!

08.07.2015 12:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-8D9ID.tmp\465.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.421512' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

08.07.2015 12:37 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\420.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.422658.1'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56a66c82.qua'
      verschoben!

08.07.2015 12:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\package_BubbleSound_installer_m
      ultilang.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.422266.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.07.2015 12:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\package_BubbleSound_installer_m
      ultilang.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.422266.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.07.2015 12:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\465.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.422867.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.07.2015 08:13 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\package_musicloud_installer_mul
      tilang.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.422437.2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48650365.qua'
      verschoben!

08.07.2015 08:13 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\11.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/EoRezo.422660.2'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50c72c8a.qua'
      verschoben!

08.07.2015 08:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\package_oursurfing_installer_mu
      ltilang.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.422437.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.07.2015 08:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\package_BubbleSound_installer_m
      ultilang.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.422266.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.07.2015 08:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\465.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.422867.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.07.2015 08:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\436.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.422382.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.07.2015 08:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\11.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.422660.2' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.07.2015 08:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\420.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.422658.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.07.2015 08:10 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\*****\AppData\Local\Temp\is-9NLQO.tmp\package_musicloud_installer_mul
      tilang.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/EoRezo.422437.2' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 05.07.2015
Suchlaufzeit: 08:36
Protokolldatei: Malware.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.04.04
Rootkit-Datenbank: v2015.07.03.01
Lizenz: Premium-Version
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: *****

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 400859
Abgelaufene Zeit: 4 Std., 16 Min., 28 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 9
Adware.EoRezo, C:\$Recycle.Bin\S-1-5-21-2658783408-2872151984-4163876688-1000\$R9RTJ2G.tmp\11.exe, In Quarantäne, [547067769bef3afcf4e6c8a9b44ecc34],
Adware.EoRezo, C:\$Recycle.Bin\S-1-5-21-2658783408-2872151984-4163876688-1000\$R9RTJ2G.tmp\380.exe, In Quarantäne, [675d37a662284aecca1010612fd38779],
Adware.EoRezo, C:\$Recycle.Bin\S-1-5-21-2658783408-2872151984-4163876688-1000\$R9RTJ2G.tmp\420.exe, In Quarantäne, [08bc5f7e008a8babd50589e8cd35a858],
Adware.EoRezo, C:\$Recycle.Bin\S-1-5-21-2658783408-2872151984-4163876688-1000\$R9RTJ2G.tmp\436.exe, In Quarantäne, [0db7fde091f977bf5e7ceb86010157a9],
Adware.EoRezo, C:\$Recycle.Bin\S-1-5-21-2658783408-2872151984-4163876688-1000\$R9RTJ2G.tmp\455.exe, In Quarantäne, [9c28fbe2c5c5fb3b12c8d29f877ba35d],
Adware.EoRezo, C:\$Recycle.Bin\S-1-5-21-2658783408-2872151984-4163876688-1000\$R9RTJ2G.tmp\465.exe, In Quarantäne, [576d9a43f496ee481dbd28493ec4b64a],
Adware.EoRezo, C:\$Recycle.Bin\S-1-5-21-2658783408-2872151984-4163876688-1000\$R9RTJ2G.tmp\package_musicloud_installer_multilang.exe, In Quarantäne, [dbe96a736a201125b525462b54aee020],
Adware.EoRezo, C:\$Recycle.Bin\S-1-5-21-2658783408-2872151984-4163876688-1000\$R9RTJ2G.tmp\package_oursurfing_installer_multilang.exe, In Quarantäne, [05bf9a435139f73f33a75f12d032936d],
Adware.EoRezo, C:\$Recycle.Bin\S-1-5-21-2658783408-2872151984-4163876688-1000\$R9RTJ2G.tmp\package_wajam_installer_multilang.exe, In Quarantäne, [467e5a83612938fe8852f97829d92cd4],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Code:
Antimalwarebytes Log vom 09.07.2015
<?xml version="1.0" encoding="UTF-8"?>

-<logs>

<record toVersion="2015.7.8.3" name="AKA IP Database" last_modified_tag="877f34b2-acc9-4741-a2a4-4c9cc6dbdc07" fromVersion="2015.6.12.1" systemname="DELL" username="SYSTEM" type="Update" source="Scheduler" datetime="2015-07-09T10:15:00.295003+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2015.7.9.1" name="AKA Domain Database" last_modified_tag="a4e6fec6-9f25-4219-b44d-39696570666d" fromVersion="2015.6.12.1" systemname="DELL" username="SYSTEM" type="Update" source="Scheduler" datetime="2015-07-09T10:15:00.950204+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2015.7.8.8" name="Malware Database" last_modified_tag="9f70615f-9504-4026-9c2e-e45f6101f37e" fromVersion="2015.7.8.4" systemname="DELL" username="SYSTEM" type="Update" source="Scheduler" datetime="2015-07-09T10:15:05.661413+02:00" LoggingEventType="1" severity="debug"/>

<record last_modified_tag="c4749771-72ad-4243-a922-f4c2084d1c58" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:15:06.223014+02:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>

<record last_modified_tag="4eb6ca23-a54d-4b90-9391-957314a77453" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:15:06.238614+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>

<record last_modified_tag="95615386-730d-4e8f-b4c1-bcf467341461" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:15:06.566214+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>

<record last_modified_tag="48c9964b-6faa-4830-9cca-b399843e19e4" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:15:20.403439+02:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>

<record last_modified_tag="1eb240e5-c5ab-4e4c-95c9-789e998c564c" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:15:20.419039+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>

<record last_modified_tag="54311168-665c-42de-b4d2-35e42cc0551b" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:15:25.318447+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>

<record toVersion="2015.7.9.1" name="Malware Database" last_modified_tag="7d18ac71-7e48-462d-a866-b83ae730f7d9" fromVersion="2015.7.8.8" systemname="DELL" username="SYSTEM" type="Update" source="Scheduler" datetime="2015-07-09T10:42:02.630269+02:00" LoggingEventType="1" severity="debug"/>

<record last_modified_tag="467296c3-98a0-4422-b544-0faa46429e48" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:42:02.770669+02:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>

<record last_modified_tag="6145b8bf-8565-4f58-a505-20236d2475f3" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:42:02.817469+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>

<record last_modified_tag="a04fe292-6325-48f2-896f-a7be0f9c1e3f" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:42:03.316670+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>

<record last_modified_tag="cc58a75f-29a9-4f33-a8b8-d1278ddab45f" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:42:15.054292+02:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>

<record last_modified_tag="66e58c5a-b147-4a96-9401-04f4b32d577a" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:42:15.085492+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>

<record last_modified_tag="7852e4e2-3f1c-475f-a770-cbde39e8e589" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T10:42:19.001099+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>

<record toVersion="2015.7.9.2" name="Malware Database" last_modified_tag="faa999f3-be33-4ac9-9a2d-594e16962e1b" fromVersion="2015.7.9.1" systemname="DELL" username="SYSTEM" type="Update" source="Scheduler" datetime="2015-07-09T12:18:22.655092+02:00" LoggingEventType="1" severity="debug"/>

<record last_modified_tag="79833283-19b6-4b4a-911a-99d15b75f017" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T12:18:22.826692+02:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>

<record last_modified_tag="9e0d0045-59d1-4c87-b32e-ceaba81355e3" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T12:18:23.606693+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>

<record last_modified_tag="899c626f-104d-4e86-b51d-7df5c83c1f6b" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T12:18:24.698695+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>

<record last_modified_tag="180f0a4e-34cc-4ce3-8b8a-55d0cc79845f" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T12:27:37.724579+02:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>

<record last_modified_tag="7848caac-57d0-48e9-87bb-d35486cab878" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T12:27:38.785381+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>

<record last_modified_tag="39ce7a3d-a40a-483f-b372-f218a80cd513" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T12:27:45.805393+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>

<record last_modified_tag="f9b85b01-98b7-421c-8716-9784f4e8cf72" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T12:46:28.351113+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Starting"/>

<record last_modified_tag="a9a1aca5-5629-4d25-b4af-77bfdd91d4ef" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T12:46:28.553913+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Started"/>

<record last_modified_tag="5896c8e5-758c-4279-aad3-c7a439285573" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T12:46:28.585113+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>

<record last_modified_tag="30b0f449-0d85-4d01-94fd-3435580bf07c" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T12:47:24.963612+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>

