Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Malwarebytes Anti Malware startet nicht (https://www.trojaner-board.de/157718-malwarebytes-anti-malware-startet.html)

Stefli 17.08.2014 19:07
Malwarebytes Anti Malware startet nicht
 
Hallo ,

Anti-Malware lässt sich bei mir nicht starten und nicht Aktualisieren.
Es kommt sofort die Meldung - Malwarebytes Anti-Malware funktioniert nicht mehr. Windows kann Online nach eine Lösung für das Problem suchen.
Ich habe schon Chamelon runtegeladen und gestartet - Maleware sucht findet und löscht die gefundenen Dateien - klappt also alles.
Aber auch nach den Suchlauf kann ich Maleware nicht "NORMAL" starten oder Aktualisieren.

LG Stefli

schrauber 17.08.2014 19:26
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Stefli 17.08.2014 20:03
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 03
Ran by Guten Tag (administrator) on STEFAN on 17-08-2014 20:38:46
Running from C:\Users\Guten Tag\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131\etmajyzoqm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\005\cyycfhtzro32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Users\Guten Tag\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Guten Tag\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Guten Tag\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Guten Tag\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3458143755-1736724782-1955730750-1001\...\Run: [PMCRemote] => [X]
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\GUTENT~1\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat"
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001\...\MountPoints2: {1f50c9c4-74df-11e0-9e0c-002220037fb8} - F:\AutoRun.exe
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001\...\MountPoints2: {1f50c9c7-74df-11e0-9e0c-002220037fb8} - F:\AutoRun.exe
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001\...\MountPoints2: {25ac62d9-74af-11e0-a636-002220037fb8} - F:\AutoRun.exe
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001\...\MountPoints2: {5578547f-74b3-11e0-9292-002220037fb8} - F:\AutoRun.exe
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001\...\MountPoints2: {55785482-74b3-11e0-9292-002220037fb8} - F:\AutoRun.exe
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PMCRemote] => [X]
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\GUTENT~1\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat"
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1f50c9c4-74df-11e0-9e0c-002220037fb8} - F:\AutoRun.exe
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1f50c9c7-74df-11e0-9e0c-002220037fb8} - F:\AutoRun.exe
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {25ac62d9-74af-11e0-a636-002220037fb8} - F:\AutoRun.exe
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5578547f-74b3-11e0-9292-002220037fb8} - F:\AutoRun.exe
HKU\S-1-5-21-3458143755-1736724782-1955730750-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {55785482-74b3-11e0-9292-002220037fb8} - F:\AutoRun.exe
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_ir_14_33_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAyD0FyDyD0D0DtC0DyByBtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBzzzzyDtB0A0D0FtGzz0FyCtCtGzz0F0C0BtGtBtCtByBtGtC0B0CtD0E0F0FyDyCyEyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyDzyyB0CtA0EzztGyDtDzz0EtGzy0FtByEtGtCtAzz0EtGtC0Fzz0A0BtCyD0FyDtDyE0D2Q&cr=1547121127&ir=
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5f85f209-0a8e-e638-d096-2826f0d67c79&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=05/12/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5f85f209-0a8e-e638-d096-2826f0d67c79&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=05/12/2013&type=hp1000
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_33_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAyD0FyDyD0D0DtC0DyByBtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBzzzzyDtB0A0D0FtGzz0FyCtCtGzz0F0C0BtGtBtCtByBtGtC0B0CtD0E0F0FyDyCyEyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyDzyyB0CtA0EzztGyDtDzz0EtGzy0FtByEtGtCtAzz0EtGtC0Fzz0A0BtCyD0FyDtDyE0D2Q&cr=1547121127&ir=
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5f85f209-0a8e-e638-d096-2826f0d67c79&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=05/12/2013&type=hp1000
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_33_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAyD0FyDyD0D0DtC0DyByBtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBzzzzyDtB0A0D0FtGzz0FyCtCtGzz0F0C0BtGtBtCtByBtGtC0B0CtD0E0F0FyDyCyEyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyDzyyB0CtA0EzztGyDtDzz0EtGzy0FtByEtGtCtAzz0EtGtC0Fzz0A0BtCyD0FyDtDyE0D2Q&cr=1547121127&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3233B9B9-A6F6-4BEE-83E0-99A2694B33C8&q={searchTerms}&SSPV=
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Guten Tag\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Guten Tag\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2012-10-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-17]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-04-14]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-04-14]
FF HKLM\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin

