Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   V9 Virus lässt sich nicht entfernen (https://www.trojaner-board.de/161679-v9-virus-laesst-entfernen.html)

Sceptiker 09.12.2014 20:27
V9 Virus lässt sich nicht entfernen
 
Hallo,
immer wenn ich meinen Browser öffne, kommen Seiten mit dem v9 kürzel davor. Habe schon versucht es zu löschen, aber leider ohne Erfolg. Könnte mir jemand helfen? :confused:

schrauber 09.12.2014 20:42
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Sceptiker 09.12.2014 20:46
Hallo, danke schonmal für die Hilfe.
Hier die Logs:

FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by User (administrator) on USER-PC on 09-12-2014 20:44:41
Running from D:\!W7k-USER\Downloads
Loaded Profile: User (Available profiles: User & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files (x86)\EnhanceTronic\updateEnhanceTronic.exe
() C:\Program Files (x86)\EnhanceTronic\bin\utilEnhanceTronic.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTHELPER.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(E-MU Systems) C:\Program Files (x86)\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPMixDSP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2013-06-17] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2013-06-17] (Intel Corporation)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE [23040 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [23552 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2013-06-17] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-08] (AVAST Software)
HKU\S-1-5-21-2788994672-624319275-1794458896-1000\...\MountPoints2: {8c7a386f-bb99-11e1-9309-806e6f6e6963} - D:\Run.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1394818517&from=adks&uid=OCZ-AGILITY3_OCZ-REB27TORX0Z9GA5C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394818517&from=adks&uid=OCZ-AGILITY3_OCZ-REB27TORX0Z9GA5C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394818517&from=adks&uid=OCZ-AGILITY3_OCZ-REB27TORX0Z9GA5C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394818517&from=adks&uid=OCZ-AGILITY3_OCZ-REB27TORX0Z9GA5C&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2788994672-624319275-1794458896-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2788994672-624319275-1794458896-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2788994672-624319275-1794458896-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1394818517&from=adks&uid=OCZ-AGILITY3_OCZ-REB27TORX0Z9GA5C
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394818517&from=adks&uid=OCZ-AGILITY3_OCZ-REB27TORX0Z9GA5C&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394818517&from=adks&uid=OCZ-AGILITY3_OCZ-REB27TORX0Z9GA5C&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394818517&from=adks&uid=OCZ-AGILITY3_OCZ-REB27TORX0Z9GA5C&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2788994672-624319275-1794458896-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2788994672-624319275-1794458896-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2788994672-624319275-1794458896-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2788994672-624319275-1794458896-1000 -> {4C1A4DA9-3DC4-4A50-827E-546B126FE663} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=0c38e0de-f508-4bc2-906f-c65f0422b064&apn_sauid=913DA966-3A8A-484D-B407-3E96BFA7C952
SearchScopes: HKU\S-1-5-21-2788994672-624319275-1794458896-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: EnhanceTronic 1.0.0.5 -> {f530d5e8-9d18-4cba-b7cc-95944f9ebe3d} -> C:\Program Files (x86)\EnhanceTronic\EnhanceTronicBHO.dll (EnhanceTronic)
Toolbar: HKU\S-1-5-21-2788994672-624319275-1794458896-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\searchplugins\dsrlte.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF Extension: Quick Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\Extensions\quick_start@gmail.com [2014-03-22]
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-04-04]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-08]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2013-06-17] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-08] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-17] (Creative Labs) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2013-06-17] (Intel Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2013-06-17] ()
R2 Update EnhanceTronic; C:\Program Files (x86)\EnhanceTronic\updateEnhanceTronic.exe [524024 2014-12-08] () <==== ATTENTION
R2 Util EnhanceTronic; C:\Program Files (x86)\EnhanceTronic\bin\utilEnhanceTronic.exe [524024 2014-12-08] () <==== ATTENTION
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2013-06-17] (VIA Technologies, Inc.)
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2013-06-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-08] ()
S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)
S3 RDID1101; C:\Windows\System32\Drivers\rdwm1101.sys [81792 2009-09-18] (Roland Corporation)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-04] (StdLib)
R1 {a414b9c8-afb5-4899-b1dc-d307d6e50473}w64; C:\Windows\System32\drivers\{a414b9c8-afb5-4899-b1dc-d307d6e50473}w64.sys [61632 2014-08-06] (StdLib)
R1 {a50ae93a-7410-40c5-bddb-9ec17e15f172}w64; C:\Windows\System32\drivers\{a50ae93a-7410-40c5-bddb-9ec17e15f172}w64.sys [48784 2014-12-07] (StdLib)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 20:44 - 2014-12-09 20:44 - 00000000 ____D () C:\FRST
2014-12-08 16:09 - 2014-12-08 16:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2014-12-08 16:08 - 2014-12-08 16:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-08 16:08 - 2014-12-08 16:08 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-08 16:08 - 2014-12-08 16:08 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-08 16:08 - 2014-12-08 16:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00001970 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-08 16:08 - 2014-12-08 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-08 16:08 - 2014-12-08 16:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-08 15:02 - 2014-12-08 15:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Enigma Software Group
2014-12-08 15:02 - 2014-12-08 15:02 - 00000000 _____ () C:\autoexec.bat
2014-12-08 14:55 - 2014-12-08 16:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-08 14:17 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-08 14:17 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-08 14:17 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-08 14:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-08 14:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-08 14:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-08 14:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-08 14:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-08 14:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-08 14:17 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-08 14:16 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-08 14:16 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-08 14:16 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-08 14:16 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-08 14:16 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-08 14:16 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-08 14:16 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-08 14:16 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-08 14:16 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-08 14:16 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-08 14:16 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-08 14:16 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-08 14:16 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-08 14:16 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-08 14:16 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-08 14:16 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-08 14:16 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-08 14:16 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-08 14:16 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-08 14:16 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-08 14:16 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-08 14:16 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-08 14:16 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-08 14:16 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-08 14:16 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-08 14:16 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-08 14:16 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-08 14:16 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-08 14:16 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-08 14:16 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-12-08 14:16 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-12-08 14:16 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-12-08 14:14 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-08 14:14 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-08 14:13 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-08 14:13 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-08 14:02 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-08 14:02 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-08 13:56 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-08 13:56 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-08 13:56 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-08 13:55 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-08 13:55 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-08 13:49 - 2014-12-08 13:49 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-12-08 13:38 - 2014-12-07 19:34 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{a50ae93a-7410-40c5-bddb-9ec17e15f172}w64.sys
2014-11-15 16:08 - 2014-11-26 16:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\REAPER
2014-11-15 16:07 - 2014-11-26 16:54 - 00000000 ____D () C:\Program Files\REAPER (x64)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 20:02 - 2013-06-17 12:40 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 20:02 - 2013-06-17 12:40 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 19:56 - 2013-06-17 12:42 - 01347752 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 19:53 - 2013-06-20 10:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 19:32 - 2013-06-17 12:42 - 00000000 ____D () C:\Windows\rescache
2014-12-09 19:13 - 2013-06-17 12:41 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 19:13 - 2013-06-17 12:41 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-12-09 19:13 - 2013-06-17 12:41 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-12-09 19:06 - 2013-06-17 14:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-09 19:06 - 2013-06-17 12:42 - 00048130 _____ () C:\Windows\setupact.log
2014-12-09 19:06 - 2013-06-17 12:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 19:05 - 2013-06-17 12:41 - 00373408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 19:05 - 2013-06-17 12:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-09 19:04 - 2014-07-11 20:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-09 18:58 - 2013-10-08 11:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-08 17:26 - 2014-03-14 18:36 - 00000000 ____D () C:\Program Files (x86)\EnhanceTronic
2014-12-08 17:26 - 2014-03-14 18:35 - 00000000 ____D () C:\ProgramData\IePluginService
2014-12-08 17:26 - 2014-03-14 18:35 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-12-08 17:26 - 2013-06-17 12:42 - 00000505 _____ () C:\Windows\win.ini
2014-12-08 17:25 - 2013-06-17 12:39 - 00265888 _____ () C:\Windows\PFRO.log
2014-12-08 14:56 - 2013-06-20 10:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-08 14:56 - 2013-06-17 12:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-08 14:56 - 2013-06-17 12:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-08 13:55 - 2013-06-17 12:38 - 00000000 ____D () C:\ProgramData\Avira
2014-12-08 13:48 - 2013-12-10 14:56 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-08 13:48 - 2013-06-17 12:39 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-08 13:38 - 2013-06-17 12:41 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-11-26 16:54 - 2014-04-04 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-26 16:54 - 2014-03-14 18:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\SupTab
2014-11-26 16:54 - 2013-06-17 12:42 - 00000000 ____D () C:\Windows\servicing
2014-11-26 16:54 - 2013-06-17 12:39 - 00000000 ____D () C:\Windows\registration
2014-11-26 16:54 - 2013-06-17 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-08 14:16

