Avira hat HTML/Infected.WebPage.Gen2 gemeldet.

#0
01.03.2017, 21:35
Member

Beiträge: 35
#1 Hallo,

seit zwei Tagen nun hab ich von Avira connect diese meldung bekommen
HTML/Infected.WebPage.Gen2 gefunden.

C:\Users\MP\AppData\Local\Mozilla\Firefox\Profiles\MMTKCuej.default\cache2\entries\F18F1562AB45C3A3D09377AB790B9CB5A1B0998C

Avira hat es in Quarantände verschoben und erneut einen Suchlauf ausgeführt. Soweit war das ok.

Ich habe dann versucht einfach die Temporären Dateien auf C zu bereinigen. Hat aber nichts genützt der trojaner war dennoch wieder da. Avira meldete sich nochmal mit dem gleichen.

Ich hoffe ihr könnt mir helfen?

Es ist schon lange her seitdem ich hier war.

Danke schonmal!!!


OTL logfile created on: 01.03.2017 20:53:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18537)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 12,68 Gb Available Physical Memory | 79,34% Memory free
31,95 Gb Paging File | 28,41 Gb Available in Paging File | 88,90% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 238,96 Gb Free Space | 51,32% Space Free | Partition Type: NTFS
Drive D: | 931,29 Gb Total Space | 408,24 Gb Free Space | 43,84% Space Free | Partition Type: NTFS