Chrome:
=======
CHR HomePage: hxxp://google/
CHR StartupUrls: "https://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-16]
CHR Extension: (Google Drive) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16]
CHR Extension: (YouTube) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-16]
CHR Extension: (Google-Suche) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-16]
CHR Extension: (Avira SafeSearch) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-17]
CHR Extension: (DivX HiQ) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2013-03-16]
CHR Extension: (Google Wallet) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-16]
CHR Extension: (Google Mail) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-16]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllDaySavingsService; C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131\etmajyzoqm.exe [150528 2014-07-31] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-17] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
S3 avmident; C:\Program Files\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin) [File not signed]
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-29] (CyberGhost S.R.L)
R2 cyycfhtzro32; C:\Program Files\005\cyycfhtzro32.exe [543232 2014-08-17] () [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [244904 2008-08-20] () [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware) [File not signed]
S4 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121464 2011-08-19] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-01-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
R3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbgene.sys [175360 2008-10-02] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 Ltn_stk7070P; C:\Windows\System32\DRIVERS\Ltn_stk7070P.sys [466048 2007-06-14] (LITEON)
S3 Ltn_stkrc; C:\Windows\System32\DRIVERS\Ltn_stkrc.sys [13440 2007-06-13] (LITEON)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2009-01-19] (Meetinghouse Data Communications) [File not signed]
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-07-31] (NetFilterSDK.com) [File not signed]
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2010-12-09] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-17] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-03-26] (AnchorFree Inc)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\HomeCinema\PlayMovie\000.fcl [61424 2008-10-21] (Cyberlink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files\CyberLink\PowerDVD8\000.fcl [87536 2009-08-28] (CyberLink Corp.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 20:38 - 2014-08-17 20:39 - 00022867 _____ () C:\Users\Guten Tag\Downloads\FRST.txt
2014-08-17 20:38 - 2014-08-17 20:39 - 00000000 ____D () C:\FRST
2014-08-17 20:37 - 2014-08-17 20:37 - 01093632 _____ (Farbar) C:\Users\Guten Tag\Downloads\FRST.exe
2014-08-17 18:26 - 2014-08-17 18:26 - 00186018 _____ () C:\Windows\setupact.log
2014-08-17 18:26 - 2014-08-17 18:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-17 18:24 - 2014-08-17 18:24 - 00000340 _____ () C:\Users\Guten Tag\Documents\cc_20140817_182409.reg
2014-08-17 17:51 - 2014-08-17 17:51 - 04872677 _____ () C:\Users\Guten Tag\Downloads\mbam-chameleon-3.1.4.0.zip
2014-08-17 17:51 - 2014-06-03 15:08 - 00000000 ____D () C:\Users\Guten Tag\Desktop\Chameleon
2014-08-17 17:28 - 2014-08-17 17:28 - 00000000 ____D () C:\ProgramData\2308189059
2014-08-17 17:13 - 2014-08-17 17:13 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\BrowserSafeguard
2014-08-17 17:04 - 2014-08-17 20:05 - 00000306 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-17 17:04 - 2014-08-17 17:04 - 00000000 ____D () C:\Users\Guten Tag\AppData\Roaming\WSE_Astromenda
2014-08-17 17:04 - 2014-08-17 17:04 - 00000000 ____D () C:\Users\Guten Tag\AppData\Roaming\Astromenda
2014-08-17 17:04 - 2014-08-17 17:04 - 00000000 ____D () C:\MININT
2014-08-17 17:03 - 2014-08-17 17:03 - 00717248 _____ ( ) C:\Users\Guten Tag\Downloads\IDM2-Win-EN.exe
2014-08-17 17:00 - 2014-08-17 20:27 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-08-17 16:58 - 2014-08-17 17:33 - 00000000 ____D () C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131
2014-08-17 16:57 - 2014-08-17 16:58 - 00000000 ____D () C:\Program Files\005
2014-08-17 16:55 - 2014-08-17 16:55 - 00163784 _____ (Software Installer ) C:\Users\Guten Tag\Downloads\Setup (1).exe
2014-08-17 16:55 - 2014-08-17 16:55 - 00146432 _____ (Software Installer ) C:\Users\Guten Tag\AppData\Roaming\setup.exe
2014-08-17 16:51 - 2014-08-17 16:51 - 00163784 _____ (Software Installer ) C:\Users\Guten Tag\Downloads\Setup.exe
2014-08-17 16:37 - 2014-08-17 19:51 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 16:37 - 2014-08-17 18:09 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-17 16:37 - 2014-08-17 16:37 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-17 16:37 - 2014-08-17 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-17 16:37 - 2014-08-17 16:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-17 16:37 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-17 16:37 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-17 16:36 - 2014-08-17 16:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guten Tag\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-17 15:49 - 2014-08-17 15:49 - 00012650 _____ () C:\Users\Guten Tag\Documents\cc_20140817_154952.reg
2014-08-17 15:07 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 15:07 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 15:07 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 15:07 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 14:59 - 2014-08-17 16:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 14:59 - 2014-08-17 16:11 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-17 14:44 - 2014-08-17 17:13 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-17 14:44 - 2014-08-17 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-08-17 14:43 - 2014-08-17 14:43 - 01889616 _____ (SurfRight B.V.) C:\Users\Guten Tag\Downloads\hmpalert.exe
2014-08-17 14:20 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 14:20 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 14:20 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 14:20 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 14:20 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 14:20 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 14:20 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 14:20 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 14:20 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 14:20 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 14:20 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 14:20 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 14:20 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 14:20 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 14:20 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 14:20 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 14:20 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 14:20 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 14:20 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 14:20 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-17 14:20 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-17 14:19 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 14:19 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 14:19 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 14:19 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 14:19 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 14:19 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 14:19 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 14:19 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 14:19 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 14:19 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 14:19 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 14:19 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 14:19 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 14:19 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 14:19 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 14:19 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 14:19 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 14:19 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 14:19 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 14:10 - 2014-08-17 14:10 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{0EB524D0-D378-47AA-9226-7C5358406FC2}
2014-08-01 22:31 - 2014-08-01 22:31 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{1C9A7D93-CCBF-40C3-B144-D99E4869706E}
2014-08-01 20:39 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Guten Tag\Desktop\DCIM
2014-07-31 22:20 - 2014-07-31 22:20 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-07-29 22:18 - 2014-07-29 22:18 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{7A9F036B-E098-4E61-A75D-233F681E5BFC}
2014-07-27 21:36 - 2014-07-27 21:36 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{563AACBA-CDB7-49D9-99F0-8F774B0822E0}
2014-07-25 14:50 - 2014-07-25 14:50 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{CC439FB4-44CA-435A-8A74-6FDAC84EAC84}
2014-07-24 19:54 - 2014-07-24 19:54 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{D58E247C-E815-4924-8DCA-7350F216EF5D}
2014-07-21 22:14 - 2014-07-21 22:15 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{ABA84A9B-CB42-41C6-9B26-11E135FDEDE4}
2014-07-19 01:49 - 2014-07-19 01:49 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{4F3544FF-4384-4661-B6BF-4F3B166FA3B9}
2014-07-18 11:49 - 2014-07-18 11:49 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{4272CBDC-8267-46B3-BF17-0B31CB0FDE91}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 20:39 - 2014-08-17 20:38 - 00022867 _____ () C:\Users\Guten Tag\Downloads\FRST.txt
2014-08-17 20:39 - 2014-08-17 20:38 - 00000000 ____D () C:\FRST
2014-08-17 20:37 - 2014-08-17 20:37 - 01093632 _____ (Farbar) C:\Users\Guten Tag\Downloads\FRST.exe
2014-08-17 20:37 - 2012-11-27 13:17 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001UA.job
2014-08-17 20:32 - 2012-03-13 15:26 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\CrashDumps
2014-08-17 20:27 - 2014-08-17 17:00 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-08-17 20:05 - 2014-08-17 17:04 - 00000306 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-17 19:51 - 2014-08-17 16:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 19:45 - 2012-11-02 14:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 18:36 - 2011-04-14 15:47 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 18:36 - 2011-04-14 15:47 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 18:32 - 2011-08-28 19:26 - 01714517 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 18:26 - 2014-08-17 18:26 - 00186018 _____ () C:\Windows\setupact.log
2014-08-17 18:26 - 2014-08-17 18:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-17 18:26 - 2011-04-14 18:39 - 00243221 _____ () C:\ProgramData\nvModes.001
2014-08-17 18:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 18:24 - 2014-08-17 18:24 - 00000340 _____ () C:\Users\Guten Tag\Documents\cc_20140817_182409.reg
2014-08-17 18:09 - 2014-08-17 16:37 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-17 17:51 - 2014-08-17 17:51 - 04872677 _____ () C:\Users\Guten Tag\Downloads\mbam-chameleon-3.1.4.0.zip
2014-08-17 17:45 - 2011-04-14 17:11 - 00243221 _____ () C:\ProgramData\nvModes.dat
2014-08-17 17:33 - 2014-08-17 16:58 - 00000000 ____D () C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131
2014-08-17 17:28 - 2014-08-17 17:28 - 00000000 ____D () C:\ProgramData\2308189059
2014-08-17 17:13 - 2014-08-17 17:13 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\BrowserSafeguard
2014-08-17 17:13 - 2014-08-17 14:44 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-17 17:12 - 2011-04-14 16:57 - 00141448 _____ () C:\Users\Guten Tag\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-17 17:08 - 2009-07-14 06:33 - 00470688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 17:04 - 2014-08-17 17:04 - 00000000 ____D () C:\Users\Guten Tag\AppData\Roaming\WSE_Astromenda
2014-08-17 17:04 - 2014-08-17 17:04 - 00000000 ____D () C:\Users\Guten Tag\AppData\Roaming\Astromenda
2014-08-17 17:04 - 2014-08-17 17:04 - 00000000 ____D () C:\MININT
2014-08-17 17:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2014-08-17 17:03 - 2014-08-17 17:03 - 00717248 _____ ( ) C:\Users\Guten Tag\Downloads\IDM2-Win-EN.exe
2014-08-17 16:58 - 2014-08-17 16:57 - 00000000 ____D () C:\Program Files\005
2014-08-17 16:55 - 2014-08-17 16:55 - 00163784 _____ (Software Installer ) C:\Users\Guten Tag\Downloads\Setup (1).exe
2014-08-17 16:55 - 2014-08-17 16:55 - 00146432 _____ (Software Installer ) C:\Users\Guten Tag\AppData\Roaming\setup.exe
2014-08-17 16:51 - 2014-08-17 16:51 - 00163784 _____ (Software Installer ) C:\Users\Guten Tag\Downloads\Setup.exe
2014-08-17 16:37 - 2014-08-17 16:37 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-17 16:37 - 2014-08-17 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-17 16:37 - 2014-08-17 16:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-17 16:36 - 2014-08-17 16:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guten Tag\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-17 16:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-17 16:12 - 2014-08-17 14:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 16:11 - 2014-08-17 14:59 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-17 16:11 - 2013-03-17 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-17 16:11 - 2013-03-17 20:58 - 00000000 ____D () C:\Program Files\Avira
2014-08-17 15:49 - 2014-08-17 15:49 - 00012650 _____ () C:\Users\Guten Tag\Documents\cc_20140817_154952.reg
2014-08-17 15:28 - 2011-04-14 16:53 - 00000000 ___RD () C:\Users\Guten Tag\Virtual Machines
2014-08-17 15:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-17 15:20 - 2013-08-15 00:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 15:20 - 2008-12-09 08:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 15:10 - 2011-08-02 06:23 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 14:59 - 2013-03-17 20:58 - 00000000 ____D () C:\ProgramData\Avira
2014-08-17 14:44 - 2014-08-17 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-08-17 14:43 - 2014-08-17 14:43 - 01889616 _____ (SurfRight B.V.) C:\Users\Guten Tag\Downloads\hmpalert.exe
2014-08-17 14:10 - 2014-08-17 14:10 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{0EB524D0-D378-47AA-9226-7C5358406FC2}
2014-08-01 22:31 - 2014-08-01 22:31 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{1C9A7D93-CCBF-40C3-B144-D99E4869706E}
2014-08-01 20:40 - 2014-08-01 20:39 - 00000000 ____D () C:\Users\Guten Tag\Desktop\DCIM
2014-08-01 20:40 - 2011-04-14 16:51 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 01:16 - 2014-08-17 14:20 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 22:20 - 2014-07-31 22:20 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-07-31 00:37 - 2012-11-27 13:17 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001Core.job
2014-07-29 22:18 - 2014-07-29 22:18 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{7A9F036B-E098-4E61-A75D-233F681E5BFC}
2014-07-29 20:02 - 2013-05-23 20:20 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-27 21:36 - 2014-07-27 21:36 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{563AACBA-CDB7-49D9-99F0-8F774B0822E0}
2014-07-25 15:51 - 2014-08-17 14:19 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 15:04 - 2014-08-17 14:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 15:03 - 2014-08-17 14:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 14:50 - 2014-07-25 14:50 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{CC439FB4-44CA-435A-8A74-6FDAC84EAC84}
2014-07-25 14:47 - 2008-12-09 14:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 14:34 - 2014-08-17 14:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 14:34 - 2014-08-17 14:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 14:33 - 2014-08-17 14:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-17 14:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 14:21 - 2014-08-17 14:19 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 14:18 - 2014-08-17 14:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 14:17 - 2014-08-17 14:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 14:12 - 2014-08-17 14:19 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 14:10 - 2014-08-17 14:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 14:10 - 2014-08-17 14:20 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:08 - 2014-08-17 14:19 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:06 - 2014-08-17 14:19 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 13:59 - 2014-08-17 14:20 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 13:52 - 2014-08-17 14:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 13:43 - 2014-08-17 14:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 13:36 - 2014-08-17 14:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 13:34 - 2014-08-17 14:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 13:29 - 2014-08-17 14:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 13:13 - 2014-08-17 14:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:09 - 2014-08-17 14:20 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:07 - 2014-08-17 14:20 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:07 - 2014-08-17 14:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-17 14:19 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 12:09 - 2014-08-17 14:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:05 - 2014-08-17 14:19 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:00 - 2014-08-17 14:20 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 20:14 - 2010-06-03 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 19:54 - 2014-07-24 19:54 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{D58E247C-E815-4924-8DCA-7350F216EF5D}
2014-07-21 22:15 - 2014-07-21 22:14 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{ABA84A9B-CB42-41C6-9B26-11E135FDEDE4}
2014-07-19 01:49 - 2014-07-19 01:49 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{4F3544FF-4384-4661-B6BF-4F3B166FA3B9}
2014-07-18 11:49 - 2014-07-18 11:49 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{4272CBDC-8267-46B3-BF17-0B31CB0FDE91}