==================== End Of Log ============================
--- --- ---


Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014
Ran by User at 2014-12-09 20:45:01
Running from D:\!W7k-USER\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
A-500S-Treiber (HKLM\...\RolandRDID0101) (Version:  - Roland Corporation)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AmpliTube X-GEAR (HKLM-x32\...\{21E77392-C30A-4AA2-8CA7-5728316939D6}) (Version: 1.1.0 - IK Multimedia)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
awesomehp uninstaller (HKLM-x32\...\awesomehp uninstaller) (Version:  - awesomehp) <==== ATTENTION
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3099 - CDBurnerXP)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.25 - Creative Technology Limited)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1719 - CyberLink Corp.)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Digital Audio System (HKLM-x32\...\{6D420D94-7B4A-4213-B8D4-AEC3B45B5158}) (Version: 1.0 - )
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
EnhanceTronic (HKLM\...\EnhanceTronic) (Version: 2014.03.14.004052 - EnhanceTronic) <==== ATTENTION
Etron USB3.0 Host Controller (x32 Version: 0.109 - Etron Technology) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
LibreOffice 3.3 (HKLM-x32\...\{8CCA4800-152A-4C51-8569-5803FBD67CC9}) (Version: 3.3.6 - LibreOffice)
Live 6.0.10 (HKLM-x32\...\Live 6.0.10) (Version:  - )
MAGIX Music Maker MX Premium (HKLM-x32\...\MAGIX_MSI_mm18dlx) (Version: 18.0.0.42 - MAGIX AG)
MAGIX Music Maker MX Premium (x32 Version: 18.0.0.42 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\{FB2CB440-BE28-4BF2-BB7A-A98383324356}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{AF99669B-C6DC-43C4-8523-6758C01731BD}) (Version: 7.0.2.6 - MAGIX AG)
M-Audio FastTrack Driver 6.0.6 (x64) (HKLM\...\{91A8C38A-0239-11E0-9658-189EDFD72085}) (Version: 6.0.6 - M-Audio)
MelodyneEssential 1.8 (HKLM-x32\...\{9A17B0B6-AD89-4321-99E6-09D9ABFA254D}) (Version: 1.08.0005 - Celemony Software GmbH)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
pdfforge PDFArchitect 0.5.5.509 (HKLM\...\{00070886-D6C6-423C-B5A7-3298ABF20E11}) (Version: 0.5.5.509 - pdfforge GbR)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Scribus 1.4.2 (HKLM-x32\...\Scribus 1.4.2) (Version: 1.4.2 - The Scribus Team)
SONAR 6 LE (HKLM-x32\...\SONARLE_x64_is1) (Version: 15.0 - Cakewalk Music Software)
Steinberg Cubase 7 64bit (HKLM\...\{57FB2180-0FC7-41FC-8D76-3C4271CF4422}) (Version: 7.0.5 - Steinberg Media Technologies GmbH)
Steinberg Cubase LE 4 (HKLM-x32\...\{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}) (Version: 4.0.3.2233 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Eucon Adapter 6.5 64bit (HKLM\...\{95D90857-61C2-4927-85FF-A317E46E7351}) (Version: 6.5.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Allen Morgan Signature Drums (HKLM-x32\...\{611A7035-0172-4B9B-8BB6-5046F6867D8A}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Padshop 64bit (HKLM\...\{75F15019-C0C2-4047-AA45-97B4BD313719}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue 64bit (HKLM\...\{4D65ECE6-131D-4B5F-8470-2750D3161619}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WPM17.8.0.3442 (HKLM-x32\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-09-2014 16:50:57 Windows Update
24-09-2014 15:45:17 Windows Update
08-12-2014 12:42:33 Windows Modules Installer
08-12-2014 15:08:08 avast! antivirus system restore point
09-12-2014 17:56:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-06-17 12:41 - 2013-06-17 12:41 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {87314555-3174-4862-B7C9-94C6CC9F1816} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-08] (AVAST Software)
Task: {8DD40A61-97A6-4AD3-9D47-27F8CF1E7A7E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-14 01:40 - 2014-12-08 17:27 - 00524024 _____ () C:\Program Files (x86)\EnhanceTronic\updateEnhanceTronic.exe
2014-03-15 10:30 - 2014-12-08 17:26 - 00524024 _____ () C:\Program Files (x86)\EnhanceTronic\bin\utilEnhanceTronic.exe
2013-06-17 14:02 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-17 12:38 - 2013-06-17 12:38 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-06-17 12:38 - 2013-06-17 12:38 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-12-08 16:08 - 2014-12-08 16:08 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14102100\algo.dll
2014-12-09 20:01 - 2014-12-09 20:01 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120901\algo.dll
2014-12-08 16:08 - 2014-12-08 16:08 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-04 18:00 - 2014-04-04 18:00 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2788994672-624319275-1794458896-500 - Administrator - Disabled)
Gast (S-1-5-21-2788994672-624319275-1794458896-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2788994672-624319275-1794458896-1001 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-2788994672-624319275-1794458896-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2014 07:06:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 07:05:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 06:52:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 05:25:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 04:08:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary rlezgtpl.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/08/2014 04:07:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 02:55:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/08/2014 01:49:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 01:49:16 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (12/08/2014 01:37:43 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0


System errors:
=============
Error: (12/09/2014 07:06:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (12/09/2014 07:06:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3

Error: (12/09/2014 07:05:35 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 12291) (User: NT-AUTORITÄT)
Description: Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht starten.