<record toVersion="2015.7.9.1" name="Rootkit Database" last_modified_tag="aa20e899-b229-443b-b5df-3f264a5eda93" fromVersion="2015.7.7.1" systemname="DELL" username="SYSTEM" type="Update" source="Scheduler" datetime="2015-07-09T19:51:22.936882+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2015.7.9.4" name="Malware Database" last_modified_tag="f90747fe-1611-4154-97f8-ccc692d090b7" fromVersion="2015.7.9.2" systemname="DELL" username="SYSTEM" type="Update" source="Scheduler" datetime="2015-07-09T19:51:31.667382+02:00" LoggingEventType="1" severity="debug"/>

<record last_modified_tag="06eedbb1-ee43-43f8-bc9c-6c0534f02e26" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T19:51:31.704384+02:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>

<record last_modified_tag="b2098c93-de6b-4e34-b35c-f41d83cbe68d" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T19:51:31.723385+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>

<record last_modified_tag="9745df9e-349f-4ade-934b-9700b2d2a177" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T19:51:32.462427+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>

<record last_modified_tag="e5314b4d-ed74-4c2d-b2a3-cb48bb42f03d" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T19:52:19.165099+02:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>

<record last_modified_tag="1d5789b8-ee45-4dba-b512-28e6996f4794" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T19:52:19.222102+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>

<record last_modified_tag="ebb0e7c0-5f20-474b-8e49-868fd4eeb802" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T19:52:23.639354+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>

<record last_modified_tag="e4caf49a-1011-4c77-93ce-f5d38ab68682" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T20:30:37.480391+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>

<record last_modified_tag="32dba5ad-7d09-47e9-b5d0-872b6acc618f" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T20:30:38.148429+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>

<record last_modified_tag="0b2586ff-5915-4fbd-8401-4d1ccab500f1" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T20:30:38.161430+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/>

<record last_modified_tag="ce6fe17e-8297-45d7-b454-c6e32cc98317" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T20:31:10.471278+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/>

<record last_modified_tag="7c1a7d87-a665-46be-bc6f-0e8fa4f6deec" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T20:43:28.394080+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Starting"/>

<record last_modified_tag="391c6a52-87c4-4656-a7d1-c0f8e14ab95f" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T20:43:28.430082+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Started"/>

<record last_modified_tag="57df3576-5bed-4523-9c02-897109c93c83" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T20:43:28.527088+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>

<record last_modified_tag="551d89ff-38b8-4d2a-9e93-2ae60d6c80a7" systemname="DELL" username="SYSTEM" type="Protection" source="Protection" datetime="2015-07-09T20:43:34.047403+02:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>

</logs>

schrauber 14.07.2015 07:01
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

knisbits 14.07.2015 20:18
Hallo Schrauber,
danke für Deine Antwort.
Ich habe die Combofix laufen lassen und füge Dir die Logdatei bei.
Leider wurde nach dem Neustart der Avira System Speedcheck gestartet, was Combofix nicht gefallen hat (Meldung: starte keine anderen Programme bevor Combofix fertig ist).
Danke knisbits

Code:
Combofix Logfile:

       
Code:

       
ComboFix 15-07-12.01 - Schulz 14.07.2015  20:50:20.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3031.1984 [GMT 2:00]
ausgeführt von:: c:\users\Schulz\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Schulz\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-14 bis 2015-07-14  ))))))))))))))))))))))))))))))
.
.
2015-07-14 18:59 . 2015-07-14 18:59        --------        d-----w-        c:\users\Scanner\AppData\Local\temp
2015-07-09 18:23 . 2015-07-09 18:25        --------        d-----w-        C:\FRST
2015-07-09 10:23 . 2015-07-09 13:18        --------        d-----w-        c:\users\Schulz\AppData\Local\AviraSpeedup
2015-07-09 10:20 . 2015-07-09 10:21        --------        d-----w-        c:\users\Public\Speedup Sessions
2015-07-07 09:44 . 2015-07-07 09:44        --------        d-----w-        c:\users\Schulz\AppData\Roaming\Avira
2015-07-07 09:41 . 2015-06-16 07:36        37896        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2015-07-07 09:41 . 2015-06-16 07:36        37896        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2015-07-07 09:41 . 2015-06-16 07:36        136728        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-07-07 09:41 . 2015-06-16 07:36        108448        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-07-07 08:40 . 2015-07-07 08:40        --------        d-----w-        c:\users\Schulz\Mozilla
2015-06-29 13:43 . 2015-06-29 13:43        229608        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
2015-06-29 07:38 . 2015-07-14 19:01        98520        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-29 07:38 . 2015-06-18 07:38        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-06-29 07:38 . 2015-06-18 07:38        94936        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-06-29 07:38 . 2015-06-18 07:38        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-06-25 09:33 . 2015-06-25 09:33        --------        d-----w-        c:\programdata\Licenses
2015-06-25 09:33 . 2015-06-25 09:36        --------        d-----w-        c:\program files\SpywareBlaster
2015-06-25 09:33 . 2009-03-24 10:52        129872        ----a-w-        c:\windows\system32\MSSTDFMT.DLL
2015-06-23 19:05 . 2015-01-09 02:48        76800        ----a-w-        c:\windows\system32\wdi.dll
2015-06-23 19:05 . 2015-01-09 02:48        635904        ----a-w-        c:\windows\system32\perftrack.dll
2015-06-23 19:05 . 2015-01-09 02:48        27136        ----a-w-        c:\windows\system32\powertracker.dll
2015-06-22 07:17 . 2014-07-09 01:29        6144        ----a-w-        c:\windows\system32\KBDYAK.DLL
2015-06-22 07:17 . 2014-07-09 01:29        6144        ----a-w-        c:\windows\system32\KBDBASH.DLL
2015-06-20 09:02 . 2015-06-20 09:02        --------        d-----w-        c:\windows\system32\appraiser
2015-06-20 09:02 . 2015-06-20 09:06        --------        d-s---w-        c:\windows\system32\GWX
2015-06-20 08:26 . 2015-05-01 13:16        102608        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-20 08:11 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2015-06-20 08:03 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\system32\infocardapi.dll
2015-06-20 08:03 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\system32\icardres.dll
2015-06-20 08:03 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\system32\icardagt.exe
2015-06-20 08:03 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2015-06-20 07:40 . 2015-05-25 18:01        853504        ----a-w-        c:\windows\system32\diagtrack.dll
2015-06-20 07:39 . 2014-07-17 01:40        157696        ----a-w-        c:\windows\system32\winsta.dll
2015-06-20 07:38 . 2014-11-08 02:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2015-06-20 07:37 . 2014-07-14 01:42        654336        ----a-w-        c:\windows\system32\rpcrt4.dll
2015-06-20 07:31 . 2015-03-10 03:08        1237504        ----a-w-        c:\windows\system32\msxml3.dll
2015-06-20 07:31 . 2015-03-10 03:05        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2015-06-20 07:23 . 2014-10-03 01:45        248832        ----a-w-        c:\windows\system32\WSManMigrationPlugin.dll
2015-06-20 07:23 . 2014-10-03 01:45        1177088        ----a-w-        c:\windows\system32\WsmSvc.dll
2015-06-20 07:23 . 2014-10-03 01:45        214016        ----a-w-        c:\windows\system32\WsmWmiPl.dll
2015-06-20 07:23 . 2014-10-03 01:45        145920        ----a-w-        c:\windows\system32\WsmAuto.dll
2015-06-20 07:23 . 2014-10-03 01:44        198656        ----a-w-        c:\windows\system32\WSManHTTPConfig.exe
2015-06-19 18:00 . 2015-06-19 18:00        --------        d-----w-        c:\program files\Security Task Manager
2015-06-19 10:23 . 2015-06-19 10:23        --------        d-----w-        c:\users\Schulz\AppData\Local\Dropbox
2015-06-19 10:23 . 2015-06-19 10:23        --------        d-----w-        c:\programdata\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-08 10:34 . 2013-07-12 14:35        778416        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2015-07-08 10:34 . 2013-07-12 14:35        142512        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30        151576        ----a-w-        c:\users\Schulz\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30        151576        ----a-w-        c:\users\Schulz\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30        151576        ----a-w-        c:\users\Schulz\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30        151576        ----a-w-        c:\users\Schulz\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30        151576        ----a-w-        c:\users\Schulz\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30        151576        ----a-w-        c:\users\Schulz\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30        151576        ----a-w-        c:\users\Schulz\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30        151576        ----a-w-        c:\users\Schulz\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-18 128352]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2014-11-28 193568]
"Avira Systray"="c:\program files\Avira\Launcher\Avira.Systray.exe" [2015-06-02 134368]
"avgnt"="c:\program files\Avira\Antivirus\avgnt.exe" [2015-06-16 730416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MaxComputerCleaner_v40.544"="c:\program files\MaxComputerCleaner_v40.544\MaxComputerCleaner_Maintenance.exe" [2015-05-26 31432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
backup=c:\windows\pss\MBCameraMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MBCameraMonitor.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-07-07 18:12        998104        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-06-16 15:43        499608        ----a-w-        c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43        59720        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-11-17 05:29        3810304        ----a-w-        c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-03-11 10:44        202544        ----a-w-        c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
2015-06-19 10:23        134512        ----atw-        c:\users\Schulz\AppData\Local\Dropbox\Update\DropboxUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 10:44        16384        ----a-w-        c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-10-01 00:23        152392        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-05-23 102912]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-06-16 37896]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files\Avira\Antivirus\avmailc7.exe [2015-06-16 827184]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\Antivirus\sched.exe [2015-06-16 450808]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\Antivirus\avwebg7.exe [2015-06-16 1188360]
S2 Avira.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2015-06-02 217280]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-06-16 37896]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-03-18 822496]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2013-07-23 239696]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
S3 k57nd60x;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-07-14 98520]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc        REG_MULTI_SZ           DiagTrack
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 10:34]
.
2015-07-14 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000Core.job
- c:\users\Schulz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 10:23]
.
2015-07-14 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000UA.job
- c:\users\Schulz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 10:23]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = about:newtab
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} -
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Schulz\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_205_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_205_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\Antivirus\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Avira\AviraSpeedup\avira_system_speedup.exe
c:\windows\system32\DllHost.exe
c:\program files\Avira\Antivirus\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-07-14  21:09:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-07-14 19:09
.
Vor Suchlauf: 9 Verzeichnis(se), 198.391.967.744 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 197.958.512.640 Bytes frei
.
- - End Of File - - F518DAAA0F2DBA05C2E6E1FC6BEBC38C