Some content of TEMP:
====================
C:\Users\Guten Tag\AppData\Local\Temp\avgnt.exe
C:\Users\Guten Tag\AppData\Local\Temp\nsp5D7D.tmp.exe
C:\Users\Guten Tag\AppData\Local\Temp\optprosetup.exe
C:\Users\Guten Tag\AppData\Local\Temp\rtinstaller.exe
C:\Users\Guten Tag\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Guten Tag\AppData\Local\Temp\System.Data.SQLite52983.dll
C:\Users\Guten Tag\AppData\Local\Temp\System.Data.SQLite57327.dll
C:\Users\Guten Tag\AppData\Local\Temp\System.Data.SQLite59804.dll
C:\Users\Guten Tag\AppData\Local\Temp\System.Data.SQLite70472.dll
C:\Users\Guten Tag\AppData\Local\Temp\System.Data.SQLite81896.dll
C:\Users\Guten Tag\AppData\Local\Temp\System.Data.SQLite90041.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-29 21:06

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-08-2014 03
Ran by Guten Tag at 2014-08-17 20:40:26
Running from C:\Users\Guten Tag\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
AntiBrowserSpy (HKLM\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 143 - Abelssoft)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Audials TV (HKLM\...\{1A0B8239-664B-434A-99D8-C50793513249}) (Version: 1.3.10800.0 - RapidSolution Software AG)
AudialsOne (HKLM\...\{80C7431E-CB45-40F4-AB4E-090E8AD4706D}) (Version: 4.0.33916.1600 - RapidSolution Software AG)
AVerMedia A850 USB DMB-TH 1.0.0.28 (HKLM\...\AVerMedia A850 USB DMB-TH) (Version: 1.0.0.28 - AVerMedia TECHNOLOGIES, Inc.)
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!Box-Kindersicherung (HKLM\...\{7497BB4F-CE23-47D4-B2CB-62548080F74F}) (Version: 4.2.3 - AVM Berlin)
Azurewave Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.00.0000 - RaLink)
Bewerbungsfoto-/Passbild-Generator v3.5b (HKLM\...\Passbild-Generator_is1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Benutzerregistrierung (HKLM\...\Canon iP7200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon iP7200 series On-screen Manual (HKLM\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CDex extraction audio (HKLM\...\CDex) (Version:  - )
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (HKLM\...\_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}) (Version:  - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
CyberLink MakeDisc (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.0.2601 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2019 - CyberLink Corp.)
CyberLink MediaShow (Version: 4.1.2019 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.5615 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2209a - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.2209a - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3228 - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.3228 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.1013 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.1013 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.0820 - CyberLink Corp.)
CyberLink YouCam (Version: 4.0.0820 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DE (Version: 3.0 - Corel Corporation) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.4.1.4 - DivX, LLC)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Facebook Video Calling 1.2.0.159 (HKLM\...\{7CAC6A44-C3DE-4153-ACA6-7524602C789E}) (Version: 1.2.159 - Skype Limited)
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Free MP4 Video Converter version 5.0.40.514 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.40.514 - DVDVideoSoft Ltd.)
Free Video to Android Converter version 5.0.40.514 (HKLM\...\Free Video to Android Converter_is1) (Version: 5.0.40.514 - DVDVideoSoft Ltd.)
Free YouTube to iPhone Converter version 2.12.35.514 (HKLM\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.35.514 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Genesys Logic PC Camera Device (HKLM\...\{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}) (Version: 0.1.0.0 - Genesys)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM\...\{528145C0-462A-11E1-B8B4-B8AC6F97B88E}) (Version: 6.2.0.5905 - Google)
Google Update Helper (Version: 1.3.23.0 - SaveSense) Hidden <==== ATTENTION
Hugin 2010.4.0 (HKLM\...\Hugin) (Version: 2010.4.0 hg_854952d82c8f - The Hugin Development Team)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iPhone-Konfigurationsprogramm (HKLM\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.250 - Sun Microsystems, Inc.)
Java(TM) 7 Update 4 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217004FF}) (Version: 7.0.40 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MAGIX 3D Maker (embeded) (HKLM\...\MAGIX 3D Maker D) (Version: 6.0.0.7 - MAGIX AG)
MAGIX Burn routines (HKLM\...\{7F2B12E7-2302-4A86-AE26-33DDD84E478A}) (Version: 9.0.0.193 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D) (HKLM\...\MAGIX Fotos auf CD & DVD 8 D) (Version: 8.0.1.11 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
ManyCam 2.6.43 (remove only) (HKLM\...\ManyCam) (Version: 2.6.43 - ManyCam LLC)
MediaCoder 0.7.5.4799 (HKLM\...\MediaCoder) (Version: 0.7.5.4799 - Broad Intelligence)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PC Inspector smart recovery (HKLM\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Pinnacle DistanTV Client (HKLM\...\{AF7970DA-48C1-4E52-86D5-1C18BFD5BAEF}) (Version: 1.00.0095 - Pinnacle Systems Inc.)
Pinnacle DistanTV Server (HKLM\...\{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}) (Version: 1.0.0.095 - Pinnacle Systems)
Pinnacle TVCenter Pro (HKLM\...\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}) (Version: 4.99.2088 - Pinnacle Systems)
PixiePack Codec Pack (HKLM\...\{9C450606-ED24-4958-92BA-B8940C99D441}) (Version: 1.1.400.0 - None)
Play Movie (HKLM\...\{A450831D-25F6-4F42-9662-D000B25E0D82}) (Version: 1.5.4621.0 - CyberLink Corp.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Popims Animator (HKLM\...\Popims Animator) (Version:  - )
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20109 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.91 (HKLM\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
SiSoftware Sandra Lite 2011.SP1x (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1) (Version: 17.47.2011.5 - SiSoftware)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.21.0 - Synaptics)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VDownloader  1.12 (HKLM\...\{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1) (Version:  - Enrique Puertas)
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.8.0 - Nikon)
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.9.3 - Shark007)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Guten Tag\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Guten Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Guten Tag\AppData\Local\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Guten Tag\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Guten Tag\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3458143755-1736724782-1955730750-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

==================== Restore Points  =========================

07-03-2014 18:12:34 Windows Update
10-03-2014 20:27:05 Installed iPhone Configuration Utility
10-03-2014 20:30:54 Installed iPhone Configuration Utility
10-03-2014 21:22:02 Removed iPhone-Konfigurationsprogramm
10-03-2014 21:24:23 Installed iPhone Configuration Utility
14-03-2014 11:58:15 Windows Update
19-03-2014 20:16:30 Windows Update
21-03-2014 19:54:09 Installed iPhone Configuration Utility
30-03-2014 14:53:28 Geplanter Prüfpunkt
09-04-2014 18:15:34 Windows Update
14-04-2014 23:16:01 Windows Update
24-04-2014 10:02:37 Geplanter Prüfpunkt
02-05-2014 15:05:58 Geplanter Prüfpunkt
02-05-2014 23:08:31 Windows Update
06-05-2014 11:19:05 Windows Update
14-05-2014 23:38:54 Windows Update
24-05-2014 16:14:12 Uniblue SpeedUpMyPC installation
27-05-2014 17:58:25 Uniblue SpeedUpMyPC installation
12-06-2014 06:34:29 Windows Update
14-06-2014 22:59:27 Installed Pinnacle DistanTV Client.
09-07-2014 16:07:48 Geplanter Prüfpunkt
12-07-2014 10:50:49 Windows Update
24-07-2014 18:13:08 Windows Update
17-08-2014 13:02:02 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2014-08-17 17:04 - 00000166 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com
127.0.0.1                        d3oxij66pru1i3.cloudfront.net