Error: (12/09/2014 07:05:27 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (12/09/2014 07:05:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3

Error: (12/09/2014 06:52:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (12/09/2014 06:52:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Offlinedateien" wurde mit folgendem Fehler beendet:
%%3

Error: (12/08/2014 05:27:29 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-2788994672-624319275-1794458896-1000LocalHost (unter Verwendung von LRPC)

Error: (12/08/2014 05:26:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IePlugin Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/08/2014 05:26:30 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-2788994672-624319275-1794458896-1000LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (12/09/2014 07:06:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 07:05:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 06:52:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 05:25:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 04:08:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary rlezgtpl.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/08/2014 04:07:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 02:55:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\!W7k-USER\Downloads\SoftonicDownloader_fuer_scribus.exe

Error: (12/08/2014 01:49:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 01:49:16 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (12/08/2014 01:37:43 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 36%
Total physical RAM: 4057.96 MB
Available physical RAM: 2565.93 MB
Total Pagefile: 13272.14 MB
Available Pagefile: 11739.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:111.57 GB) (Free:50.77 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:931.39 GB) (Free:812.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4E2C04A2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58859E5C)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 10.12.2014 15:31
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    awesomehp uninstaller

    Buzzdock

    EnhanceTronic

    IePluginService12.27.0.3326

    WPM17.8.0.3442


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sceptiker 11.12.2014 17:16
Hallo,

Buzzdock und EnhanceTronic hat das Programm nicht gefunden. Bei WPM und IEPlugin gab es eine Fehlermeldung bei deinstallieren aber die Reste konnte ich dann löschen. Die Programme sind jetzt auch nicht mehr aufgeführt.

Hier noch die Log Datei vom ComboFix

Code:
ComboFix 14-12-10.03 - User 11.12.2014  16:24:10.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4058.1991 [GMT 1:00]
ausgeführt von:: d:\!w7k-user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmpA987.tmp
c:\windows\SysWow64\tmpAA91.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-11-11 bis 2014-12-11  ))))))))))))))))))))))))))))))
.
.
2014-12-11 15:04 . 2014-12-11 15:04        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{17432F5A-9802-4BAD-8000-781680AC30A6}\offreg.dll
2014-12-11 15:03 . 2014-12-11 15:03        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-12-09 19:44 . 2014-12-09 19:45        --------        d-----w-        C:\FRST
2014-12-08 15:09 . 2014-12-08 15:09        --------        d-----w-        c:\users\User\AppData\Roaming\AVAST Software
2014-12-08 15:08 . 2014-12-08 15:08        1050432        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-12-08 15:08 . 2014-12-08 15:08        83280        ----a-w-        c:\windows\system32\drivers\aswmonflt.sys
2014-12-08 15:08 . 2014-12-08 15:08        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-12-08 13:17 . 2014-09-19 09:42        342016        ----a-w-        c:\windows\system32\schannel.dll
2014-12-08 13:16 . 2014-10-14 02:13        683520        ----a-w-        c:\windows\system32\termsrv.dll
2014-12-08 13:14 . 2014-09-09 22:11        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-12-08 13:14 . 2014-09-09 21:47        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-12-08 13:13 . 2014-09-04 05:23        424448        ----a-w-        c:\windows\system32\rastls.dll
2014-12-08 13:13 . 2014-09-04 05:04        372736        ----a-w-        c:\windows\SysWow64\rastls.dll
2014-12-08 13:02 . 2014-10-25 01:57        77824        ----a-w-        c:\windows\system32\packager.dll
2014-12-08 13:02 . 2014-10-25 01:32        67584        ----a-w-        c:\windows\SysWow64\packager.dll
2014-12-08 12:56 . 2014-10-10 00:57        3198976        ----a-w-        c:\windows\system32\win32k.sys
2014-12-08 12:56 . 2014-10-14 02:13        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-12-08 12:56 . 2014-10-14 01:50        2363904        ----a-w-        c:\windows\SysWow64\msi.dll
2014-12-08 12:55 . 2014-10-18 02:05        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-12-08 12:55 . 2014-10-18 01:33        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2014-12-08 12:38 . 2014-12-07 18:34        48784        ----a-w-        c:\windows\system32\drivers\{a50ae93a-7410-40c5-bddb-9ec17e15f172}w64.sys
2014-11-15 15:08 . 2014-11-26 15:54        --------        d-----w-        c:\users\User\AppData\Roaming\REAPER
2014-11-15 15:07 . 2014-11-26 15:54        --------        d-----w-        c:\program files\REAPER (x64)
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-08 13:56 . 2013-06-17 11:40        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-08 13:56 . 2013-06-17 11:40        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-31 22:26 . 2013-06-17 11:41        103374192        ----a-w-        c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f530d5e8-9d18-4cba-b7cc-95944f9ebe3d}]
2014-12-05 04:15        250616        ----a-w-        c:\program files (x86)\EnhanceTronic\EnhanceTronicBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-06-17 5028464]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-06-17 291608]
"AsioThk32Reg"="CTASIO.DLL" [2013-06-17 51712]
"CTHelper"="CTHELPER.EXE" [2013-06-17 23040]
"CTxfiHlp"="CTXFIHLP.EXE" [2013-06-17 23552]
"UpdReg"="c:\windows\UpdReg.EXE" [2013-06-17 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-08 5223016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS;c:\windows\SYSNATIVE\drivers\CTEAPSFX.SYS [x]
R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS;c:\windows\SYSNATIVE\drivers\CTEAPSFX.SYS [x]
R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS;c:\windows\SYSNATIVE\drivers\CTEDSPFX.SYS [x]
R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS;c:\windows\SYSNATIVE\drivers\CTEDSPFX.SYS [x]
R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS;c:\windows\SYSNATIVE\drivers\CTEDSPIO.SYS [x]
R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS;c:\windows\SYSNATIVE\drivers\CTEDSPSY.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrack.sys [x]
R3 RDID1101;A-500S;c:\windows\system32\Drivers\rdwm1101.sys;c:\windows\SYSNATIVE\Drivers\rdwm1101.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys;c:\windows\SYSNATIVE\drivers\SynUSB64.sys [x]
R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys;c:\windows\SYSNATIVE\DRIVERS\synusb64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 {a414b9c8-afb5-4899-b1dc-d307d6e50473}w64;{a414b9c8-afb5-4899-b1dc-d307d6e50473}w64;c:\windows\system32\drivers\{a414b9c8-afb5-4899-b1dc-d307d6e50473}w64.sys;c:\windows\SYSNATIVE\drivers\{a414b9c8-afb5-4899-b1dc-d307d6e50473}w64.sys [x]
S1 {a50ae93a-7410-40c5-bddb-9ec17e15f172}w64;{a50ae93a-7410-40c5-bddb-9ec17e15f172}w64;c:\windows\system32\drivers\{a50ae93a-7410-40c5-bddb-9ec17e15f172}w64.sys;c:\windows\SYSNATIVE\drivers\{a50ae93a-7410-40c5-bddb-9ec17e15f172}w64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 wStLibG64;wStLibG64;c:\windows\system32\drivers\wStLibG64.sys;c:\windows\SYSNATIVE\drivers\wStLibG64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Update EnhanceTronic;Update EnhanceTronic;c:\program files (x86)\EnhanceTronic\updateEnhanceTronic.exe;c:\program files (x86)\EnhanceTronic\updateEnhanceTronic.exe [x]
S2 Util EnhanceTronic;Util EnhanceTronic;c:\program files (x86)\EnhanceTronic\bin\utilEnhanceTronic.exe;c:\program files (x86)\EnhanceTronic\bin\utilEnhanceTronic.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS;c:\windows\SYSNATIVE\drivers\CTEDSPIO.SYS [x]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS;c:\windows\SYSNATIVE\drivers\CTEDSPSY.SYS [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-20 13:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-08 15:08        860984        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL -
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-11  16:28:53
ComboFix-quarantined-files.txt  2014-12-11 15:28
.
Vor Suchlauf: 13 Verzeichnis(se), 56.018.513.920 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 55.655.940.096 Bytes frei
.
- - End Of File - - 2DD51EE7200EE1E45E5DBEE60A9C6369

schrauber 12.12.2014 10:20
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Sceptiker 13.12.2014 14:59
Hallo,

hier nun die Log Dateien:

Anti-Maleware

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 13.12.2014
Suchlauf-Zeit: 14:08:54
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.13.04
Rootkit Datenbank: v2014.12.08.03
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 379048
Verstrichene Zeit: 5 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 13
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\updateEnhanceTronic.exe, 4940, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOAS.exe, 3964, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOAS.exe, 6372, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOAS.exe, 6716, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOASHelper.exe, 2364, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOASPRT.exe, 4496, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOASPRT.exe, 6364, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOASPRT.exe, 6708, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BrowserAdapter.exe, 4844, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BrowserAdapter64.exe, 4860, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.expext.exe, 3004, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.PurBrowse64.exe, 4128, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\utilEnhanceTronic.exe, 4356, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d]

Module: 3
Adware.SwiftBrowse, C:\Program Files (x86)\EnhanceTronic\bin\{a50ae93a-7410-40c5-bddb-9ec17e15f172}.dll, Löschen bei Neustart, [550385dd502cc5712a7ab02cb84c0df3],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.expextdll.dll, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\{a50ae93a-7410-40c5-bddb-9ec17e15f172}.dll, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],

Registrierungsschlüssel: 37
Adware.SwiftBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [550385dd502cc5712a7ab02cb84c0df3],
Adware.SwiftBrowse, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [550385dd502cc5712a7ab02cb84c0df3],
Adware.SwiftBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [550385dd502cc5712a7ab02cb84c0df3],
Adware.SwiftBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [550385dd502cc5712a7ab02cb84c0df3],
Adware.SwiftBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [550385dd502cc5712a7ab02cb84c0df3],
Adware.SwiftBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [550385dd502cc5712a7ab02cb84c0df3],
Adware.SwiftBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [550385dd502cc5712a7ab02cb84c0df3],
Adware.SwiftBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [550385dd502cc5712a7ab02cb84c0df3],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [17415111a3d9310520c4699e40c302fe],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [17415111a3d9310520c4699e40c302fe],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{f530d5e8-9d18-4cba-b7cc-95944f9ebe3d}, In Quarantäne, [6cec0161b3c915215e96e9e954ae748c],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F530D5E8-9D18-4CBA-B7CC-95944F9EBE3D}, In Quarantäne, [6cec0161b3c915215e96e9e954ae748c],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\EnhanceTronic, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ac225167-00fc-452d-94c5-bb93600e7d9a}, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update EnhanceTronic, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util EnhanceTronic, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a414b9c8-afb5-4899-b1dc-d307d6e50473}w64, In Quarantäne, [69efd58ddf9dec4a3a2e784e996b8f71],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a50ae93a-7410-40c5-bddb-9ec17e15f172}w64, In Quarantäne, [d385f36fbdbf5dd9e97fa71f45bf4cb4],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [9dbb95cde19b0333aca5941e8183af51],
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware, In Quarantäne, [eb6d0e549ae28aacf0a693fa28dbd52b],
PUP.Optional.EnhanceTronic.A, HKLM\SOFTWARE\WOW6432NODE\EnhanceTronic, In Quarantäne, [abadbaa8fb81e05698495667a06437c9],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [3325a4be89f32b0b0d55ef729b68a15f],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a8b03b271f5d082e3d14496945bffb05],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [93c5d0928eeedc5a3f22e47d7b884cb4],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [dd7b3a28364669cd1df393c080836898],
PUP.Optional.WeatherItUp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Weather It Up, In Quarantäne, [8eca92d0324aa78f06881376778c35cb],
PUP.Optional.EnhanceTronic.A, HKU\S-1-5-21-2788994672-624319275-1794458896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\EnhanceTronic, In Quarantäne, [2830d68cd0acdc5aae347d407b8919e7],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2788994672-624319275-1794458896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [8bcdf270ee8e1a1c26d07cd3e3200cf4],
PUP.Optional.Qone8, HKU\S-1-5-21-2788994672-624319275-1794458896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [c98faeb4c8b41422ce82238f30d4a759],

Registrierungswerte: 3
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com, In Quarantäne, [1741baa8f785db5b2ae99ee747bc649c]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, adks, In Quarantäne, [93c5d0928eeedc5a3f22e47d7b884cb4]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-2788994672-624319275-1794458896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [b8a07fe3a2da38fe2e458ee137cc20e0]

Registrierungsdaten: 2
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.awesomehp.com/?type=hp&ts=1394818517&from=adks&uid=OCZ-AGILITY3_OCZ-REB27TORX0Z9GA5C, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1394818517&from=adks&uid=OCZ-AGILITY3_OCZ-REB27TORX0Z9GA5C),Ersetzt,[45132d358af2db5b641c600313f2d729]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[db7dfb67f3890b2b978f75f808fdad53]

Ordner: 43
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\TEMP, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [b5a35b07ceaece688b97829cc241d828],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [b5a35b07ceaece688b97829cc241d828],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\include, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\include\tools, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\en, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\en-US, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\es, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\es-419, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\fr, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\it, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\it-CH, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\pl, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\ru, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\tr, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\vi, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\defaults, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\defaults\preferences, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.PayByAds.A, C:\Users\User\AppData\Local\Pay-By-Ads, In Quarantäne, [5dfb81e1e894a29435d60e2541c27090],
PUP.Optional.PayByAds.A, C:\Users\User\AppData\Local\Pay-By-Ads\Yahoo! Search, In Quarantäne, [5dfb81e1e894a29435d60e2541c27090],
PUP.Optional.PayByAds.A, C:\Users\User\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4, In Quarantäne, [5dfb81e1e894a29435d60e2541c27090],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [24343d2590ec3bfb5c073dfc867d20e0],
PUP.Optional.SupTab.A, C:\Users\User\AppData\Roaming\SupTab, In Quarantäne, [aeaaeb772d4ff04653113801cd36f60a],