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 15.07.2015 12:26
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

knisbits 18.07.2015 19:14
Hallo Schrauber,

anbei meine Logs.

Danke knisbits

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 18.07.2015
Suchlaufzeit: 18:55
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.18.03
Rootkit-Datenbank: v2015.07.17.01
Lizenz: Premium-Version
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: *****

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 402918
Abgelaufene Zeit: 29 Min., 46 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
Trojan.MSIL.Dropper, C:\Program Files\MaxComputerCleaner_v40.544\MaxComputerCleaner_Maintenance.exe, 4048, Löschen bei Neustart, [003b15ce4f3bd0664a1abc07de233ec2]

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 1
Trojan.MSIL.Dropper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|MaxComputerCleaner_v40.544, C:\Program Files\MaxComputerCleaner_v40.544\MaxComputerCleaner_Maintenance.exe ro, In Quarantäne, [003b15ce4f3bd0664a1abc07de233ec2]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 5
Trojan.MSIL.Dropper, C:\Program Files\MaxComputerCleaner_v40.544\MaxComputerCleaner_Maintenance.exe, Löschen bei Neustart, [003b15ce4f3bd0664a1abc07de233ec2],
PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\is-5M6PU.tmp\380.exe, In Quarantäne, [b9821bc80a800d293b28a2c446bfaa56],
PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\is-HBU1F.tmp\380.exe, In Quarantäne, [2b106b78b3d7ae8843203d2951b45da3],
PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\is-JCKCJ.tmp\380.exe, In Quarantäne, [bc7fde0548420e284a198dd95baa58a8],
Rogue.SpyProtector, C:\Users\*****\Desktop\Spy Protector.lnk, In Quarantäne, [c8731ec5206afc3a57c9a0e33ec5a759],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
AdwCleaner Logfile:
Code:
# AdwCleaner v4.208 - Bericht erstellt 18/07/2015 um 19:42:20
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : ***** - DELL
# Gestarted von : C:\Users\*****\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Program Files\MaxComputerCleaner_v40.544
Ordner Gelöscht : C:\Users\*****\AppData\Local\SecTaskMan
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51489;hxxps=127.0.0.1:51489
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)

[jdbxjma1.default\prefs.js] - Zeile Gelöscht : user_pref("HomeTab_3869.global.CurrentSearchEngineSelection", "US: United States of America");
[jdbxjma1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[jdbxjma1.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aniweather.timeShifted", 338230);

*************************

AdwCleaner[R0].txt - [11716 Bytes] - [25/03/2015 22:36:10]
AdwCleaner[R1].txt - [1732 Bytes] - [12/06/2015 10:08:34]
AdwCleaner[R2].txt - [1153 Bytes] - [19/06/2015 10:51:24]
AdwCleaner[R3].txt - [1377 Bytes] - [25/06/2015 10:42:25]
AdwCleaner[R4].txt - [1505 Bytes] - [27/06/2015 09:07:40]
AdwCleaner[R5].txt - [1579 Bytes] - [30/06/2015 11:28:20]
AdwCleaner[R6].txt - [1743 Bytes] - [09/07/2015 21:04:07]
AdwCleaner[R7].txt - [2708 Bytes] - [18/07/2015 19:40:52]
AdwCleaner[S0].txt - [11802 Bytes] - [25/03/2015 22:38:15]
AdwCleaner[S1].txt - [1802 Bytes] - [12/06/2015 10:18:43]
AdwCleaner[S2].txt - [1224 Bytes] - [19/06/2015 10:54:42]
AdwCleaner[S3].txt - [1447 Bytes] - [25/06/2015 10:55:10]
AdwCleaner[S4].txt - [1813 Bytes] - [09/07/2015 21:08:17]
AdwCleaner[S5].txt - [2425 Bytes] - [18/07/2015 19:42:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2484  Bytes] ##########
--- --- ---

JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x86
Ran by ***** on 18.07.2015 at 19:47:54,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\System32\tasks\AviraSpeedup



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\DELL
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\jdbxjma1.default\prefs.js