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {007DE4FB-A853-47F3-8569-D4B187811635} - System32\Tasks\{40E65F2A-A811-4B8F-9B00-B968781B3B62} => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2011-10-11] (SlySoft, Inc.)
Task: {15B76AA6-C12F-43EC-9E15-D6DE1993AEB0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001Core => C:\Users\Guten Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-05] (Facebook Inc.)
Task: {1897770F-8D32-471C-9E81-EF8C1A6F875C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-14] (Microsoft Corporation)
Task: {1BD00EAF-29C6-4F7D-A719-7A2272441C2A} - System32\Tasks\{7A5ADAFD-23EC-4A97-B29E-27AA4B69539E} => C:\Program Files\Convar\SmartRecovery\SMR.exe [2004-06-25] (Convar Deutschland GmbH)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {214797F5-6353-4876-955B-94DD7D135BFF} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Guten Tag => C:\Program Files\Windows Calendar\wincal.exe
Task: {2B83E1B5-0525-488D-B628-7D5C827EB5D7} - System32\Tasks\SaveSense => C:\Users\GUTENT~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4D2544C7-037C-4B97-B122-2E16CCC211D4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5376B65C-990F-495B-A59C-6FE558B86E66} - System32\Tasks\WSE_Astromenda => C:\Users\Guten Tag\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-08-17] ()
Task: {55AE809D-D2A0-4980-8806-9D1C25022FEE} - System32\Tasks\AnVir Task Manager => C:\Program Files\AnVir Task Manager\anvir.exe
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {6735EA50-51B8-43FD-A75F-7F2890565014} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {76C500ED-5A3B-44F1-BE6C-3CF5457C4333} - System32\Tasks\{1FCF7045-40B6-41D3-BD08-FA75EB398A0D} => C:\Program Files\SlySoft\AnyDVD\Fox Killer v7.exe
Task: {84CDF68A-370A-4180-9D2F-1CACF26A66E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {A71F203C-9DB8-464D-BBF8-02FEB5A6C728} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {ABA02F3D-5416-424A-B2AB-6004FC4D8731} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001UA => C:\Users\Guten Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {B5284017-4624-4A7B-9E7B-C2614433F780} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001UA => C:\Users\Guten Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-05] (Facebook Inc.)
Task: {BE2652D2-83AB-498E-92B5-E9DBC7BB8DB3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {C21EEB54-FDDA-4E2B-A541-AEEEF61C75DE} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {C899588C-28EC-4BAB-8011-A03BE5672C14} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {DD354F4E-0713-4935-92B9-BE98AE35419D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001Core => C:\Users\Guten Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {F0C3B1D5-C94B-4E14-B3E5-C6CF876220E0} - System32\Tasks\Microsoft_Hardware_Launch_LifeExp_exe => C:\Program Files\Microsoft LifeCam\LifeExp.exe
Task: {F74E268D-0382-4DD3-A41B-5802DC6AFA20} - System32\Tasks\{C10D1540-BB48-44BF-BA4C-DE67C0A3F0A6} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001Core.job => C:\Users\Guten Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001UA.job => C:\Users\Guten Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001Core.job => C:\Users\Guten Tag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001UA.job => C:\Users\Guten Tag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\GUTENT~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\GUTENT~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-07-31 22:20 - 2014-07-31 22:20 - 00150528 _____ () C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131\etmajyzoqm.exe
2014-07-31 22:20 - 2014-07-31 22:20 - 00102400 _____ () C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131\nfapi.dll
2014-07-31 22:20 - 2014-07-31 22:20 - 00323584 _____ () C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131\ProtocolFilters.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-17 16:58 - 2014-08-17 16:58 - 00543232 _____ () C:\Program Files\005\cyycfhtzro32.exe
2010-01-10 20:55 - 2009-12-12 16:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-08-17 15:34 - 2014-08-17 15:34 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\97d6b17ed342f72bdf559a51f37ca929\IsdiInterop.ni.dll
2011-04-14 01:38 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-17 14:59 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Guten Tag\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-24 17:56 - 2014-04-04 11:29 - 00371712 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-05-24 17:56 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2008-12-09 13:53 - 2008-07-18 03:48 - 00217088 _____ () C:\Windows\system32\glwdm.ax
2008-12-09 13:53 - 2008-07-09 08:50 - 00172032 _____ () C:\Windows\system32\glspef.ax
2014-08-17 14:42 - 2014-08-07 05:20 - 08537928 _____ () C:\Users\Guten Tag\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-17 14:42 - 2014-08-07 05:20 - 00353096 _____ () C:\Users\Guten Tag\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-17 14:42 - 2014-08-07 05:20 - 01732936 _____ () C:\Users\Guten Tag\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-17 14:42 - 2014-08-07 05:20 - 14669128 _____ () C:\Users\Guten Tag\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: a2free => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: ehstart => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: UPnPService => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPDBusEnum => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Biet-O-Matic.lnk => C:\Windows\pss\Biet-O-Matic.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^EZ VHS Converter Monitor.lnk => C:\Windows\pss\EZ VHS Converter Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Pinnacle Streaming Server.lnk => C:\Windows\pss\Pinnacle Streaming Server.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Guten Tag^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: AnyDVD => "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files\avmwlanstick\FRITZWLANMini.exe
MSCONFIG\startupreg: BDRegion => C:\Program Files\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart /min
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Guten Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex
MSCONFIG\startupreg: Google EULA Launcher => C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE
MSCONFIG\startupreg: Google Update => "C:\Users\Guten Tag\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_9D0FEFB8D72B2934A70513E8A145DF24 => "C:\Users\Guten Tag\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: ManyCam => "C:\Program Files\ManyCam 2.4\ManyCam.exe"
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: PMCLoader => C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Description: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8169
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2014 07:57:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1708
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (08/17/2014 07:26:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x118c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (08/17/2014 06:41:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x11e4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (08/17/2014 06:38:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xe88
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (08/17/2014 06:32:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/17/2014 06:32:21 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
  bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
  bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
  bei System.ComponentModel.Composition.Primitives.Export.get_Value()
  bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
  bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/17/2014 06:31:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
  bei System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.String)
  bei System.Linq.Enumerable.Any[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(System.Collections.Generic.List`1<System.String>)
  bei Avira.OE.BrowserExtensionConnector.SafeSearchProductInfo.IsInstalled(Avira.OE.WinCore.Browser)
  bei Avira.OE.WinCore.BrowserInfo.GetBrowsersData(System.Func`2<Avira.OE.WinCore.Browser,Boolean>)
  bei Avira.OE.BrowserExtensionConnector.AviraSafeSearchStatusConnector.GetBrowserInfo()
  bei Avira.OE.ServiceHost.ComputerAndServicesInfo.SetPayloadForSafeSearch(Avira.OE.WinCore.Interface.DevCheckUpdatePayload)
  bei Avira.OE.ServiceHost.ComputerAndServicesInfo.CreateMessagePayload()
  bei Avira.OE.ServiceHost.UpdateAvailabilityChecker.CheckForUpdate()
  bei Avira.OE.ServiceHost.UpdateAvailabilityChecker.OnRecurrentUpdateCheck(System.Object)
  bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.TimerQueueTimer.CallCallback()
  bei System.Threading.TimerQueueTimer.Fire()
  bei System.Threading.TimerQueue.FireNextTimers()
  bei System.Threading.TimerQueue.AppDomainTimerCallback()

Error: (08/17/2014 06:28:10 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.InvalidOperationException: Die Sequenz enthält keine Elemente.
  bei System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)
  bei System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
  bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)
  bei Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)
  bei Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (08/17/2014 06:28:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 06:22:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1664
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3


System errors:
=============
Error: (08/17/2014 06:32:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/17/2014 06:32:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/17/2014 06:32:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/17/2014 06:27:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd

Error: (08/17/2014 06:26:08 PM) (Source: sptd) (EventID: 4) (User: )
Description: Der Treiber hat einen internen Fehler in seinen Datenstrukturen für  festgestellt.