Dateien: 194
Adware.SwiftBrowse, C:\Program Files (x86)\EnhanceTronic\bin\{a50ae93a-7410-40c5-bddb-9ec17e15f172}.dll, Löschen bei Neustart, [550385dd502cc5712a7ab02cb84c0df3],
Adware.SwiftBrowse, C:\Program Files (x86)\EnhanceTronic\bin\{a50ae93a-7410-40c5-bddb-9ec17e15f172}64.dll, Löschen bei Neustart, [550385dd502cc5712a7ab02cb84c0df3],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\EnhanceTronicBHO.dll, In Quarantäne, [6cec0161b3c915215e96e9e954ae748c],
PUP.Optional.SupTab.A, C:\Users\User\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [c8906cf699e3ed49308179bc1fe14eb2],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [91c781e1542840f6aa0722133fc1dd23],
PUP.Optional.Awesomehp.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\awesomehp.xml, In Quarantäne, [4117c69ce696fc3ae68df89537cc0ef2],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\EnhanceTronic.ico, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\0, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\7za.exe, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\EnhanceTronicUn.exe, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\mgecpdghpgpnpbaipkgdmjmoihnhicjg.crx, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\updateEnhanceTronic.exe, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\updateEnhanceTronic.InstallState, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\7za.exe, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\a414b9c8afb54899b1dc.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\a414b9c8afb54899b1dc64.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\a50ae93a741040c5bddb.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\a50ae93a741040c5bddb64.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\BrowserAdapter.7z, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certutil.zip, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOAS.exe, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOAS.zip, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOASHelper.exe, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BOASPRT.exe, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BrowserAdapter.exe, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BrowserAdapter64.exe, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BrowserFilter.Helper.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BrowserFilter.Helper.dll.old.1dc75e23-2ddb-4b21-ba0a-d922b4811a72, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.BRT.zip, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.DspSvc.zip, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.expext.exe, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.expext.zip, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.expextdll.dll, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.PurBrowse.zip, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronic.PurBrowse64.exe, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronicBrowserFilter.exe, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\EnhanceTronicDsp.bmp, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\Interop.NetFwTypeLib.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\msvcr100.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\Pac.js, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\pac9064.js, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\sqlite3.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\tmp66BE.tmp, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\utilEnhanceTronic.exe, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\utilEnhanceTronic.InstallState, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\{a414b9c8-afb5-4899-b1dc-d307d6e50473}64.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\{a50ae93a-7410-40c5-bddb-9ec17e15f172}.dll, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\{a50ae93a-7410-40c5-bddb-9ec17e15f172}64.dll, Löschen bei Neustart, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\certutil.exe, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\freebl3.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\libnspr4.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\libplc4.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\libplds4.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\nss3.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\nssckbi.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\nssdbm3.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\nssutil3.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\smime3.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\softokn3.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\sqlite3.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\certUtil\ssl3.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.BOAS.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.Bromon.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.BroStats.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.BrowserAdapter.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.BrowserAdapterS.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.BrowserFilterG.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.BRT.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.CompatibilityChecker.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.ExpExt.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.FFUpdate.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.GCUpdate.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.IEUpdate.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.OfSvc.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.PurBrowse.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.PurBrowseG.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.EnhanceTronic.A, C:\Program Files (x86)\EnhanceTronic\bin\plugins\EnhanceTronic.Repmon.dll, In Quarantäne, [ed6ba5bdceaed36322be437aa361a35d],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a414b9c8-afb5-4899-b1dc-d307d6e50473}w64.sys, In Quarantäne, [69efd58ddf9dec4a3a2e784e996b8f71],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a50ae93a-7410-40c5-bddb-9ec17e15f172}w64.sys, In Quarantäne, [d385f36fbdbf5dd9e97fa71f45bf4cb4],
PUP.Optional.Dsrlte.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\searchplugins\dsrlte.xml, In Quarantäne, [b3a58cd6e19b2d0968ab7f4df410c739],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [b5a35b07ceaece688b97829cc241d828],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\PluginUpdate.exe, In Quarantäne, [b5a35b07ceaece688b97829cc241d828],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome.manifest, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\install.rdf, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\index.html, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\quick_start.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\js\common.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\js\ga.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\js\jquery.autocomplete.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\js\js.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\js\library.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\content\js\xagainit.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo_hover.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\icon.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\icon128.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\icon16.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\icon48.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\iconsmall.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\loading.gif, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\logo.ico, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\logo.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\logo32.ico, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\search.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\style.css, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\0.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\1.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\10.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\11.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\12.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\13.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\14.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\15.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\16.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\17.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\18.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\19.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\2.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\20.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\21.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\22.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\23.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\24.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\25.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\26.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\27.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\28.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\29.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\3.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\30.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\31.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\32.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\33.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\34.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\35.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\36.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\37.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\38.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\39.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\4.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\40.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\41.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\42.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\43.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\44.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\45.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\46.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\47.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\5.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\6.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\7.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\8.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\chrome\skin\weather\9.png, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules\addonmanager.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules\aes.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules\config.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules\dialogs.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules\last_tab.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules\misc.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules\properties.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules\remoterequest.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules\restoreprefs.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\extensions\quick_start@gmail.com\modules\settings.js, In Quarantäne, [afa998caee8e0f27e6bf40e1778ce61a],
PUP.Optional.PayByAds.A, C:\Users\User\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\ieds.xml, In Quarantäne, [5dfb81e1e894a29435d60e2541c27090],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[f95fdf838af23402482e9113ba4bbf41]
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "144c5fdb87f3487fd82ab0f2b28570d3");), Ersetzt,[5107560c1765f5413074465fba4b4fb1]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
ADW Cleaner:

Code:
# AdwCleaner v4.105 - Bericht erstellt am 13/12/2014 um 14:34:50
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-13.3 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : D:\!W7k-USER\Downloads\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : wStLibG64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdfforge
Ordner Gelöscht : D:\!TEMP\Benutzer\Temp\AskSearch
Ordner Gelöscht : C:\Program Files\pdfforge
Ordner Gelöscht : C:\Users\User\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Windows\System32\drivers\wStLibG64.sys
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\invalidprefs.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apnwidgets.ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C1A4DA9-3DC4-4A50-827E-546B126FE663}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\awesomehp.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.com

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v33.1.1 (x86 de)

[zbbb1z0s.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[zbbb1z0s.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[zbbb1z0s.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[zbbb1z0s.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "144c5fdb87f3487fd82ab0f2b28570d3");
[zbbb1z0s.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[zbbb1z0s.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [3712 octets] - [13/12/2014 14:33:44]
AdwCleaner[S0].txt - [3565 octets] - [13/12/2014 14:34:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3625 octets] ##########
Junkware:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by User on 13.12.2014 at 14:37:20,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util enhancetronic