user_pref(HomeTab_3869.global.DisplayRecentSearches, true);
user_pref(browser.newtab.url, chrome://unitedtb/content/newtab/newtab-page.xhtml);
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\jdbxjma1.default\minidumps [127 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.07.2015 at 19:54:07,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2015 01
Ran by ***** (administrator) on DELL on 18-07-2015 19:56:54
Running from C:\Users\*****\Desktop\trojanerboard\programme
Loaded Profiles: ***** & Gast (Available Profiles: ***** & Gast)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2010-01-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\Run: [Spy Protector] => C:\Program Files\Security Task Manager\SpyProtector.exe [143696 2015-01-20] (Neuber Software - www.neuber.com)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:51489;https=127.0.0.1:51489
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/de-de/?ocid=U218DHP&pc=U218
HKU\S-1-5-21-2658783408-2872151984-4163876688-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2658783408-2872151984-4163876688-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{40291A9A-F343-4464-AE17-E07FD7983EC2}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{83642F9C-5316-4FBD-86F3-C5568057A4A7}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{D1A00C5C-B00A-41C1-BC16-B4F2AB0BA1F4}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default
FF SearchEngineOrder.1: Ask Search
FF Homepage: hxxp://web.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_210.dll [2015-07-17] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\mailcheck@web.de [2015-05-27]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-19]
FF Extension: Browser-Security - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\firefox@browser-security.de.xpi [2015-05-27]
FF Extension: Forecastfox (fix version) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\forecastfox@s3_fix_version.xpi [2015-05-11]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-15]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-03-11] (SupportSoft, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-24] (soft Xpansion)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. )
S3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\*****\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-18 19:54 - 2015-07-18 19:54 - 00001256 _____ C:\Users\*****\Desktop\JRT.txt
2015-07-18 19:47 - 2015-07-18 19:47 - 01798288 _____ (Malwarebytes Corporation) C:\Users\*****\Desktop\JRT.exe
2015-07-18 19:40 - 2015-07-18 19:40 - 02248704 _____ C:\Users\*****\Desktop\AdwCleaner_4.208.exe
2015-07-18 19:33 - 2015-07-18 19:43 - 00001738 _____ C:\Windows\PFRO.log
2015-07-17 19:08 - 2015-07-17 19:08 - 00000000 _____ C:\Windows\setuperr.log
2015-07-14 20:46 - 2015-07-14 21:09 - 00000000 ____D C:\Qoobox
2015-07-14 20:46 - 2015-07-14 21:09 - 00000000 ____D C:\ComboFix
2015-07-14 20:46 - 2015-07-14 21:07 - 00000000 ____D C:\Windows\erdnt
2015-07-14 20:46 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-14 20:46 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-14 20:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-14 20:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-14 20:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-14 20:46 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-14 20:46 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-14 20:46 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-14 14:06 - 2015-07-14 14:06 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-09 21:09 - 2015-07-18 19:43 - 00000672 _____ C:\Windows\setupact.log
2015-07-09 20:23 - 2015-07-18 19:56 - 00000000 ____D C:\FRST
2015-07-09 20:21 - 2015-07-09 20:21 - 00000474 _____ C:\Users\*****\Desktop\defogger_disable.log
2015-07-09 20:21 - 2015-07-09 20:21 - 00000000 _____ C:\Users\*****\defogger_reenable
2015-07-09 20:13 - 2015-07-18 19:56 - 00000000 ____D C:\Users\*****\Desktop\trojanerboard
2015-07-09 12:29 - 2015-07-09 12:29 - 00001170 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-07-09 12:23 - 2015-07-09 15:18 - 00000000 ____D C:\Users\*****\AppData\Local\AviraSpeedup
2015-07-09 12:23 - 2015-07-09 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-07-09 12:20 - 2015-07-09 12:21 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-07-07 11:44 - 2015-07-07 11:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Avira
2015-07-07 11:43 - 2015-07-07 12:09 - 00002011 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-07-07 11:41 - 2015-06-16 09:36 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-07 11:41 - 2015-06-16 09:36 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-07 11:41 - 2015-06-16 09:36 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-07-07 11:41 - 2015-06-16 09:36 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-07-07 10:40 - 2015-07-07 10:40 - 00000000 ____D C:\Users\*****\Mozilla
2015-06-29 09:38 - 2015-07-18 19:43 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 09:38 - 2015-07-02 09:33 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-29 09:38 - 2015-07-02 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 09:38 - 2015-06-18 09:38 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 09:38 - 2015-06-18 09:38 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-29 09:38 - 2015-06-18 09:38 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-25 11:33 - 2015-07-14 21:29 - 00000000 ____D C:\ProgramData\TEMP
2015-06-25 11:33 - 2015-07-14 21:25 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-06-25 11:33 - 2015-06-25 11:33 - 00001048 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-06-25 11:33 - 2015-06-25 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-06-25 11:33 - 2015-06-25 11:33 - 00000000 ____D C:\ProgramData\Licenses
2015-06-25 11:33 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL
2015-06-23 21:05 - 2015-01-09 04:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-23 21:05 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-23 21:05 - 2015-01-09 04:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-06-20 11:02 - 2015-06-20 11:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-20 11:02 - 2015-06-20 11:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-20 10:26 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-20 10:17 - 2015-01-09 01:44 - 00419936 _____ C:\Windows\system32\locale.nls
2015-06-20 10:11 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-06-20 10:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-20 10:03 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-20 10:03 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-20 10:03 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-20 09:41 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-20 09:41 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-20 09:41 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-20 09:41 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-20 09:41 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-20 09:41 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-20 09:41 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-20 09:41 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-20 09:41 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-20 09:41 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-20 09:41 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-20 09:41 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-20 09:41 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-20 09:41 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-20 09:41 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-20 09:41 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-20 09:41 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-20 09:41 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-20 09:41 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-20 09:41 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-20 09:41 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-20 09:41 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-20 09:41 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-20 09:41 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-20 09:41 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-20 09:41 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-20 09:41 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-20 09:41 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-20 09:41 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-20 09:41 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-20 09:41 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-20 09:41 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-20 09:41 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-20 09:41 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-20 09:41 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-20 09:41 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-20 09:41 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-20 09:41 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-20 09:41 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-20 09:41 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-20 09:41 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-20 09:41 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-20 09:41 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-20 09:41 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-20 09:40 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-20 09:40 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-20 09:40 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-20 09:40 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-20 09:40 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-20 09:40 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-20 09:40 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-20 09:40 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-20 09:40 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-20 09:40 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-20 09:40 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-20 09:40 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-20 09:39 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-20 09:39 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-20 09:39 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-20 09:39 - 2015-01-28 01:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-06-20 09:39 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-20 09:39 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-20 09:39 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-20 09:39 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-20 09:39 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-20 09:39 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-06-20 09:39 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-20 09:39 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-06-20 09:39 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-06-20 09:39 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-06-20 09:39 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-06-20 09:39 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-06-20 09:39 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-20 09:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-20 09:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-20 09:38 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-20 09:38 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-20 09:38 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-20 09:38 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-20 09:38 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-20 09:38 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-20 09:38 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-20 09:38 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-20 09:38 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-20 09:38 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-20 09:38 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-20 09:38 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-20 09:38 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-20 09:38 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-20 09:38 - 2014-12-11 19:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-20 09:38 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-20 09:38 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-06-20 09:38 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-20 09:38 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-20 09:38 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-06-20 09:38 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-06-20 09:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-20 09:37 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-20 09:37 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-20 09:37 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-20 09:37 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-20 09:37 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-20 09:37 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-20 09:37 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-20 09:37 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-20 09:37 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-20 09:37 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-20 09:37 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-20 09:37 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-20 09:37 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-20 09:37 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-20 09:37 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-20 09:37 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-20 09:37 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-20 09:37 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-20 09:37 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-20 09:37 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-20 09:37 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-20 09:37 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-20 09:37 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-20 09:37 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-20 09:37 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-20 09:37 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-20 09:37 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-20 09:37 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-20 09:37 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-20 09:37 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-20 09:37 - 2014-11-11 03:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-06-20 09:37 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-20 09:37 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-06-20 09:37 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-20 09:37 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-20 09:37 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-20 09:37 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-20 09:37 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-06-20 09:37 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-20 09:37 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-20 09:37 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-20 09:37 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-20 09:37 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-20 09:37 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-20 09:37 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-06-20 09:31 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-20 09:31 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-06-20 09:23 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-06-19 20:00 - 2015-06-19 20:00 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-06-19 20:00 - 2015-06-19 20:00 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-06-19 20:00 - 2015-06-19 20:00 - 00001104 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-06-19 20:00 - 2015-06-19 20:00 - 00000000 ____D C:\Program Files\Security Task Manager
2015-06-19 12:23 - 2015-07-18 19:28 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000UA.job
2015-06-19 12:23 - 2015-07-17 12:50 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000Core.job
2015-06-19 12:23 - 2015-06-19 12:23 - 00000000 ____D C:\Users\*****\AppData\Local\Dropbox
2015-06-19 12:23 - 2015-06-19 12:23 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-18 19:56 - 2009-07-14 06:34 - 00021264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-18 19:56 - 2009-07-14 06:34 - 00021264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-18 19:50 - 2013-07-12 16:13 - 01778627 _____ C:\Windows\WindowsUpdate.log
2015-07-18 19:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-18 19:42 - 2015-03-25 20:55 - 00000000 ____D C:\AdwCleaner
2015-07-18 19:34 - 2013-07-12 16:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 09:34 - 2013-07-12 16:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-17 09:34 - 2013-07-12 16:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-17 09:33 - 2013-07-12 16:43 - 00000000 ____D C:\Users\*****\AppData\Roaming\SoftGrid Client
2015-07-16 14:18 - 2010-11-20 23:01 - 01620796 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-15 12:52 - 2014-01-18 21:30 - 00000000 ___RD C:\Users\*****\Dropbox
2015-07-15 12:52 - 2014-01-18 21:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2015-07-15 11:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-07-14 21:09 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-07-14 21:09 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-07-14 21:02 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-07-14 20:45 - 2013-07-12 16:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 11:02 - 2013-07-12 16:21 - 00000000 ____D C:\Users\*****
2015-07-14 10:59 - 2015-04-10 09:56 - 00020480 ___SH C:\Users\*****\Thumbs.db
2015-07-09 20:15 - 2015-03-09 20:44 - 00000000 ____D C:\Users\*****\Desktop\DAK
2015-07-09 15:18 - 2013-07-24 13:26 - 00000000 ____D C:\Windows\Minidump
2015-07-09 12:46 - 2009-07-14 06:33 - 00266744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-09 12:23 - 2013-07-24 17:28 - 00059640 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-09 12:21 - 2013-07-21 10:34 - 00000000 ____D C:\Program Files\Avira
2015-07-08 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\TAPI
2015-07-07 12:09 - 2015-06-09 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-07 11:41 - 2013-07-21 10:34 - 00000000 ____D C:\ProgramData\Avira
2015-07-07 10:54 - 2014-08-14 09:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-03 21:09 - 2014-07-04 20:29 - 00048410 _____ C:\Users\*****\Desktop\Aufstellung Arbeitsstunden.xlsx
2015-07-02 10:31 - 2014-06-05 09:40 - 00000000 __SHD C:\Users\*****\AppData\Local\EmieUserList
2015-07-02 10:31 - 2014-06-05 09:40 - 00000000 __SHD C:\Users\*****\AppData\Local\EmieSiteList
2015-07-02 09:33 - 2015-03-25 22:52 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-25 11:14 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-25 11:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-06-24 08:54 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-23 21:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2015-06-22 09:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2015-06-20 14:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-06-20 11:06 - 2009-07-14 04:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-20 11:02 - 2014-05-08 09:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-20 11:02 - 2010-11-21 02:54 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-20 11:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-20 11:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-20 09:58 - 2014-01-23 13:03 - 00000000 ____D C:\Windows\system32\MRT
2015-06-19 20:22 - 2013-08-07 07:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-19 20:19 - 2013-08-07 07:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-19 19:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Globalization
2015-06-19 09:36 - 2013-07-12 16:29 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla

==================== Files in the root of some directories =======

2013-08-03 21:20 - 2013-08-03 21:20 - 0007606 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0hp2km.dll
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-04 09:01

==================== End of log ============================
--- --- ---

Ich weiss nicht, ob Du nach FRST auch die Addition.txt benötigst. Aber die füge ich auch mal bei.

FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2015 01
Ran by ***** at 2015-07-18 19:57:36
Running from C:\Users\*****\Desktop\trojanerboard\programme
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2658783408-2872151984-4163876688-500 - Administrator - Disabled)
Gast (S-1-5-21-2658783408-2872151984-4163876688-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2658783408-2872151984-4163876688-1002 - Limited - Enabled)
***** (S-1-5-21-2658783408-2872151984-4163876688-1000 - Administrator - Enabled) => C:\Users\*****

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.590 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.210 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM\...\Avira System Speedup_is1) (Version: 1.6.10.1246 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Security (HKLM\...\Browser-Security) (Version: 1.0.5.0 - )
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version:  - )
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.224 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Digital Photo Navigator 1.5 (HKLM\...\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}) (Version:  - )
Dropbox (HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Elements 10 Organizer (Version: 10.0 - Ihr Firmenname) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.16483 - Landesfinanzdirektion Thüringen)
Ericsson Wireless Manager (HKLM\...\{FF203294-02C1-4632-832C-762CBD15CF2D}) (Version: 5.2.1045.57 - Dell)
Everio MediaBrowser (HKLM\...\{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}) (Version: 1.00.013 - PIXELA)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LG Bluetooth Drivers (HKLM\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG United Mobile Drivers (HKLM\...\{7BF5C379-41FF-4C6D-842C-DF82D74C2B14}) (Version: 3.7.2.0 - LG Electronics)
MaintenanceService 1.0.0 (HKLM\...\zz.544.mcc) (Version: 1.0.0 - CSDI)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.21.00.03 - Huawei Technologies Co.,Ltd)
Modem Diagnostics Tool (HKLM\...\{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}) (Version: 1.0.22.0 - Dell)
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photo Notifier and Animation Creator (HKLM\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)
PRE10STIInstaller (Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (Version: 10.0 - Adobe Systems Incorporated) Hidden
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
RICOH Media Driver ver.2.07.01.00 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH)
Security Task Manager 2.0d (HKLM\...\Security Task Manager) (Version: 2.0d - Neuber Software)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 Plugin (HKLM\...\{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (Version: 5.7.1 - SmartSound Software Inc.) Hidden
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

23-06-2015 21:05:06 Windows Update
01-07-2015 12:11:22 Geplanter Prüfpunkt
09-07-2015 12:21:37 Avira System Speedup 1.6.5
09-07-2015 12:27:24 Avira System Speedup 1.6.10
14-07-2015 20:47:03 ComboFix created restore point
18-07-2015 19:48:05 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-07-14 20:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06F201F4-7317-459A-8259-684E50928846} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {0ECD9356-DFF8-4554-83ED-A7EE666D9F4A} - \WordShark Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: {1A48A01E-08C1-4D40-A8DF-B6A606D96057} - System32\Tasks\{A92944FD-F0B9-4234-B874-4024D4477A1A} => pcalua.exe -a C:\Users\*****\Downloads\smwin143de.exe -d C:\Users\*****\Downloads
Task: {4A07045C-1EFA-4BF9-9F7F-C0A8C69E6DAC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000UA => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {53BCA81D-C5E3-4C18-AC7D-72E3043C1579} - System32\Tasks\{8F7467BB-3E53-4C26-A088-5C10E86EC387} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {5CA41FFE-1409-44E9-A716-FB88A759EDE1} - System32\Tasks\{C1569C5F-25C8-490B-97F1-7E6F2EA91ECA} => pcalua.exe -a "C:\Program Files\LG Electronics\LG Bluetooth Drivers\UninstallShld.exe" -d C:\Windows\system32 -c C:\Program Files\LG Electronics\LG Bluetooth Drivers
Task: {AD190E38-CF11-45A4-A00E-3D3F1466D5AE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000Core => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {B521A6D2-F19C-480E-89FC-F83D4E408438} - System32\Tasks\{395E5F92-BDD4-476A-BE90-74251E11422D} => pcalua.exe -a E:\ZIPFILES\_R194237.EXE -d E:\ZIPFILES
Task: {BB54A577-3CB8-4986-8455-60A2594A563C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-17] (Adobe Systems Incorporated)
Task: {C90B4669-4C79-4C10-A4E4-506868621643} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CAA932AC-F0A8-421C-91C7-29017F1ED91C} - System32\Tasks\{9EBBAC0B-B4DF-446B-8A9A-9F04CFD56246} => pcalua.exe -a E:\ZIPFILES\_R194235.EXE -d E:\ZIPFILES
Task: {D60CD9CB-6499-499E-9ABD-1F4929E90D49} - System32\Tasks\{2B175F30-DB77-4283-9289-0C0D17830036} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {F3972A81-211D-4296-8EDF-F77C91F501E6} - \WordShark Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000Core.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000UA.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2658783408-2872151984-4163876688-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Scanner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2658783408-2872151984-4163876688-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk => C:\Windows\pss\MBCameraMonitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Dropbox Update => "C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{85599A72-E26C-46F3-89D0-B837945A236F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{610645C8-B63A-408D-AA9E-AC847FD7D023}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{96FB713E-3710-46FD-8178-9325EE7DEADE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCB211D4-62B3-4A00-8248-E626DF572CC9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ABF8BBE6-5B64-4C9C-BBB3-E5F4A2AC2F76}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C55F8FF1-2DF3-4B2A-ABE6-B3EB083E5FBC}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{F2BAB387-2E42-4DC0-AC82-7486EB647FCA}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8543C986-7BA0-40EF-A337-193EB2F30115}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B8A5AF3B-6FFE-4EA1-98A5-23384D4748B2}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{58895474-99A4-4AE6-83FF-0B04AD68A410}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{EB581668-FA28-4F3F-8E94-A7FED21BA583}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B1A820FD-1279-4CC4-AC77-B12299558573}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9B59272F-3CFF-4686-82A7-C0871A2A64CF}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F77FDC70-8E5A-4A5D-A30A-9DA655131490}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B57F3F73-D8DF-4EAF-9D12-1DE640680539}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Canon MP620 ser Network
Description: Canon MP620 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2015 07:45:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 07:35:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 06:54:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 07:20:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Timed out waiting for acknowledgement of machine sleep

Error: (07/17/2015 07:10:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 01:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8392

Error: (07/17/2015 01:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8392

Error: (07/17/2015 01:02:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2015 01:02:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

Error: (07/17/2015 01:02:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7285


System errors:
=============
Error: (07/18/2015 07:49:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/18/2015 07:49:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Active File Monitor V10" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/18/2015 07:49:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/18/2015 07:49:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/18/2015 07:49:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/18/2015 07:49:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Client Virtualization Handler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/18/2015 07:49:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/18/2015 07:49:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SupportSoft Sprocket Service (dellsupportcenter)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/18/2015 07:49:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/18/2015 07:49:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Mobile Broadband HL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/18/2015 07:45:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 07:35:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 06:54:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 07:20:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Timed out waiting for acknowledgement of machine sleep

Error: (07/17/2015 07:10:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 01:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8392

Error: (07/17/2015 01:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8392

Error: (07/17/2015 01:02:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2015 01:02:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

Error: (07/17/2015 01:02:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7285


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 3030.89 MB
Available physical RAM: 1422.69 MB
Total Virtual: 6060.1 MB
Available Virtual: 4245.39 MB

==================== Drives ================================

Drive c: (win7-32) (Fixed) (Total:270.35 GB) (Free:183.55 GB) NTFS
Drive d: (Daten) (Fixed) (Total:195.31 GB) (Free:156.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1EFCCBBE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---