Error: (08/17/2014 06:08:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (08/17/2014 06:07:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/17/2014 06:07:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/17/2014 06:03:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd

Error: (08/17/2014 06:01:26 PM) (Source: sptd) (EventID: 4) (User: )
Description: Der Treiber hat einen internen Fehler in seinen Datenstrukturen für  festgestellt.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-17 17:08:50.558
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 17:02:22.178
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 16:47:29.551
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 16:36:44.285
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 16:06:01.730
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 16:01:37.635
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 15:54:53.060
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 15:48:01.150
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 15:41:31.880
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 15:39:17.525
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 44%
Total physical RAM: 3070.43 MB
Available physical RAM: 1694.06 MB
Total Pagefile: 6139.15 MB
Available Pagefile: 4442.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.73 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:278.56 GB) (Free:98.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.52 GB) (Free:2.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 68216821)
Partition 1: (Active) - (Size=278.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19.5 GB) - (Type=0C)

==================== End Of Log ============================

schrauber 18.08.2014 20:48
hi,


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Stefli 18.08.2014 23:16
Code:
ComboFix 14-08-17.01 - Guten Tag 18.08.2014  23:46:51.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3070.1931 [GMT 2:00]
ausgeführt von:: c:\users\Guten Tag\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\2308189059
c:\programdata\2308189059\BIT1F92.tmp
c:\programdata\Services
c:\users\Guten Tag\AppData\Local\BrowserSafeguard
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\makecert.exe
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\Resources\certutil.exe
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\Resources\libnspr4.dll
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\Resources\libplc4.dll
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\Resources\libplds4.dll
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\Resources\nss3.dll
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\Resources\smime3.dll
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\Resources\softokn3.dll
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\TrustedRoot.cer
c:\users\Guten Tag\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe
c:\users\Guten Tag\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\GUTENT~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-07-18 bis 2014-08-18  ))))))))))))))))))))))))))))))
.
.
2014-08-18 21:59 . 2014-08-18 22:04        --------        d-----w-        c:\users\Guten Tag\AppData\Local\temp
2014-08-17 18:38 . 2014-08-17 18:40        --------        d-----w-        C:\FRST
2014-08-17 15:04 . 2014-08-17 15:04        --------        d-----w-        c:\users\Guten Tag\AppData\Roaming\WSE_Astromenda
2014-08-17 15:04 . 2014-08-17 15:04        --------        d-----w-        c:\users\Guten Tag\AppData\Roaming\Astromenda
2014-08-17 15:04 . 2014-08-17 15:04        --------        d-----w-        c:\programdata\OEM Links
2014-08-17 15:04 . 2014-08-17 15:04        --------        d-----w-        C:\MININT
2014-08-17 15:00 . 2014-08-18 21:30        --------        d-----w-        c:\program files\AllDaySavings
2014-08-17 14:58 . 2014-08-17 15:33        --------        d-----w-        c:\program files\A7F8482B-1D99-4EC9-B887-8B130AB7E131
2014-08-17 14:57 . 2014-08-17 20:55        --------        d-----w-        c:\program files\005
2014-08-17 14:37 . 2014-08-18 21:09        110296        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-17 14:37 . 2014-08-17 16:09        75480        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-08-17 14:37 . 2014-08-17 14:37        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware
2014-08-17 14:37 . 2014-05-12 05:26        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-08-17 14:37 . 2014-05-12 05:25        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-08-17 13:07 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\system32\infocardapi.dll
2014-08-17 13:07 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-08-17 13:07 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\system32\icardagt.exe
2014-08-17 13:07 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2014-08-17 12:59 . 2014-08-17 14:12        --------        d-----w-        c:\programdata\Package Cache
2014-08-17 12:44 . 2014-08-17 12:44        --------        d-----w-        c:\programdata\HitmanPro.Alert
2014-08-17 12:44 . 2014-08-17 15:13        --------        d-----w-        c:\windows\CryptoGuard
2014-08-17 12:19 . 2014-07-25 12:34        455168        ----a-w-        c:\windows\system32\vbscript.dll
2014-07-31 20:20 . 2014-07-31 20:20        31744        ----a-w-        c:\windows\system32\drivers\netfilter.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-29 18:02 . 2013-05-23 18:20        35848        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-07-09 15:45 . 2012-11-02 12:43        699056        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-07-09 15:45 . 2011-05-18 16:41        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-07 18:23 . 2013-03-17 18:58        97648        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-06-18 01:51 . 2014-07-12 10:41        646144        ----a-w-        c:\windows\system32\osk.exe
2014-06-18 00:52 . 2014-07-12 10:41        2350080        ----a-w-        c:\windows\system32\win32k.sys
2014-06-15 18:30 . 2013-03-17 18:58        136216        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-06-06 09:44 . 2014-07-12 10:41        509440        ----a-w-        c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-12 10:41        1059840        ----a-w-        c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-12 10:41        172032        ----a-w-        c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-12 10:41        65536        ----a-w-        c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-12 10:41        247808        ----a-w-        c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-12 10:41        220160        ----a-w-        c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-12 10:41        259584        ----a-w-        c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-12 10:41        550912        ----a-w-        c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-12 10:41        17408        ----a-w-        c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-12 10:41        338944        ----a-w-        c:\windows\system32\drivers\afd.sys
2013-04-01 18:32 . 2013-04-01 15:32        10965504        ----a-w-        c:\program files\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-17 751184]
"iSkysoft Helper Compact.exe"="c:\program files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" [2014-04-04 2000896]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-24 190032]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid support@lastpass.com [2013-4-1 10965504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Biet-O-Matic.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk
backup=c:\windows\pss\Biet-O-Matic.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^EZ VHS Converter Monitor.lnk]
backup=c:\windows\pss\EZ VHS Converter Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\EZ VHS Converter Monitor.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Pinnacle Streaming Server.lnk]
backup=c:\windows\pss\Pinnacle Streaming Server.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Pinnacle Streaming Server.lnk
.
[HKLM\~\startupfolder\C:^Users^Guten Tag^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
path=c:\users\Guten Tag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06        958576        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-10-11 15:17        93816        ----a-w-        c:\program files\SlySoft\AnyDVD\AnyDVD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2007-02-02 15:26        283136        ----a-w-        c:\program files\avmwlanstick\FRITZWLANMini.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-08-28 17:36        75048        ----a-w-        c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2012-04-03 12:26        1273448        ----a-w-        c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]
2014-04-29 07:14        404080        ----a-w-        c:\program files\CyberGhost 5\CyberGhost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10        1230704        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 12:17        144384        ----a-w-        c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-10-05 21:17        137536        ----atw-        c:\users\Guten Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-10-14 09:57        20480        ----a-w-        c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-11-27 11:17        116648        ----atw-        c:\users\Guten Tag\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_9D0FEFB8D72B2934A70513E8A145DF24]
2014-08-07 03:20        860488        ----a-w-        c:\users\Guten Tag\AppData\Local\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57        152544        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-29 20:29        13560352        ----a-w-        c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-29 20:29        92704        ----a-w-        c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 22:54        50472        ----a-w-        c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
2008-06-23 13:24        644368        ----a-w-        c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-07-16 19:08        91432        ----a-w-        c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-11-25 12:41        6691360        ----a-w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 15:42        20584608        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-11-25 12:42        1833504        ----a-w-        c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-07-03 08:30        1328424        ----a-w-        c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-19 20:16        222504        ----a-w-        c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-01-04 10:02        222504        ----a-w-        c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2008-02-21 20:04        222504        ----a-w-        c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14        660480        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
2010-08-20 08:49        162912        ----a-w-        c:\program files\CyberLink\YouCam\YouCamTray.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-09 722416]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-07-24 141392]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-25 4352]
R3 avmident;AVM FRITZ!Box-Kindersicherung;c:\program files\FRITZ!Box-Kindersicherung\avmident.exe [2011-09-27 76288]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\RpcAgentSrv.exe [2009-08-10 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-01-25 37352]
S1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-07-31 31744]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [2008-10-21 61424]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/11/26 21:12];c:\program files\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 87536]
S2 AllDaySavingsService;AllDaySavingsService;c:\program files\A7F8482B-1D99-4EC9-B887-8B130AB7E131\etmajyzoqm.exe [2014-07-31 150528]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-08-17 430160]
S2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe [2014-04-29 64624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
S3 DCamUSBGene;Genesys Logic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2008-10-02 175360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-08-18 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
S3 netr28;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-02 15:45]
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001Core.job
- c:\users\Guten Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-05 21:17]
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001UA.job
- c:\users\Guten Tag\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-05 21:17]
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001Core.job
- c:\users\Guten Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-27 11:17]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001UA.job
- c:\users\Guten Tag\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-27 11:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://astromenda.com/?f=1&a=ast_ir_14_33_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAyD0FyDyD0D0DtC0DyByBtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBzzzzyDtB0A0D0FtGzz0FyCtCtGzz0F0C0BtGtBtCtByBtGtC0B0CtD0E0F0FyDyCyEyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyDzyyB0CtA0EzztGyDtDzz0EtGzy0FtByEtGtCtAzz0EtGtC0Fzz0A0BtCyD0FyDtDyE0D2Q&cr=1547121127&ir=
mStart Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-PMCRemote - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-ManyCam - c:\program files\ManyCam 2.4\ManyCam.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3458143755-1736724782-1955730750-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3458143755-1736724782-1955730750-1001)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3458143755-1736724782-1955730750-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-19  00:11:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-08-18 22:11
.
Vor Suchlauf: 13 Verzeichnis(se), 101.002.506.240 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 100.930.420.736 Bytes frei
.
- - End Of File - - 52CE8053933CAFD45E2A97133AF135DE
A36C5E4F47E84449FF07ED3517B43A31

schrauber 19.08.2014 20:37
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Stefli 19.08.2014 22:56
Code:
# AdwCleaner v3.307 - Bericht erstellt am 19/08/2014 um 23:51:38
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Guten Tag - STEFAN
# Gestartet von : C:\Users\Guten Tag\Downloads\adwcleaner_3.307.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files\AllDaySavings
Ordner Gelöscht : C:\Program Files\Free Video Converter
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Guten Tag\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Guten Tag\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Guten Tag\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Guten Tag\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Guten Tag\AppData\Roaming\Astromenda
Ordner Gelöscht : C:\Users\Guten Tag\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Guten Tag\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Guten Tag\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Guten Tag\AppData\Roaming\wse_astromenda
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Guten Tag\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\Guten Tag\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Datei Gelöscht : C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : SaveSense

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_passfoto-manager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_passfoto-manager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_unlocker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_unlocker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Free Video Converter
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\WSE_Astromenda
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\AllDaySavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Guten Tag\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [14290 octets] - [19/08/2014 23:47:50]
AdwCleaner[S0].txt - [13727 octets] - [19/08/2014 23:51:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13788 octets] ##########

Stefli 19.08.2014 23:32
Anhang 68950

Stefli 19.08.2014 23:41
Hallo Schrauber,

leider kann ich Anti Malware nicht starten was ja auch mein eigentliches Problem ist,deswegen keine mbam.txt.