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.12.2014 at 14:44:52,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by User (administrator) on USER-PC on 13-12-2014 14:49:52
Running from D:\!W7k-USER\Desktop
Loaded Profile: User (Available profiles: User & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTHELPER.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(E-MU Systems) C:\Program Files (x86)\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPMixDSP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2013-06-17] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2013-06-17] (Intel Corporation)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE [23040 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [23552 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2013-06-17] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2788994672-624319275-1794458896-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2788994672-624319275-1794458896-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2788994672-624319275-1794458896-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2788994672-624319275-1794458896-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-08]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2013-06-17] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-08] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-17] (Creative Labs) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2013-06-17] (Intel Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2013-06-17] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2013-06-17] (VIA Technologies, Inc.)
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2013-06-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-08] ()
S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)
S3 RDID1101; C:\Windows\System32\Drivers\rdwm1101.sys [81792 2009-09-18] (Roland Corporation)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 14:44 - 2014-12-13 14:44 - 00000891 _____ () C:\Users\User\Desktop\JRT.txt
2014-12-13 14:37 - 2014-12-13 14:37 - 00000000 ____D () C:\Windows\ERUNT
2014-12-13 14:33 - 2014-12-13 14:34 - 00000000 ____D () C:\AdwCleaner
2014-12-13 14:05 - 2014-12-13 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 14:05 - 2014-12-13 14:05 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-13 14:05 - 2014-12-13 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-13 14:05 - 2014-12-13 14:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-13 14:05 - 2014-12-13 14:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-13 14:05 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-13 14:05 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-13 14:05 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-11 17:56 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 17:56 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 17:56 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 17:56 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 17:56 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 17:56 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 17:56 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 17:56 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 17:56 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 17:56 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 17:53 - 2014-12-11 17:53 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-11 16:28 - 2014-12-11 16:28 - 00020022 _____ () C:\ComboFix.txt
2014-12-11 16:23 - 2014-12-11 16:28 - 00000000 ____D () C:\Qoobox
2014-12-11 16:23 - 2014-12-11 16:27 - 00000000 ____D () C:\Windows\erdnt
2014-12-11 16:23 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 16:23 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 16:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 16:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 16:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 16:23 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 16:23 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 16:23 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 16:17 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 16:17 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 16:17 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 16:17 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 16:17 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 16:17 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 16:17 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 16:17 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 16:17 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 16:17 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 16:17 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 16:17 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 16:17 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 16:17 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 16:17 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 16:17 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 16:17 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 16:03 - 2014-12-11 16:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-09 20:44 - 2014-12-13 14:49 - 00000000 ____D () C:\FRST
2014-12-08 16:09 - 2014-12-08 16:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2014-12-08 16:08 - 2014-12-08 16:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-08 16:08 - 2014-12-08 16:08 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-08 16:08 - 2014-12-08 16:08 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-08 16:08 - 2014-12-08 16:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00001970 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-08 16:08 - 2014-12-08 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-08 16:08 - 2014-12-08 16:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-08 15:02 - 2014-12-08 15:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Enigma Software Group
2014-12-08 15:02 - 2014-12-08 15:02 - 00000000 _____ () C:\autoexec.bat
2014-12-08 14:55 - 2014-12-08 16:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-08 14:17 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-08 14:17 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-08 14:17 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-08 14:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-08 14:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-08 14:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-08 14:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-08 14:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-08 14:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-08 14:17 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-08 14:16 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-08 14:16 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-08 14:16 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-08 14:16 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-08 14:16 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-08 14:16 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-08 14:16 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-08 14:16 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-08 14:16 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-08 14:16 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-08 14:16 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-08 14:16 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-08 14:16 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-08 14:16 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-08 14:16 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-08 14:16 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-08 14:16 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-08 14:16 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-08 14:16 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-08 14:16 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-08 14:16 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-08 14:16 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-08 14:16 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-08 14:16 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-08 14:16 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-08 14:16 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-08 14:16 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-08 14:16 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-08 14:16 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-08 14:16 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-12-08 14:16 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-12-08 14:16 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-12-08 14:13 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-08 14:13 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-08 14:02 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-08 14:02 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-08 13:56 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-08 13:56 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-08 13:56 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-08 13:55 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-08 13:55 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-08 13:49 - 2014-12-08 13:49 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-11-15 16:08 - 2014-11-26 16:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\REAPER
2014-11-15 16:07 - 2014-11-26 16:54 - 00000000 ____D () C:\Program Files\REAPER (x64)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 14:42 - 2013-06-17 12:41 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 14:42 - 2013-06-17 12:41 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-12-13 14:42 - 2013-06-17 12:41 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-12-13 14:42 - 2013-06-17 12:40 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-13 14:42 - 2013-06-17 12:40 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-13 14:38 - 2013-06-17 12:42 - 01736548 _____ () C:\Windows\WindowsUpdate.log
2014-12-13 14:35 - 2013-06-17 14:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-13 14:35 - 2013-06-17 12:42 - 00048354 _____ () C:\Windows\setupact.log
2014-12-13 14:35 - 2013-06-17 12:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-13 14:35 - 2013-06-17 12:39 - 00354000 _____ () C:\Windows\PFRO.log
2014-12-13 14:24 - 2013-06-17 12:42 - 00000505 _____ () C:\Windows\win.ini
2014-12-13 13:53 - 2013-06-20 10:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 13:44 - 2014-04-04 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-11 17:53 - 2013-06-20 10:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 17:53 - 2013-06-17 12:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 17:53 - 2013-06-17 12:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 16:27 - 2013-06-17 12:42 - 00000215 _____ () C:\Windows\system.ini
2014-12-11 16:21 - 2013-06-17 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 16:05 - 2013-06-17 12:38 - 00001427 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-11 16:05 - 2013-06-17 12:38 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-11 16:05 - 2013-06-17 12:38 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 19:32 - 2013-06-17 12:42 - 00000000 ____D () C:\Windows\rescache
2014-12-09 19:05 - 2013-06-17 12:41 - 00373408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 19:05 - 2013-06-17 12:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-09 19:04 - 2014-07-11 20:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-09 18:58 - 2013-10-08 11:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-08 13:55 - 2013-06-17 12:38 - 00000000 ____D () C:\ProgramData\Avira
2014-12-08 13:48 - 2013-12-10 14:56 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-08 13:48 - 2013-06-17 12:39 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-08 13:38 - 2013-06-17 12:41 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-11-26 16:54 - 2013-06-17 12:42 - 00000000 ____D () C:\Windows\servicing
2014-11-26 16:54 - 2013-06-17 12:39 - 00000000 ____D () C:\Windows\registration

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-08 14:16

==================== End Of Log ============================
--- --- ---


Und der Additional Text:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014
Ran by User at 2014-12-13 14:50:30
Running from D:\!W7k-USER\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
A-500S-Treiber (HKLM\...\RolandRDID0101) (Version:  - Roland Corporation)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AmpliTube X-GEAR (HKLM-x32\...\{21E77392-C30A-4AA2-8CA7-5728316939D6}) (Version: 1.1.0 - IK Multimedia)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3099 - CDBurnerXP)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.25 - Creative Technology Limited)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1719 - CyberLink Corp.)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Digital Audio System (HKLM-x32\...\{6D420D94-7B4A-4213-B8D4-AEC3B45B5158}) (Version: 1.0 - )
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Etron USB3.0 Host Controller (x32 Version: 0.109 - Etron Technology) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
LibreOffice 3.3 (HKLM-x32\...\{8CCA4800-152A-4C51-8569-5803FBD67CC9}) (Version: 3.3.6 - LibreOffice)
Live 6.0.10 (HKLM-x32\...\Live 6.0.10) (Version:  - )
MAGIX Music Maker MX Premium (HKLM-x32\...\MAGIX_MSI_mm18dlx) (Version: 18.0.0.42 - MAGIX AG)
MAGIX Music Maker MX Premium (x32 Version: 18.0.0.42 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\{FB2CB440-BE28-4BF2-BB7A-A98383324356}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{AF99669B-C6DC-43C4-8523-6758C01731BD}) (Version: 7.0.2.6 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
M-Audio FastTrack Driver 6.0.6 (x64) (HKLM\...\{91A8C38A-0239-11E0-9658-189EDFD72085}) (Version: 6.0.6 - M-Audio)
MelodyneEssential 1.8 (HKLM-x32\...\{9A17B0B6-AD89-4321-99E6-09D9ABFA254D}) (Version: 1.08.0005 - Celemony Software GmbH)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
pdfforge PDFArchitect 0.5.5.509 (HKLM\...\{00070886-D6C6-423C-B5A7-3298ABF20E11}) (Version: 0.5.5.509 - pdfforge GbR)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scribus 1.4.2 (HKLM-x32\...\Scribus 1.4.2) (Version: 1.4.2 - The Scribus Team)
SONAR 6 LE (HKLM-x32\...\SONARLE_x64_is1) (Version: 15.0 - Cakewalk Music Software)
Steinberg Cubase 7 64bit (HKLM\...\{57FB2180-0FC7-41FC-8D76-3C4271CF4422}) (Version: 7.0.5 - Steinberg Media Technologies GmbH)
Steinberg Cubase LE 4 (HKLM-x32\...\{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}) (Version: 4.0.3.2233 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Eucon Adapter 6.5 64bit (HKLM\...\{95D90857-61C2-4927-85FF-A317E46E7351}) (Version: 6.5.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Allen Morgan Signature Drums (HKLM-x32\...\{611A7035-0172-4B9B-8BB6-5046F6867D8A}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Padshop 64bit (HKLM\...\{75F15019-C0C2-4047-AA45-97B4BD313719}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue 64bit (HKLM\...\{4D65ECE6-131D-4B5F-8470-2750D3161619}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