--- --- ---

schrauber 19.07.2015 14:09

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

knisbits 19.07.2015 21:19
Hallo Schrauber,
ich habe schön gemacht, was Du mir geschrieben hast. Anbei noch meine Logs. Ahnung von dem, was die ganzen Auswertungen zeigen, habe ich keine, aber heute kam die Adware bisher noch nicht :-).
Viele Grüße
knisbits

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5feb295eed8a054186ad32427f3eb3da
# end=init
# utc_time=2015-07-19 06:43:05
# local_time=2015-07-19 08:43:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24878
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5feb295eed8a054186ad32427f3eb3da
# end=updated
# utc_time=2015-07-19 06:46:59
# local_time=2015-07-19 08:46:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5feb295eed8a054186ad32427f3eb3da
# engine=24878
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-19 07:53:31
# local_time=2015-07-19 09:53:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 63350266 188966802 0 0
# scanned=176801
# found=4
# cleaned=0
# scan_time=3991
sh=8536071D38751D5A9955A2D71200090A21AA77CD ft=1 fh=a197efc699880b48 vn="Variante von MSIL/Rebrand.LittleRegClean.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MaxComputerCleaner\MaxComputerCleanerSetup_SILENT.exe.vir"
sh=5440FD0A2B023B19183E0568A21CDAE8DE5F7F6D ft=1 fh=86b19f7a5ab8ec2c vn="Win32/Adware.Synatix Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\*****\AppData\Local\DownloadGuide\Offers\pricealarm.exe.vir"
sh=2F016F395DA134CB240A375BD4AFE67BC4F4AACE ft=1 fh=d29baf39a786373a vn="Win32/Adware.Synatix Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\*****\AppData\Roaming\Windows Net Data\net.exe.vir"
sh=2F016F395DA134CB240A375BD4AFE67BC4F4AACE ft=1 fh=d29baf39a786373a vn="Win32/Adware.Synatix Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\*****\AppData\Roaming\Windows Net Data\uninstaller.exe.vir"
Code:
Results of screen317's Security Check version 1.004 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0   
 Java 8 Update 31 
 Java version 32-bit out of Date!
 Adobe Flash Player        18.0.0.210 
 Adobe Reader XI 
 Mozilla Firefox (39.0)
 Mozilla Thunderbird (31.7.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Avira Antivirus sched.exe 
 Avira Antivirus avshadow.exe 
 Avira Antivirus avmailc7.exe 
 Avira Antivirus avwebg7.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2015 01
Ran by ***** (administrator) on DELL on 19-07-2015 22:11:25
Running from C:\Users\*****\Desktop\trojanerboard\programme
Loaded Profiles: ***** & Gast (Available Profiles: ***** & Gast)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2010-01-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\Run: [Spy Protector] => C:\Program Files\Security Task Manager\SpyProtector.exe [143696 2015-01-20] (Neuber Software - www.neuber.com)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:51489;https=127.0.0.1:51489
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/de-de/?ocid=U218DHP&pc=U218
HKU\S-1-5-21-2658783408-2872151984-4163876688-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2658783408-2872151984-4163876688-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{40291A9A-F343-4464-AE17-E07FD7983EC2}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{83642F9C-5316-4FBD-86F3-C5568057A4A7}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{D1A00C5C-B00A-41C1-BC16-B4F2AB0BA1F4}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Ask Search
FF Homepage: hxxp://web.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_210.dll [2015-07-17] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\mailcheck@web.de [2015-05-27]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-19]
FF Extension: Browser-Security - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\firefox@browser-security.de.xpi [2015-05-27]
FF Extension: Forecastfox (fix version) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\forecastfox@s3_fix_version.xpi [2015-05-11]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jdbxjma1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-15]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2008-03-11] (SupportSoft, Inc.)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-24] (soft Xpansion)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-06-16] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
R3 eapihdrv; C:\Users\*****\AppData\Local\Temp\ehdrv.sys [135760 2015-07-19] (ESET)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. )
S3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\*****\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 22:08 - 2015-07-19 22:08 - 00852662 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2015-07-19 20:42 - 2015-07-19 20:42 - 02870984 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2015-07-18 19:47 - 2015-07-18 19:47 - 01798288 _____ (Malwarebytes Corporation) C:\Users\*****\Desktop\JRT.exe
2015-07-18 19:40 - 2015-07-18 19:40 - 02248704 _____ C:\Users\*****\Desktop\AdwCleaner_4.208.exe
2015-07-14 20:46 - 2015-07-14 21:09 - 00000000 ____D C:\Qoobox
2015-07-14 20:46 - 2015-07-14 21:09 - 00000000 ____D C:\ComboFix
2015-07-14 20:46 - 2015-07-14 21:07 - 00000000 ____D C:\Windows\erdnt
2015-07-14 20:46 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-14 20:46 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-14 20:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-14 20:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-14 20:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-14 20:46 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-14 20:46 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-14 20:46 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-14 14:06 - 2015-07-14 14:06 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-09 20:23 - 2015-07-19 22:11 - 00000000 ____D C:\FRST
2015-07-09 20:21 - 2015-07-09 20:21 - 00000474 _____ C:\Users\*****\Desktop\defogger_disable.log
2015-07-09 20:21 - 2015-07-09 20:21 - 00000000 _____ C:\Users\*****\defogger_reenable
2015-07-09 20:13 - 2015-07-19 22:11 - 00000000 ____D C:\Users\*****\Desktop\trojanerboard
2015-07-09 12:29 - 2015-07-09 12:29 - 00001170 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-07-09 12:23 - 2015-07-09 15:18 - 00000000 ____D C:\Users\*****\AppData\Local\AviraSpeedup
2015-07-09 12:23 - 2015-07-09 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-07-09 12:20 - 2015-07-09 12:21 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-07-07 11:44 - 2015-07-07 11:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Avira
2015-07-07 11:43 - 2015-07-07 12:09 - 00002011 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-07-07 11:41 - 2015-06-16 09:36 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-07 11:41 - 2015-06-16 09:36 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-07 11:41 - 2015-06-16 09:36 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-07-07 11:41 - 2015-06-16 09:36 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-07-07 10:40 - 2015-07-07 10:40 - 00000000 ____D C:\Users\*****\Mozilla
2015-06-29 09:38 - 2015-07-19 20:18 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 09:38 - 2015-07-02 09:33 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-29 09:38 - 2015-07-02 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 09:38 - 2015-06-18 09:38 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 09:38 - 2015-06-18 09:38 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-29 09:38 - 2015-06-18 09:38 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-25 11:33 - 2015-07-14 21:29 - 00000000 ____D C:\ProgramData\TEMP
2015-06-25 11:33 - 2015-07-14 21:25 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-06-25 11:33 - 2015-06-25 11:33 - 00001048 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-06-25 11:33 - 2015-06-25 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-06-25 11:33 - 2015-06-25 11:33 - 00000000 ____D C:\ProgramData\Licenses
2015-06-25 11:33 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL
2015-06-23 21:05 - 2015-01-09 04:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-23 21:05 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-23 21:05 - 2015-01-09 04:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-06-22 09:17 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-06-20 11:02 - 2015-06-20 11:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-20 11:02 - 2015-06-20 11:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-20 10:26 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-20 10:17 - 2015-01-09 01:44 - 00419936 _____ C:\Windows\system32\locale.nls
2015-06-20 10:11 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-06-20 10:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-20 10:03 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-20 10:03 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-20 10:03 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-20 09:41 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-20 09:41 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-20 09:41 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-20 09:41 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-20 09:41 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-20 09:41 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-20 09:41 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-20 09:41 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-20 09:41 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-20 09:41 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-20 09:41 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-20 09:41 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-20 09:41 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-20 09:41 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-20 09:41 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-20 09:41 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-20 09:41 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-20 09:41 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-20 09:41 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-20 09:41 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-20 09:41 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-20 09:41 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-20 09:41 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-20 09:41 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-20 09:41 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-20 09:41 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-20 09:41 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-20 09:41 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-20 09:41 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-20 09:41 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-20 09:41 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-20 09:41 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-20 09:41 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-20 09:41 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-20 09:41 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-20 09:41 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-20 09:41 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-20 09:41 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-20 09:41 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-20 09:41 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-20 09:41 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-20 09:41 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-20 09:41 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-20 09:41 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-20 09:41 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-20 09:41 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-20 09:40 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-20 09:40 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-20 09:40 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-20 09:40 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-20 09:40 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-20 09:40 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-20 09:40 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-20 09:40 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-20 09:40 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-20 09:40 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-20 09:40 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-20 09:40 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-20 09:40 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-20 09:40 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-20 09:39 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-20 09:39 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-20 09:39 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-20 09:39 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-20 09:39 - 2015-01-28 01:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-06-20 09:39 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-20 09:39 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-20 09:39 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-20 09:39 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-20 09:39 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-20 09:39 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-06-20 09:39 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-20 09:39 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-06-20 09:39 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-06-20 09:39 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-06-20 09:39 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-06-20 09:39 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-06-20 09:39 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-20 09:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-20 09:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-20 09:38 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-20 09:38 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-20 09:38 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-20 09:38 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-20 09:38 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-20 09:38 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-20 09:38 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-20 09:38 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-20 09:38 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-20 09:38 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-20 09:38 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-20 09:38 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-20 09:38 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-20 09:38 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-20 09:38 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-20 09:38 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-20 09:38 - 2014-12-11 19:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-20 09:38 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-20 09:38 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-06-20 09:38 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-20 09:38 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-20 09:38 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-06-20 09:38 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-06-20 09:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-20 09:37 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-20 09:37 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-20 09:37 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-20 09:37 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-20 09:37 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-20 09:37 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-20 09:37 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-20 09:37 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-20 09:37 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-20 09:37 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-20 09:37 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-20 09:37 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-20 09:37 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-20 09:37 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-20 09:37 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-20 09:37 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-20 09:37 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-20 09:37 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-20 09:37 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-20 09:37 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-20 09:37 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-20 09:37 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-20 09:37 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-20 09:37 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-20 09:37 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-20 09:37 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-20 09:37 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-20 09:37 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-20 09:37 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-20 09:37 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-20 09:37 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-20 09:37 - 2014-11-11 03:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-06-20 09:37 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-20 09:37 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-06-20 09:37 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-20 09:37 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-20 09:37 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-20 09:37 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-20 09:37 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-06-20 09:37 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-20 09:37 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-20 09:37 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-20 09:37 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-20 09:37 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-20 09:37 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-20 09:37 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-06-20 09:31 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-20 09:31 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-06-20 09:23 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-06-20 09:23 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-06-19 20:00 - 2015-06-19 20:00 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-06-19 20:00 - 2015-06-19 20:00 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-06-19 20:00 - 2015-06-19 20:00 - 00001104 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-06-19 20:00 - 2015-06-19 20:00 - 00000000 ____D C:\Program Files\Security Task Manager
2015-06-19 12:23 - 2015-07-19 21:51 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000UA.job
2015-06-19 12:23 - 2015-07-19 16:50 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000Core.job
2015-06-19 12:23 - 2015-06-19 12:23 - 00000000 ____D C:\Users\*****\AppData\Local\Dropbox
2015-06-19 12:23 - 2015-06-19 12:23 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 21:34 - 2013-07-12 16:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-19 20:37 - 2010-11-20 23:01 - 01620796 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-19 20:36 - 2014-01-18 21:30 - 00000000 ___RD C:\Users\*****\Dropbox
2015-07-19 20:36 - 2014-01-18 21:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2015-07-19 20:29 - 2013-07-12 16:13 - 01831785 _____ C:\Windows\WindowsUpdate.log
2015-07-19 11:15 - 2009-07-14 06:34 - 00021264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-19 11:15 - 2009-07-14 06:34 - 00021264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-19 11:06 - 2014-09-23 19:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-19 11:06 - 2013-07-12 16:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-19 11:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-18 20:26 - 2014-09-23 19:41 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-18 20:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-07-18 19:42 - 2015-03-25 20:55 - 00000000 ____D C:\AdwCleaner
2015-07-17 09:34 - 2013-07-12 16:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-17 09:34 - 2013-07-12 16:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-17 09:33 - 2013-07-12 16:43 - 00000000 ____D C:\Users\*****\AppData\Roaming\SoftGrid Client
2015-07-14 21:09 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-07-14 21:09 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-07-14 21:02 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-07-14 20:45 - 2013-07-12 16:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 11:02 - 2013-07-12 16:21 - 00000000 ____D C:\Users\*****
2015-07-14 10:59 - 2015-04-10 09:56 - 00020480 ___SH C:\Users\*****\Thumbs.db
2015-07-09 20:15 - 2015-03-09 20:44 - 00000000 ____D C:\Users\*****\Desktop\DAK
2015-07-09 15:18 - 2013-07-24 13:26 - 00000000 ____D C:\Windows\Minidump
2015-07-09 12:46 - 2009-07-14 06:33 - 00266744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-09 12:23 - 2013-07-24 17:28 - 00059640 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-09 12:21 - 2013-07-21 10:34 - 00000000 ____D C:\Program Files\Avira
2015-07-08 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\TAPI
2015-07-07 12:09 - 2015-06-09 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-07 11:41 - 2013-07-21 10:34 - 00000000 ____D C:\ProgramData\Avira
2015-07-07 10:54 - 2014-08-14 09:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-03 21:09 - 2014-07-04 20:29 - 00048410 _____ C:\Users\*****\Desktop\Aufstellung Arbeitsstunden.xlsx
2015-07-02 10:31 - 2014-06-05 09:40 - 00000000 __SHD C:\Users\*****\AppData\Local\EmieUserList
2015-07-02 10:31 - 2014-06-05 09:40 - 00000000 __SHD C:\Users\*****\AppData\Local\EmieSiteList
2015-07-02 09:33 - 2015-03-25 22:52 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-25 11:14 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-25 11:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-06-24 08:54 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-23 21:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2015-06-22 09:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2015-06-20 14:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-06-20 11:06 - 2009-07-14 04:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-20 11:02 - 2014-05-08 09:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-20 11:02 - 2010-11-21 02:54 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-20 11:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-20 11:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-20 09:58 - 2014-01-23 13:03 - 00000000 ____D C:\Windows\system32\MRT
2015-06-19 20:22 - 2013-08-07 07:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-19 20:19 - 2013-08-07 07:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-19 19:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Globalization
2015-06-19 09:36 - 2013-07-12 16:29 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla

==================== Files in the root of some directories =======

2013-08-03 21:20 - 2013-08-03 21:20 - 0007606 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcw8iu.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-04 09:01

==================== End of log ============================
--- --- ---

FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2015 01
Ran by ***** at 2015-07-18 19:57:36
Running from C:\Users\*****\Desktop\trojanerboard\programme
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2658783408-2872151984-4163876688-500 - Administrator - Disabled)
Gast (S-1-5-21-2658783408-2872151984-4163876688-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2658783408-2872151984-4163876688-1002 - Limited - Enabled)
***** (S-1-5-21-2658783408-2872151984-4163876688-1000 - Administrator - Enabled) => C:\Users\*****

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.590 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.210 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM\...\Avira System Speedup_is1) (Version: 1.6.10.1246 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Security (HKLM\...\Browser-Security) (Version: 1.0.5.0 - )
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version:  - )
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.224 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Digital Photo Navigator 1.5 (HKLM\...\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}) (Version:  - )
Dropbox (HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Elements 10 Organizer (Version: 10.0 - Ihr Firmenname) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.16483 - Landesfinanzdirektion Thüringen)
Ericsson Wireless Manager (HKLM\...\{FF203294-02C1-4632-832C-762CBD15CF2D}) (Version: 5.2.1045.57 - Dell)
Everio MediaBrowser (HKLM\...\{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}) (Version: 1.00.013 - PIXELA)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LG Bluetooth Drivers (HKLM\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG United Mobile Drivers (HKLM\...\{7BF5C379-41FF-4C6D-842C-DF82D74C2B14}) (Version: 3.7.2.0 - LG Electronics)
MaintenanceService 1.0.0 (HKLM\...\zz.544.mcc) (Version: 1.0.0 - CSDI)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.21.00.03 - Huawei Technologies Co.,Ltd)
Modem Diagnostics Tool (HKLM\...\{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}) (Version: 1.0.22.0 - Dell)
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photo Notifier and Animation Creator (HKLM\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)
PRE10STIInstaller (Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (Version: 10.0 - Adobe Systems Incorporated) Hidden
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
RICOH Media Driver ver.2.07.01.00 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH)
Security Task Manager 2.0d (HKLM\...\Security Task Manager) (Version: 2.0d - Neuber Software)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 Plugin (HKLM\...\{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (Version: 5.7.1 - SmartSound Software Inc.) Hidden
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\*****\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