Lg. Stefli

schrauber 20.08.2014 11:05
MBAM deinstallieren, MBAM Cleanup Tool verwenden, dann nochmal installieren.

Stefli 20.08.2014 13:14
Liste der Anhänge anzeigen (Anzahl: 1)
Anhang 68961

hab MBAM mit dem Cleanup Tool deinstalliert und wieder neu installiert läuft nicht.

Es kommt sofort die Meldung - Malwarebytes Anti-Malware funktioniert nicht mehr. Windows kann Online nach eine Lösung für das Problem suchen.

Gruß Stefli

schrauber 21.08.2014 10:52
MBAM hat aktuell echt Probleme. Hat nix mit Malware zu tun, auch wenn welche auf dem Rechner war.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Stefli 21.08.2014 20:42
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3e033d71526c6943bbfc810641da499f
# engine=19769
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-21 07:07:05
# local_time=2014-08-21 09:07:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 92068 153200203 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 35238203 160279216 0 0
# scanned=289611
# found=31
# cleaned=0
# scan_time=8596
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guten Tag\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=B17BD0D83C6EE3597FB4E9041C02353576468AB5 ft=1 fh=11b6ce1c8be87e30 vn="Variante von Win32/AdWare.Adpeak.J Anwendung" ac=I fn="C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131\etmajyzoqm.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=962E0C9CB769040CA7735B3BDBDC658CB07417A5 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\ProgramData\VistaCodecs\{A9DF2DCA-9A5C-49FD-8FEC-91DC0CD1072D}\Vista Codec Package.msi"
sh=2FCEBC9997734A0FB36AF2C072A72130DDC1548E ft=1 fh=4ed2a84156cdf251 vn="Variante von MSIL/Adware.iBryte.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guten Tag\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe.vir"
sh=34B9D1640D13BE7E0D8EE9E2C9024B52FEE6E3D7 ft=1 fh=3629e850807bd909 vn="MSIL/Adware.iBryte.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guten Tag\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe.vir"
sh=962E0C9CB769040CA7735B3BDBDC658CB07417A5 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\All Users\VistaCodecs\{A9DF2DCA-9A5C-49FD-8FEC-91DC0CD1072D}\Vista Codec Package.msi"
sh=DC66E70C3467E51896242A92CEE1519BE9875471 ft=1 fh=20635877afe521b2 vn="Variante von Win32/SoftPulse.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000"
sh=55EE2D68405452281EAC91AC8421D37F0FEA35C1 ft=1 fh=c58db5fec9d0e1c2 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\AppData\Roaming\DVDVideoSoft\FreeAudioDub.exe"
sh=55B8590291D8324ABF04592F97E250E362266391 ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Guten Tag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk"
sh=55B8590291D8324ABF04592F97E250E362266391 ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Guten Tag\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk"
sh=EDF0632BE8A0A79B3163F04A16D84483B05FA668 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\Documents\Downloads\FFSetup230.zip"
sh=78865AA930A3A09CB6DF97F3BE15798202489021 ft=1 fh=8a8ff7b66daf84fb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Guten Tag\Documents\Downloads\FreeDiscBurner.exe"
sh=66B0E174538DB8EC601FEB42F6911A610F7C4F92 ft=1 fh=8a8ff7b60cadc0c5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Guten Tag\Documents\Downloads\FreeDVDVideoBurner.exe"
sh=13FE084506C202B667BCADDF2A7D1575F21D5B64 ft=1 fh=8a8ff7b648299869 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Guten Tag\Documents\Downloads\FreeVideoDub.exe"
sh=E82F2BF3810C99F141BA68484E61BD8F14E31C60 ft=1 fh=ed1237bd8064af99 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\Documents\Downloads\ManyCam.exe"
sh=E82F2BF3810C99F141BA68484E61BD8F14E31C60 ft=1 fh=ed1237bd8064af99 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\Documents\Downloads\ManyCam2469.exe"
sh=464565D6096E41C0A9C2E08401227979975318DE ft=1 fh=c71c0011a7df4c29 vn="Variante von Win32/InstallCore.OO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Guten Tag\Downloads\COMPUTER_BILD-Download-Manager_fuer_rcsetup151.exe"
sh=D86D2FC37B1FED635CAF6F25254D7A575466ED1E ft=1 fh=7614c1446a9b863f vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Guten Tag\Downloads\FFSetup3.3.4.0.exe"
sh=5C7566544BEA843E6B4017D341ABB5AACCE20DBC ft=1 fh=a574b86a6ef4ba00 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\Downloads\FreeMP4VideoConverter (1).exe"
sh=5C7566544BEA843E6B4017D341ABB5AACCE20DBC ft=1 fh=a574b86a6ef4ba00 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\Downloads\FreeMP4VideoConverter.exe"
sh=926E1E7DF59C76963C4D6A3091F41F5D9BA48F3F ft=1 fh=a3601bd9b9daa4c2 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\Downloads\FreeVideoToAndroidConverter-5.0.40.514.exe"
sh=2D88A8D6B4E15A784135CD06A1126A9F55214006 ft=1 fh=68d8dd854a920fcc vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\Downloads\FreeYouTubeToiPhoneConverter (1).exe"
sh=2D88A8D6B4E15A784135CD06A1126A9F55214006 ft=1 fh=68d8dd854a920fcc vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\Downloads\FreeYouTubeToiPhoneConverter.exe"
sh=EC38A071476860D3DA681052AF62B3BE377FEC73 ft=1 fh=68c299741b777df3 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\Downloads\FreeYouTubeToMP3Converter.exe"
sh=85C2E758DADB8A93064CA5CEDF96BC69C021B84C ft=1 fh=1f9bbc275addc6d3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Guten Tag\Downloads\rcsetup151.exe"
sh=84A0795672494363EE0297E491B1E23F5D625E9C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\bed23.msi"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDYI21C1\ApnIC[1].0"
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 AntiBrowserSpy   
 CCleaner   
 JavaFX 2.1.0   
 Java(TM) 6 Update 25 
 Java(TM) 6 Update 22 
 Java(TM) 7 Update 4 
 Java version out of Date!
 Adobe Flash Player        14.0.0.145 
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.0.1 Adobe Reader out of Date! 
 Google Chrome 36.0.1985.125 
 Google Chrome 36.0.1985.143 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by Guten Tag (administrator) on STEFAN on 21-08-2014 21:38:27
Running from C:\Users\Guten Tag\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131\etmajyzoqm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: No Name -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Guten Tag\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Guten Tag\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Guten Tag\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2012-10-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-17]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-04-14]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-04-14]
FF HKLM\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin

Chrome:
=======
CHR HomePage: hxxp://google/
CHR StartupUrls: "https://www.google.de/"
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Docs) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-16]
CHR Extension: (Google Drive) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16]
CHR Extension: (YouTube) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-16]
CHR Extension: (Google-Suche) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-16]
CHR Extension: (Avira SafeSearch) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-17]
CHR Extension: (DivX HiQ) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2013-03-16]
CHR Extension: (Google Wallet) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-16]
CHR Extension: (Google Mail) - C:\Users\Guten Tag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-16]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllDaySavingsService; C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131\etmajyzoqm.exe [150528 2014-07-31] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S3 avmident; C:\Program Files\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin) [File not signed]
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-29] (CyberGhost S.R.L)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [244904 2008-08-20] () [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware) [File not signed]
S4 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121464 2011-08-19] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-01-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
R3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbgene.sys [175360 2008-10-02] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 Ltn_stk7070P; C:\Windows\System32\DRIVERS\Ltn_stk7070P.sys [466048 2007-06-14] (LITEON)
S3 Ltn_stkrc; C:\Windows\System32\DRIVERS\Ltn_stkrc.sys [13440 2007-06-13] (LITEON)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-20] (Malwarebytes Corporation)
R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2009-01-19] (Meetinghouse Data Communications) [File not signed]
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-07-31] (NetFilterSDK.com) [File not signed]
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1x\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2010-12-09] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-17] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-03-26] (AnchorFree Inc)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\HomeCinema\PlayMovie\000.fcl [61424 2008-10-21] (Cyberlink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files\CyberLink\PowerDVD8\000.fcl [87536 2009-08-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\GUTENT~1\AppData\Local\Temp\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 21:38 - 2014-08-21 21:38 - 00017760 _____ () C:\Users\Guten Tag\Desktop\FRST.txt
2014-08-21 21:38 - 2014-08-21 21:38 - 00000000 ____D () C:\Users\Guten Tag\Desktop\FRST-OlderVersion
2014-08-21 21:19 - 2014-08-21 21:19 - 00854417 _____ () C:\Users\Guten Tag\Downloads\SecurityCheck.exe
2014-08-21 21:19 - 2014-08-21 21:19 - 00854417 _____ () C:\Users\Guten Tag\Desktop\SecurityCheck.exe
2014-08-21 18:37 - 2014-08-21 18:37 - 00000000 ____D () C:\Program Files\ESET
2014-08-21 18:36 - 2014-08-21 18:36 - 02347384 _____ (ESET) C:\Users\Guten Tag\Downloads\esetsmartinstaller_deu.exe
2014-08-21 18:36 - 2014-08-21 18:36 - 02347384 _____ (ESET) C:\Users\Guten Tag\Desktop\esetsmartinstaller_deu.exe
2014-08-21 18:13 - 2014-08-21 18:14 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{AA1E0C69-C01A-4258-B363-516A786116C5}
2014-08-20 13:59 - 2014-08-20 13:59 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 13:59 - 2014-08-20 13:59 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-20 13:59 - 2014-08-20 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 13:59 - 2014-08-20 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-20 13:59 - 2014-08-20 13:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-20 13:59 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-20 13:59 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-20 13:59 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-20 13:57 - 2014-08-20 13:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guten Tag\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-08-20 13:31 - 2014-08-20 13:32 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{59E65CFA-4BB2-4464-9E1C-2506B4211999}
2014-08-20 00:32 - 2014-08-20 00:32 - 00029346 _____ () C:\Users\Guten Tag\Downloads\JRT (3).zip
2014-08-20 00:32 - 2014-08-20 00:32 - 00029346 _____ () C:\Users\Guten Tag\Downloads\JRT (2).zip
2014-08-20 00:28 - 2014-08-20 00:28 - 00029346 _____ () C:\Users\Guten Tag\Downloads\JRT (1).zip
2014-08-20 00:27 - 2014-08-20 00:27 - 00029346 _____ () C:\Users\Guten Tag\Downloads\JRT.zip
2014-08-20 00:23 - 2014-08-20 00:23 - 00029346 _____ () C:\Users\Guten Tag\Desktop\JRT.zip
2014-08-20 00:22 - 2014-08-20 00:22 - 01110476 _____ () C:\Users\Guten Tag\Downloads\7z920.exe
2014-08-20 00:22 - 2014-08-20 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-20 00:22 - 2014-08-20 00:22 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-20 00:02 - 2014-08-20 00:02 - 00136263 _____ () C:\Users\Guten Tag\Desktop\JRT.txt
2014-08-19 23:59 - 2014-08-19 23:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-19 23:58 - 2014-08-19 23:58 - 01016261 _____ (Thisisu) C:\Users\Guten Tag\Desktop\JRT.exe
2014-08-19 23:53 - 2014-08-20 21:17 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-08-19 23:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-19 23:47 - 2014-08-19 23:51 - 00000000 ____D () C:\AdwCleaner
2014-08-19 23:47 - 2014-08-19 23:47 - 01361671 _____ () C:\Users\Guten Tag\Downloads\adwcleaner_3.307.exe
2014-08-19 23:38 - 2014-08-19 23:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guten Tag\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-19 23:22 - 2014-08-19 23:22 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Guten Tag\Downloads\mbam-clean-2.1.1.1001.exe
2014-08-19 18:14 - 2014-08-21 21:33 - 02437224 _____ () C:\Windows\setupact.log
2014-08-19 18:14 - 2014-08-20 13:53 - 00031794 _____ () C:\Windows\PFRO.log
2014-08-19 18:14 - 2014-08-19 18:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-19 18:13 - 2014-08-19 18:13 - 00001570 _____ () C:\Users\Guten Tag\Documents\cc_20140819_181322.reg
2014-08-19 00:11 - 2014-08-19 00:11 - 00024047 _____ () C:\ComboFix.txt
2014-08-18 23:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-18 23:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-18 23:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-18 23:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-18 23:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-18 23:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-18 23:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-18 23:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-18 23:42 - 2014-08-19 00:11 - 00000000 ____D () C:\Qoobox
2014-08-18 23:42 - 2014-08-19 00:09 - 00000000 ____D () C:\Windows\erdnt
2014-08-18 10:57 - 2014-08-21 18:12 - 00000000 ____D () C:\Users\Guten Tag\Desktop\KRETA 2014
2014-08-17 20:40 - 2014-08-17 20:40 - 00059514 _____ () C:\Users\Guten Tag\Downloads\Addition.txt
2014-08-17 20:38 - 2014-08-21 21:38 - 00000000 ____D () C:\FRST
2014-08-17 20:38 - 2014-08-17 20:40 - 00045205 _____ () C:\Users\Guten Tag\Downloads\FRST.txt
2014-08-17 20:37 - 2014-08-21 21:38 - 01094144 _____ (Farbar) C:\Users\Guten Tag\Desktop\FRST.exe
2014-08-17 18:24 - 2014-08-17 18:24 - 00000340 _____ () C:\Users\Guten Tag\Documents\cc_20140817_182409.reg
2014-08-17 17:51 - 2014-08-17 17:51 - 04872677 _____ () C:\Users\Guten Tag\Downloads\mbam-chameleon-3.1.4.0.zip
2014-08-17 17:04 - 2014-08-17 17:04 - 00000000 ____D () C:\MININT
2014-08-17 16:58 - 2014-08-17 17:33 - 00000000 ____D () C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131
2014-08-17 16:57 - 2014-08-17 22:55 - 00000000 ____D () C:\Program Files\005
2014-08-17 16:36 - 2014-08-17 16:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guten Tag\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-17 15:49 - 2014-08-17 15:49 - 00012650 _____ () C:\Users\Guten Tag\Documents\cc_20140817_154952.reg
2014-08-17 15:07 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 15:07 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 15:07 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 15:07 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 14:59 - 2014-08-19 17:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 14:59 - 2014-08-19 17:48 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-17 14:44 - 2014-08-17 17:13 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-17 14:44 - 2014-08-17 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-08-17 14:43 - 2014-08-17 14:43 - 01889616 _____ (SurfRight B.V.) C:\Users\Guten Tag\Downloads\hmpalert.exe
2014-08-17 14:20 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 14:20 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 14:20 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 14:20 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 14:20 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 14:20 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 14:20 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 14:20 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 14:20 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 14:20 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 14:20 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 14:20 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 14:20 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 14:20 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 14:20 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 14:20 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 14:20 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 14:20 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 14:20 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 14:20 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-17 14:20 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-17 14:19 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 14:19 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 14:19 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 14:19 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 14:19 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 14:19 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 14:19 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 14:19 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 14:19 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 14:19 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 14:19 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 14:19 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 14:19 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 14:19 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 14:19 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 14:19 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 14:19 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 14:19 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 14:19 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-01 20:39 - 2014-08-01 20:40 - 00000000 ____D () C:\Users\Guten Tag\Desktop\DCIM