08-12-2014 12:42:33 Windows Modules Installer
08-12-2014 15:08:08 avast! antivirus system restore point
09-12-2014 17:56:07 Windows Update
11-12-2014 15:04:56 Revo Uninstaller's restore point - awesomehp uninstaller
11-12-2014 15:06:15 Revo Uninstaller's restore point - IePluginService12.27.0.3326
11-12-2014 15:09:50 Revo Uninstaller's restore point - WPM17.8.0.3442
11-12-2014 16:55:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-06-17 12:41 - 2014-12-11 16:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {87314555-3174-4862-B7C9-94C6CC9F1816} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-08] (AVAST Software)
Task: {8DD40A61-97A6-4AD3-9D47-27F8CF1E7A7E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-06-17 14:02 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-17 12:38 - 2013-06-17 12:38 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-06-17 12:38 - 2013-06-17 12:38 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-12-13 13:45 - 2014-12-13 13:45 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121300\algo.dll
2014-12-08 16:08 - 2014-12-08 16:08 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-04 18:00 - 2014-11-14 03:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-11 17:53 - 2014-12-11 17:53 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2788994672-624319275-1794458896-500 - Administrator - Disabled)
Gast (S-1-5-21-2788994672-624319275-1794458896-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2788994672-624319275-1794458896-1001 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-2788994672-624319275-1794458896-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-11 16:27:00.090
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-11 16:27:00.012
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 40%
Total physical RAM: 4057.96 MB
Available physical RAM: 2421.85 MB
Total Pagefile: 13272.14 MB
Available Pagefile: 11253.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:111.57 GB) (Free:51.14 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:931.39 GB) (Free:812.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4E2C04A2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58859E5C)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 14.12.2014 11:27

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Sceptiker 18.12.2014 12:12
Hallo,

soory, etwas spät aber hier die Logs:

ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=73428aa69cb8b244b0e398e7d95bba79
# engine=21608
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-18 09:32:40
# local_time=2014-12-18 10:32:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 847331 847492 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 419319 49261314 0 0
# scanned=384032
# found=3
# cleaned=3
# scan_time=2367
sh=0FD63E526BE78FC20D6AD90368D940F16712E6A2 ft=1 fh=8608bc1d23f2fe98 vn="Variante von Win64/BrowseFox.BK evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\wStLibG64.sys.vir"
sh=B9399D46B072C6FA1B67234108676FDD890E53A3 ft=1 fh=b2ada0fe3ac4f57d vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\!W7k-USER\Downloads\SoftonicDownloader_fuer_scribus.exe"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Sicherung\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
Security:

Code:
Results of screen317's Security Check version 0.99.91 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 45 
 Java 7 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player 15.0.0.246 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox (33.1.1)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by User (administrator) on USER-PC on 18-12-2014 11:45:57
Running from D:\!W7k-USER\Desktop
Loaded Profile: User (Available profiles: User & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTHELPER.EXE
(E-MU Systems) C:\Program Files (x86)\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPMixDSP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2013-06-17] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2013-06-17] (Intel Corporation)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE [23040 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [23552 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2013-06-17] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2788994672-624319275-1794458896-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2788994672-624319275-1794458896-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2788994672-624319275-1794458896-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2788994672-624319275-1794458896-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2788994672-624319275-1794458896-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zbbb1z0s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-08]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2013-06-17] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-08] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-17] (Creative Labs) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2013-06-17] (Intel Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2013-06-17] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2013-06-17] (VIA Technologies, Inc.)
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2013-06-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-08] ()
S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)
S3 RDID1101; C:\Windows\System32\Drivers\rdwm1101.sys [81792 2009-09-18] (Roland Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2013-06-17] (Brother Industries Ltd.)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 09:32 - 2014-12-18 09:32 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-13 14:55 - 2014-11-20 18:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-13 14:55 - 2014-11-20 18:40 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 14:55 - 2014-11-20 18:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 14:55 - 2014-11-20 18:39 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-13 14:55 - 2014-11-20 18:38 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-13 14:55 - 2014-11-20 18:38 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-13 14:55 - 2014-11-20 18:37 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 14:55 - 2014-11-20 15:08 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-13 14:55 - 2014-11-20 15:07 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-13 14:55 - 2014-11-20 15:07 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-13 14:55 - 2014-11-20 15:07 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-13 14:55 - 2014-11-20 15:07 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-13 14:55 - 2014-11-20 15:07 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-13 14:55 - 2014-11-20 15:07 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-13 14:55 - 2014-11-20 15:06 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-13 14:55 - 2014-11-20 15:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-13 14:55 - 2014-11-20 15:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-13 14:55 - 2014-11-20 14:01 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 14:55 - 2014-11-20 13:36 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-13 14:55 - 2014-11-20 13:28 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-13 14:54 - 2014-11-20 18:40 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 14:54 - 2014-11-20 18:40 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 14:54 - 2014-11-20 18:39 - 19285504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 14:54 - 2014-11-20 18:39 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 14:54 - 2014-11-20 18:38 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 14:54 - 2014-11-20 18:38 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 14:54 - 2014-11-20 18:38 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 14:54 - 2014-11-20 18:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-13 14:54 - 2014-11-20 18:38 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 14:54 - 2014-11-20 18:38 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 14:54 - 2014-11-20 18:38 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 14:54 - 2014-11-20 18:38 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-13 14:54 - 2014-11-20 18:38 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-13 14:54 - 2014-11-20 18:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 14:54 - 2014-11-20 15:09 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-13 14:54 - 2014-11-20 15:08 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-13 14:54 - 2014-11-20 15:07 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-13 14:54 - 2014-11-20 15:07 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-13 14:54 - 2014-11-20 15:07 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-13 14:54 - 2014-11-20 15:07 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-13 14:54 - 2014-11-20 15:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-13 14:54 - 2014-11-20 15:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-13 14:54 - 2014-11-20 15:07 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-13 14:54 - 2014-11-20 15:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-13 14:54 - 2014-11-20 13:56 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-13 14:54 - 2014-11-20 13:12 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-13 14:54 - 2014-11-20 13:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-13 14:44 - 2014-12-13 14:44 - 00000891 _____ () C:\Users\User\Desktop\JRT.txt
2014-12-13 14:37 - 2014-12-13 14:37 - 00000000 ____D () C:\Windows\ERUNT
2014-12-13 14:33 - 2014-12-13 14:34 - 00000000 ____D () C:\AdwCleaner
2014-12-13 14:05 - 2014-12-13 14:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 14:05 - 2014-12-13 14:05 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-13 14:05 - 2014-12-13 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-13 14:05 - 2014-12-13 14:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-13 14:05 - 2014-12-13 14:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-13 14:05 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-13 14:05 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-13 14:05 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-13 13:56 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-13 13:56 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-13 13:56 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-13 13:56 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-13 13:56 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-13 13:56 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-13 13:56 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-13 13:56 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 17:56 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 17:56 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 17:56 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 17:56 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 17:56 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 17:56 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 17:56 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 17:56 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 17:56 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 17:56 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 17:53 - 2014-12-11 17:53 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-11 16:28 - 2014-12-11 16:28 - 00020022 _____ () C:\ComboFix.txt
2014-12-11 16:23 - 2014-12-11 16:28 - 00000000 ____D () C:\Qoobox
2014-12-11 16:23 - 2014-12-11 16:27 - 00000000 ____D () C:\Windows\erdnt
2014-12-11 16:23 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-11 16:23 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-11 16:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-11 16:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-11 16:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-11 16:23 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-11 16:23 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-11 16:23 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-11 16:17 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 16:17 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 16:17 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 16:17 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 16:17 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 16:17 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 16:17 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 16:17 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 16:17 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 16:17 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 16:17 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 16:17 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 16:17 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 16:17 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 16:17 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 16:17 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 16:17 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 16:03 - 2014-12-11 16:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-09 20:44 - 2014-12-18 11:45 - 00000000 ____D () C:\FRST
2014-12-08 16:09 - 2014-12-08 16:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2014-12-08 16:08 - 2014-12-18 09:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-08 16:08 - 2014-12-08 16:08 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-08 16:08 - 2014-12-08 16:08 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-08 16:08 - 2014-12-08 16:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-08 16:08 - 2014-12-08 16:08 - 00001970 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-08 16:08 - 2014-12-08 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-08 16:08 - 2014-12-08 16:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-08 15:02 - 2014-12-08 15:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Enigma Software Group
2014-12-08 15:02 - 2014-12-08 15:02 - 00000000 _____ () C:\autoexec.bat
2014-12-08 14:55 - 2014-12-08 16:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-08 14:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-08 14:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-08 14:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-08 14:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-08 14:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-08 14:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-08 14:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-08 14:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-08 14:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-08 14:17 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-08 14:17 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-08 14:16 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-08 14:16 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-08 14:16 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-08 14:16 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-08 14:16 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-08 14:16 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-08 14:16 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-08 14:16 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-08 14:16 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-08 14:16 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-08 14:16 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-08 14:16 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-08 14:16 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-08 14:16 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-08 14:16 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-08 14:16 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-08 14:16 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-08 14:16 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-08 14:16 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-08 14:16 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-12-08 14:16 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-08 14:16 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-08 14:16 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-08 14:16 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-08 14:16 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-08 14:16 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-08 14:16 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-08 14:16 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-08 14:16 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-08 14:16 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-08 14:16 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-08 14:16 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-12-08 14:16 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-12-08 14:16 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-12-08 14:16 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-12-08 14:16 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-12-08 14:13 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-08 14:13 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-08 14:02 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-08 14:02 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-08 13:56 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-08 13:56 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-08 13:56 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-08 13:55 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-08 13:55 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-08 13:49 - 2014-12-08 13:49 - 00000512 __RSH () C:\ProgramData\ntuser.pol

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 11:19 - 2013-06-17 12:40 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 11:19 - 2013-06-17 12:40 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 11:07 - 2013-06-17 12:42 - 00000000 ____D () C:\Windows\rescache
2014-12-18 10:53 - 2013-06-20 10:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-18 10:09 - 2014-04-04 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-18 09:45 - 2013-06-17 12:42 - 01823803 _____ () C:\Windows\WindowsUpdate.log
2014-12-18 09:39 - 2013-06-17 12:41 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 09:39 - 2013-06-17 12:41 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-12-18 09:39 - 2013-06-17 12:41 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-12-18 09:32 - 2014-07-11 20:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-18 09:32 - 2013-06-17 14:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-18 09:32 - 2013-06-17 12:42 - 00048410 _____ () C:\Windows\setupact.log
2014-12-18 09:32 - 2013-06-17 12:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 09:32 - 2013-06-17 12:38 - 00000000 ____D () C:\Windows\AppCompat
2014-12-13 15:01 - 2013-10-08 11:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-13 15:01 - 2013-06-17 12:41 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 14:35 - 2013-06-17 12:39 - 00354000 _____ () C:\Windows\PFRO.log
2014-12-13 14:24 - 2013-06-17 12:42 - 00000505 _____ () C:\Windows\win.ini
2014-12-11 17:53 - 2013-06-20 10:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 17:53 - 2013-06-17 12:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 17:53 - 2013-06-17 12:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 16:27 - 2013-06-17 12:42 - 00000215 _____ () C:\Windows\system.ini
2014-12-11 16:21 - 2013-06-17 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 16:05 - 2013-06-17 12:38 - 00001427 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-11 16:05 - 2013-06-17 12:38 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-11 16:05 - 2013-06-17 12:38 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 19:05 - 2013-06-17 12:41 - 00373408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 19:05 - 2013-06-17 12:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-08 13:55 - 2013-06-17 12:38 - 00000000 ____D () C:\ProgramData\Avira
2014-12-08 13:48 - 2013-12-10 14:56 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-08 13:48 - 2013-06-17 12:39 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-08 13:38 - 2013-06-17 12:41 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-11-26 16:54 - 2014-11-15 16:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\REAPER
2014-11-26 16:54 - 2014-11-15 16:07 - 00000000 ____D () C:\Program Files\REAPER (x64)
2014-11-26 16:54 - 2013-06-17 12:42 - 00000000 ____D () C:\Windows\servicing
2014-11-26 16:54 - 2013-06-17 12:39 - 00000000 ____D () C:\Windows\registration
2014-11-24 14:04 - 2013-06-17 12:41 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-18 10:59

==================== End Of Log ============================
--- --- ---


Internetseiten öffnen sich wieder ganz normal. Scheint also alles wieder in Ordnung zu sein. :dankeschoen:

schrauber 18.12.2014 21:18
Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Sceptiker 24.12.2014 09:58
Hallo,

hab alles erledigt und es klappt nun wieder alles. Hier nun das letzte Log

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2014
Ran by User at 2014-12-24 09:49:26 Run:1
Running from D:\!W7k-USER\Desktop
Loaded Profile: User (Available profiles: User & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog 09:49:26 ====
Vielen Dank nochmal für die Hilfe und deine Tipps. Ich wünsch Dir schöne Feiertage :)

schrauber 24.12.2014 22:21
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131