23-06-2015 21:05:06 Windows Update
01-07-2015 12:11:22 Geplanter Prüfpunkt
09-07-2015 12:21:37 Avira System Speedup 1.6.5
09-07-2015 12:27:24 Avira System Speedup 1.6.10
14-07-2015 20:47:03 ComboFix created restore point
18-07-2015 19:48:05 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-07-14 20:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06F201F4-7317-459A-8259-684E50928846} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {0ECD9356-DFF8-4554-83ED-A7EE666D9F4A} - \WordShark Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: {1A48A01E-08C1-4D40-A8DF-B6A606D96057} - System32\Tasks\{A92944FD-F0B9-4234-B874-4024D4477A1A} => pcalua.exe -a C:\Users\*****\Downloads\smwin143de.exe -d C:\Users\*****\Downloads
Task: {4A07045C-1EFA-4BF9-9F7F-C0A8C69E6DAC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000UA => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {53BCA81D-C5E3-4C18-AC7D-72E3043C1579} - System32\Tasks\{8F7467BB-3E53-4C26-A088-5C10E86EC387} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {5CA41FFE-1409-44E9-A716-FB88A759EDE1} - System32\Tasks\{C1569C5F-25C8-490B-97F1-7E6F2EA91ECA} => pcalua.exe -a "C:\Program Files\LG Electronics\LG Bluetooth Drivers\UninstallShld.exe" -d C:\Windows\system32 -c C:\Program Files\LG Electronics\LG Bluetooth Drivers
Task: {AD190E38-CF11-45A4-A00E-3D3F1466D5AE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000Core => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {B521A6D2-F19C-480E-89FC-F83D4E408438} - System32\Tasks\{395E5F92-BDD4-476A-BE90-74251E11422D} => pcalua.exe -a E:\ZIPFILES\_R194237.EXE -d E:\ZIPFILES
Task: {BB54A577-3CB8-4986-8455-60A2594A563C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-17] (Adobe Systems Incorporated)
Task: {C90B4669-4C79-4C10-A4E4-506868621643} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CAA932AC-F0A8-421C-91C7-29017F1ED91C} - System32\Tasks\{9EBBAC0B-B4DF-446B-8A9A-9F04CFD56246} => pcalua.exe -a E:\ZIPFILES\_R194235.EXE -d E:\ZIPFILES
Task: {D60CD9CB-6499-499E-9ABD-1F4929E90D49} - System32\Tasks\{2B175F30-DB77-4283-9289-0C0D17830036} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {F3972A81-211D-4296-8EDF-F77C91F501E6} - \WordShark Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000Core.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2658783408-2872151984-4163876688-1000UA.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2658783408-2872151984-4163876688-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Scanner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2658783408-2872151984-4163876688-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MBCameraMonitor.lnk => C:\Windows\pss\MBCameraMonitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Dropbox Update => "C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{85599A72-E26C-46F3-89D0-B837945A236F}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{610645C8-B63A-408D-AA9E-AC847FD7D023}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{96FB713E-3710-46FD-8178-9325EE7DEADE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCB211D4-62B3-4A00-8248-E626DF572CC9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ABF8BBE6-5B64-4C9C-BBB3-E5F4A2AC2F76}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C55F8FF1-2DF3-4B2A-ABE6-B3EB083E5FBC}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{F2BAB387-2E42-4DC0-AC82-7486EB647FCA}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8543C986-7BA0-40EF-A337-193EB2F30115}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B8A5AF3B-6FFE-4EA1-98A5-23384D4748B2}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{58895474-99A4-4AE6-83FF-0B04AD68A410}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{EB581668-FA28-4F3F-8E94-A7FED21BA583}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B1A820FD-1279-4CC4-AC77-B12299558573}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9B59272F-3CFF-4686-82A7-C0871A2A64CF}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F77FDC70-8E5A-4A5D-A30A-9DA655131490}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B57F3F73-D8DF-4EAF-9D12-1DE640680539}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Canon MP620 ser Network
Description: Canon MP620 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2015 07:45:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 07:35:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 06:54:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 07:20:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Timed out waiting for acknowledgement of machine sleep

Error: (07/17/2015 07:10:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 01:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8392

Error: (07/17/2015 01:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8392

Error: (07/17/2015 01:02:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2015 01:02:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

Error: (07/17/2015 01:02:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7285


System errors:
=============
Error: (07/18/2015 07:49:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/18/2015 07:49:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Active File Monitor V10" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/18/2015 07:49:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/18/2015 07:49:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/18/2015 07:49:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/18/2015 07:49:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Client Virtualization Handler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/18/2015 07:49:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/18/2015 07:49:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SupportSoft Sprocket Service (dellsupportcenter)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/18/2015 07:49:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/18/2015 07:49:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Mobile Broadband HL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/18/2015 07:45:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 07:35:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2015 06:54:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 07:20:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Timed out waiting for acknowledgement of machine sleep

Error: (07/17/2015 07:10:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2015 01:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8392

Error: (07/17/2015 01:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8392

Error: (07/17/2015 01:02:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2015 01:02:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

Error: (07/17/2015 01:02:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7285


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 3030.89 MB
Available physical RAM: 1422.69 MB
Total Virtual: 6060.1 MB
Available Virtual: 4245.39 MB

==================== Drives ================================

Drive c: (win7-32) (Fixed) (Total:270.35 GB) (Free:183.55 GB) NTFS
Drive d: (Daten) (Fixed) (Total:195.31 GB) (Free:156.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1EFCCBBE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---

--- --- ---

Hallo Schrauber,
es wäre noch gut zu wissen, ob Du sehen konntest, woran das Problem lag und was es letztendlich gelöst hat. Evtl. das Programm JRT? Ich frage, falls das Problem wieder auftauchen sollte.
Danke knisbits

schrauber 20.07.2015 10:18
Beim nächsten Mal kann das gleiche Problem ne völlig andere Ursache haben :)

Auf jeden Fall ne Menge Adware.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {06F201F4-7317-459A-8259-684E50928846} - \Browser Updater\Browser Updater No Task File <==== ATTENTION

Task: {0ECD9356-DFF8-4554-83ED-A7EE666D9F4A} - \WordShark Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION

Task: {F3972A81-211D-4296-8EDF-F77C91F501E6} - \WordShark Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
RemoveProxy:
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




frisches FRST log bitte.

knisbits 20.07.2015 10:32
Hallo Schrauber,
ich wollte jetzt FRST starten und bekam dann von AVIRA diese Meldung. Ich meinte, dass ich AVIRA nicht ausschalten sollte.

Code:
Meldung AVIRA
Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\*****\Desktop\trojanerboard\programme\FRST.exe'
C:\Users\*****\Desktop\trojanerboard\programme\FRST.exe
  [FUND]      Ist das Trojanische Pferd TR/Graftor.1637888

Beginne mit der Desinfektion:
C:\Users\*****\Desktop\trojanerboard\programme\FRST.exe
  [FUND]      Ist das Trojanische Pferd TR/Graftor.1637888
  [WARNUNG]  Die Datei wurde ignoriert.


Ende des Suchlaufs: Montag, 20. Juli 2015  11:28
Benötigte Zeit: 00:10 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    808 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    807 Dateien ohne Befall
    10 Archive wurden durchsucht
      1 Warnungen
      0 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.

schrauber 21.07.2015 06:45
ist ein Fehlalarm von Avira.

knisbits 21.07.2015 09:08
Hallo Schrauber,
anbei die Fixlog.
Kann es sein, dass die Datei Fixlist.txt dann weg ist? Die ist nämlich nicht mehr in dem Ordner.
Danke und Grüße
knisbits

Code:
Fix result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by ***** at 2015-07-21 09:55:49 Run:1
Running from C:\Users\*****\Desktop\trojanerboard\programme
Loaded Profiles: ***** & Gast (Available Profiles: ***** & Gast)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Task: {06F201F4-7317-459A-8259-684E50928846} - \Browser Updater\Browser Updater No Task File <==== ATTENTION

Task: {0ECD9356-DFF8-4554-83ED-A7EE666D9F4A} - \WordShark Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION

Task: {F3972A81-211D-4296-8EDF-F77C91F501E6} - \WordShark Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
RemoveProxy:
Emptytemp:
       
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06F201F4-7317-459A-8259-684E50928846}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06F201F4-7317-459A-8259-684E50928846}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0ECD9356-DFF8-4554-83ED-A7EE666D9F4A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ECD9356-DFF8-4554-83ED-A7EE666D9F4A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordShark Auto Updater 1.10.0.19 Pending Update" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3972A81-211D-4296-8EDF-F77C91F501E6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3972A81-211D-4296-8EDF-F77C91F501E6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordShark Auto Updater 1.10.0.19 Core" => key removed successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2658783408-2872151984-4163876688-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2658783408-2872151984-4163876688-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2658783408-2872151984-4163876688-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2658783408-2872151984-4163876688-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2658783408-2872151984-4163876688-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2658783408-2872151984-4163876688-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2658783408-2872151984-4163876688-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========

EmptyTemp: => 462.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 10:01:05 ====

schrauber 21.07.2015 17:29
ja :)

frisches FRST log bitte. Noch Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:21 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19