2014-07-31 22:20 - 2014-07-31 22:20 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 21:39 - 2014-08-21 21:38 - 00017760 _____ () C:\Users\Guten Tag\Desktop\FRST.txt
2014-08-21 21:38 - 2014-08-21 21:38 - 00000000 ____D () C:\Users\Guten Tag\Desktop\FRST-OlderVersion
2014-08-21 21:38 - 2014-08-17 20:38 - 00000000 ____D () C:\FRST
2014-08-21 21:38 - 2014-08-17 20:37 - 01094144 _____ (Farbar) C:\Users\Guten Tag\Desktop\FRST.exe
2014-08-21 21:37 - 2012-11-27 13:17 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001UA.job
2014-08-21 21:33 - 2014-08-19 18:14 - 02437224 _____ () C:\Windows\setupact.log
2014-08-21 21:33 - 2011-04-14 18:39 - 00272629 _____ () C:\ProgramData\nvModes.001
2014-08-21 21:33 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 21:32 - 2011-08-28 19:26 - 01928373 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 21:19 - 2014-08-21 21:19 - 00854417 _____ () C:\Users\Guten Tag\Downloads\SecurityCheck.exe
2014-08-21 21:19 - 2014-08-21 21:19 - 00854417 _____ () C:\Users\Guten Tag\Desktop\SecurityCheck.exe
2014-08-21 20:45 - 2012-11-02 14:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 18:37 - 2014-08-21 18:37 - 00000000 ____D () C:\Program Files\ESET
2014-08-21 18:36 - 2014-08-21 18:36 - 02347384 _____ (ESET) C:\Users\Guten Tag\Downloads\esetsmartinstaller_deu.exe
2014-08-21 18:36 - 2014-08-21 18:36 - 02347384 _____ (ESET) C:\Users\Guten Tag\Desktop\esetsmartinstaller_deu.exe
2014-08-21 18:36 - 2011-04-14 15:47 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 18:36 - 2011-04-14 15:47 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 18:14 - 2014-08-21 18:13 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{AA1E0C69-C01A-4258-B363-516A786116C5}
2014-08-21 18:12 - 2014-08-18 10:57 - 00000000 ____D () C:\Users\Guten Tag\Desktop\KRETA 2014
2014-08-21 18:10 - 2011-04-14 17:11 - 00272629 _____ () C:\ProgramData\nvModes.dat
2014-08-21 00:37 - 2012-11-27 13:17 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3458143755-1736724782-1955730750-1001Core.job
2014-08-20 21:17 - 2014-08-19 23:53 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-08-20 13:59 - 2014-08-20 13:59 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 13:59 - 2014-08-20 13:59 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-20 13:59 - 2014-08-20 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 13:59 - 2014-08-20 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-20 13:59 - 2014-08-20 13:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-20 13:59 - 2012-03-13 15:26 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\CrashDumps
2014-08-20 13:57 - 2014-08-20 13:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guten Tag\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-08-20 13:53 - 2014-08-19 18:14 - 00031794 _____ () C:\Windows\PFRO.log
2014-08-20 13:32 - 2014-08-20 13:31 - 00000000 ____D () C:\Users\Guten Tag\AppData\Local\{59E65CFA-4BB2-4464-9E1C-2506B4211999}
2014-08-20 00:32 - 2014-08-20 00:32 - 00029346 _____ () C:\Users\Guten Tag\Downloads\JRT (3).zip
2014-08-20 00:32 - 2014-08-20 00:32 - 00029346 _____ () C:\Users\Guten Tag\Downloads\JRT (2).zip
2014-08-20 00:28 - 2014-08-20 00:28 - 00029346 _____ () C:\Users\Guten Tag\Downloads\JRT (1).zip
2014-08-20 00:27 - 2014-08-20 00:27 - 00029346 _____ () C:\Users\Guten Tag\Downloads\JRT.zip
2014-08-20 00:23 - 2014-08-20 00:23 - 00029346 _____ () C:\Users\Guten Tag\Desktop\JRT.zip
2014-08-20 00:22 - 2014-08-20 00:22 - 01110476 _____ () C:\Users\Guten Tag\Downloads\7z920.exe
2014-08-20 00:22 - 2014-08-20 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-20 00:22 - 2014-08-20 00:22 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-20 00:02 - 2014-08-20 00:02 - 00136263 _____ () C:\Users\Guten Tag\Desktop\JRT.txt
2014-08-19 23:59 - 2014-08-19 23:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-19 23:58 - 2014-08-19 23:58 - 01016261 _____ (Thisisu) C:\Users\Guten Tag\Desktop\JRT.exe
2014-08-19 23:51 - 2014-08-19 23:47 - 00000000 ____D () C:\AdwCleaner
2014-08-19 23:51 - 2009-01-23 11:58 - 00000000 ____D () C:\ProgramData\ICQ
2014-08-19 23:47 - 2014-08-19 23:47 - 01361671 _____ () C:\Users\Guten Tag\Downloads\adwcleaner_3.307.exe
2014-08-19 23:39 - 2014-08-19 23:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guten Tag\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-19 23:22 - 2014-08-19 23:22 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Guten Tag\Downloads\mbam-clean-2.1.1.1001.exe
2014-08-19 18:34 - 2014-03-01 18:46 - 00027648 ___SH () C:\Users\Guten Tag\Thumbs.db
2014-08-19 18:14 - 2014-08-19 18:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-19 18:13 - 2014-08-19 18:13 - 00001570 _____ () C:\Users\Guten Tag\Documents\cc_20140819_181322.reg
2014-08-19 17:49 - 2014-08-17 14:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-19 17:48 - 2014-08-17 14:59 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-19 17:48 - 2013-03-17 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-19 17:48 - 2013-03-17 20:58 - 00000000 ____D () C:\Program Files\Avira
2014-08-19 00:11 - 2014-08-19 00:11 - 00024047 _____ () C:\ComboFix.txt
2014-08-19 00:11 - 2014-08-18 23:42 - 00000000 ____D () C:\Qoobox
2014-08-19 00:11 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-08-19 00:11 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-08-19 00:09 - 2014-08-18 23:42 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 00:04 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-08-18 19:17 - 2013-09-19 19:22 - 00000000 ____D () C:\Users\Guten Tag\AppData\Roaming\Nikon
2014-08-18 19:17 - 2013-09-19 19:20 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-08-18 15:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-17 22:55 - 2014-08-17 16:57 - 00000000 ____D () C:\Program Files\005
2014-08-17 20:40 - 2014-08-17 20:40 - 00059514 _____ () C:\Users\Guten Tag\Downloads\Addition.txt
2014-08-17 20:40 - 2014-08-17 20:38 - 00045205 _____ () C:\Users\Guten Tag\Downloads\FRST.txt
2014-08-17 18:24 - 2014-08-17 18:24 - 00000340 _____ () C:\Users\Guten Tag\Documents\cc_20140817_182409.reg
2014-08-17 17:51 - 2014-08-17 17:51 - 04872677 _____ () C:\Users\Guten Tag\Downloads\mbam-chameleon-3.1.4.0.zip
2014-08-17 17:33 - 2014-08-17 16:58 - 00000000 ____D () C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131
2014-08-17 17:13 - 2014-08-17 14:44 - 00000000 ____D () C:\Windows\CryptoGuard
2014-08-17 17:12 - 2011-04-14 16:57 - 00141448 _____ () C:\Users\Guten Tag\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-17 17:08 - 2009-07-14 06:33 - 00470688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 17:04 - 2014-08-17 17:04 - 00000000 ____D () C:\MININT
2014-08-17 17:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2014-08-17 16:36 - 2014-08-17 16:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guten Tag\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-17 16:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-17 15:49 - 2014-08-17 15:49 - 00012650 _____ () C:\Users\Guten Tag\Documents\cc_20140817_154952.reg
2014-08-17 15:28 - 2011-04-14 16:53 - 00000000 ___RD () C:\Users\Guten Tag\Virtual Machines
2014-08-17 15:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-17 15:20 - 2013-08-15 00:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 15:20 - 2008-12-09 08:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 15:10 - 2011-08-02 06:23 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 14:59 - 2013-03-17 20:58 - 00000000 ____D () C:\ProgramData\Avira
2014-08-17 14:44 - 2014-08-17 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-08-17 14:43 - 2014-08-17 14:43 - 01889616 _____ (SurfRight B.V.) C:\Users\Guten Tag\Downloads\hmpalert.exe
2014-08-01 20:40 - 2014-08-01 20:39 - 00000000 ____D () C:\Users\Guten Tag\Desktop\DCIM
2014-08-01 20:40 - 2011-04-14 16:51 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 01:16 - 2014-08-17 14:20 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 22:20 - 2014-07-31 22:20 - 00031744 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-07-29 20:02 - 2013-05-23 20:20 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-25 15:51 - 2014-08-17 14:19 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 15:04 - 2014-08-17 14:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 15:03 - 2014-08-17 14:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 14:47 - 2008-12-09 14:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 14:34 - 2014-08-17 14:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 14:34 - 2014-08-17 14:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 14:33 - 2014-08-17 14:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-17 14:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 14:21 - 2014-08-17 14:19 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 14:18 - 2014-08-17 14:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 14:17 - 2014-08-17 14:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 14:12 - 2014-08-17 14:19 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 14:10 - 2014-08-17 14:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 14:10 - 2014-08-17 14:20 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:08 - 2014-08-17 14:19 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:06 - 2014-08-17 14:19 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 13:59 - 2014-08-17 14:20 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 13:52 - 2014-08-17 14:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 13:43 - 2014-08-17 14:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 13:36 - 2014-08-17 14:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 13:34 - 2014-08-17 14:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 13:29 - 2014-08-17 14:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 13:13 - 2014-08-17 14:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:09 - 2014-08-17 14:20 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:07 - 2014-08-17 14:20 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:07 - 2014-08-17 14:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-17 14:19 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 12:09 - 2014-08-17 14:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:05 - 2014-08-17 14:19 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:00 - 2014-08-17 14:20 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 20:14 - 2010-06-03 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Guten Tag\AppData\Local\temp\avgnt.exe
C:\Users\Guten Tag\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 15:41

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 22.08.2014 19:17
Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files\A7F8482B-1D99-4EC9-B887-8B130AB7E131
C:\ProgramData\VistaCodecs

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Stefli 23.08.2014 11:16
Liste der Anhänge anzeigen (Anzahl: 1)
Adobe lässt sich nicht updaten, habe ich dann deinstalliert, kann ich jetzt aber nicht wieder installieren.
Folgende Fehlermeldung:


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:31 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131