Computer Name: THERISINGDOOM | User Name: MP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2017.03.01 20:50:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2017.01.20 19:39:19 | 000,425,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
PRC - [2017.01.20 19:39:13 | 000,425,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
PRC - [2017.01.20 19:39:10 | 015,547,328 | ---- | M] (Node.js) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
PRC - [2017.01.11 09:07:33 | 003,493,864 | ---- | M] () -- C:\Users\MP\AppData\Local\Amazon Music\Amazon Music Helper.exe
PRC - [2017.01.01 23:52:46 | 000,326,616 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
PRC - [2016.12.29 09:24:44 | 000,159,536 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
PRC - [2016.12.29 09:20:16 | 000,372,272 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
PRC - [2016.12.14 01:57:23 | 000,476,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2016.12.14 01:56:46 | 000,476,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2016.12.14 01:56:45 | 000,917,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2016.11.04 14:57:18 | 000,596,640 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2016.10.18 08:24:54 | 000,069,744 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
PRC - [2016.09.24 23:21:05 | 000,189,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
PRC - [2016.09.22 19:00:14 | 000,926,232 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2016.07.05 13:35:44 | 000,210,432 | ---- | M] (Geek Software GmbH) -- D:\Programme\PDF24\pdf24.exe
PRC - [2015.08.13 07:17:28 | 001,600,320 | ---- | M] (Razer Inc) -- C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe
PRC - [2015.02.04 17:51:05 | 000,076,152 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014.12.15 12:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) -- D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2014.09.28 18:06:44 | 004,838,816 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
PRC - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.08 12:15:50 | 001,581,056 | ---- | M] (Digital Data Communication Co., Ltd) -- C:\Program Files (x86)\LevelOne\Common\RaUI.exe
PRC - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\LevelOne\Common\RaRegistry.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2017.03.01 20:02:57 | 000,619,840 | ---- | M] () -- C:\Users\MP\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
MOD - [2017.01.20 19:39:13 | 003,774,400 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
MOD - [2017.01.20 19:39:12 | 000,900,032 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
MOD - [2017.01.20 19:39:11 | 000,018,880 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2017.01.20 14:36:22 | 002,808,888 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
MOD - [2017.01.20 14:36:22 | 000,537,656 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
MOD - [2017.01.20 14:36:21 | 001,066,552 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
MOD - [2017.01.20 14:36:21 | 001,014,840 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
MOD - [2017.01.20 14:36:21 | 000,518,200 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node
MOD - [2017.01.20 14:36:21 | 000,468,024 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
MOD - [2017.01.20 14:36:21 | 000,464,952 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node
MOD - [2017.01.20 14:36:21 | 000,384,568 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
MOD - [2017.01.20 14:36:21 | 000,366,136 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node
MOD - [2017.01.20 14:36:21 | 000,338,488 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
MOD - [2017.01.20 14:36:21 | 000,254,008 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
MOD - [2017.01.15 07:44:32 | 002,937,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c4402d4b4964c9abd161c185c85ba12a\System.IdentityModel.ni.dll
MOD - [2017.01.15 07:44:31 | 019,426,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c4175f38130bf0c2dac7b7837f82e00b\System.ServiceModel.ni.dll
MOD - [2017.01.15 07:44:21 | 000,390,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\a3c0852493c642a988e9840a24534619\System.Xml.Linq.ni.dll
MOD - [2017.01.15 07:44:05 | 000,183,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\1a50a8b002fc10cf93d63bea9cd7f83d\UIAutomationTypes.ni.dll
MOD - [2017.01.15 07:44:04 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\bfd90ce6cc9f7abe13deaa6ffb30d850\PresentationFramework-SystemXml.ni.dll
MOD - [2017.01.15 07:44:04 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\c97ee7f103537c8e918e10cb8afccd7b\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2017.01.15 00:17:49 | 019,076,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a38fec0cefab1f09ea34cdb8b1c0fcb0\PresentationFramework.ni.dll
MOD - [2017.01.15 00:17:42 | 011,559,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\c3c1053ed917afc9b7d4468a7291456c\PresentationCore.ni.dll
MOD - [2017.01.15 00:17:39 | 007,840,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4f33e4a12d701f157655f39825860335\System.Data.ni.dll
MOD - [2017.01.15 00:17:36 | 012,940,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0fab00859ac0f599e69bc12e0cc2c497\System.Windows.Forms.ni.dll
MOD - [2017.01.15 00:17:36 | 003,974,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\57ef31c77855c4fc6cb2f24942b0268c\WindowsBase.ni.dll
MOD - [2017.01.15 00:17:36 | 001,062,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\58c548e5e146aa6544f800cc8c96bcb7\System.ComponentModel.Composition.ni.dll
MOD - [2017.01.15 00:17:35 | 002,532,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\15a3e935f1f229a1b4a60f572db67e85\System.Data.Linq.ni.dll
MOD - [2017.01.15 00:17:35 | 000,974,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\e4b51f793514a0d7324ef02828145130\System.Configuration.ni.dll
MOD - [2017.01.15 00:17:34 | 007,500,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\6ad7bdc64040bfda8aa2c21b1e4394b0\System.Core.ni.dll
MOD - [2017.01.15 00:17:34 | 007,378,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\4d0104bb5509d906f129d54b070d1bd6\System.Xml.ni.dll
MOD - [2017.01.15 00:17:34 | 001,876,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\fa3dc2466256e6a142ad7475ca5a1890\System.Xaml.ni.dll
MOD - [2017.01.15 00:17:32 | 002,772,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\8d1828b7cc6780ad2eaca89d9b73af42\System.Runtime.Serialization.ni.dll
MOD - [2017.01.15 00:17:31 | 000,786,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\51bba9729fa33d00fb3f5498d07fbde0\System.ServiceModel.Internals.ni.dll
MOD - [2017.01.15 00:17:31 | 000,117,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\eb4c22a56dfee4cdbe62aae589add10a\SMDiagnostics.ni.dll
MOD - [2017.01.15 00:17:30 | 001,624,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c55a38896fef55fafafd1be9c8437243\System.Drawing.ni.dll
MOD - [2017.01.15 00:17:30 | 001,150,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\b20e452e941a29c33a7257c5681837aa\System.Management.ni.dll
MOD - [2017.01.15 00:17:30 | 000,521,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\0c93e4509cd540cef3d8bc4f53e16401\PresentationFramework.Aero.ni.dll
MOD - [2017.01.15 00:17:30 | 000,218,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\550a354017f012789f111e5f85dc6526\System.ServiceProcess.ni.dll
MOD - [2017.01.15 00:17:29 | 009,983,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e49af6abc3fb5dda64392cae6ca45db9\System.ni.dll
MOD - [2017.01.15 00:17:26 | 018,111,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\02795048c7ede81af33acdb56f905958\mscorlib.ni.dll
MOD - [2017.01.11 09:07:33 | 003,493,864 | ---- | M] () -- C:\Users\MP\AppData\Local\Amazon Music\Amazon Music Helper.exe
MOD - [2016.11.01 08:58:02 | 000,143,824 | ---- | M] () -- C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
MOD - [2016.10.13 17:46:31 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d6fe56971833ee905900c2d56bcfa5a3\IAStorUtil.ni.dll
MOD - [2016.10.12 20:23:02 | 003,352,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\01580d91c22f8e2cf9bc5f337b94025e\WindowsBase.ni.dll
MOD - [2016.05.11 10:29:09 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
MOD - [2016.05.11 10:28:55 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
MOD - [2016.05.11 10:28:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
MOD - [2016.05.11 10:28:49 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
MOD - [2016.05.11 10:28:47 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
MOD - [2016.05.11 10:28:39 | 007,996,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
MOD - [2015.01.12 03:26:34 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ac4c46817e44dd944492753e8c7be3e5\IAStorCommon.ni.dll
MOD - [2015.01.12 03:18:26 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014.09.28 17:59:56 | 000,019,872 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
MOD - [2013.07.08 13:49:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2013.07.08 13:49:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.08.20 21:59:58 | 000,860,160 | ---- | M] () -- C:\Program Files (x86)\LevelOne\Common\RaWLAPI.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe -- (NVIDIA Wireless Controller Service)
SRV:64bit: - [2016.11.12 20:08:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016.08.22 17:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015.01.13 23:15:22 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2014.09.16 14:29:34 | 000,028,848 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\RAPID\SamsungRapidSvc.exe -- (SamsungRapidSvc)
SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV - [2017.02.15 08:01:20 | 000,270,936 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017.02.10 00:13:21 | 000,462,784 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem)
SRV - [2017.01.29 13:47:57 | 002,183,696 | ---- | M] (Electronic Arts) [Auto | Stopped] -- C:\Program Files (x86)\Origin\OriginWebHelperService.exe -- (Origin Web Helper Service)
SRV - [2017.01.29 13:47:57 | 002,121,736 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2017.01.28 15:17:23 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017.01.20 19:39:19 | 000,425,408 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -- (NvTelemetryContainer)
SRV - [2017.01.20 19:39:14 | 000,462,784 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Programme\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerNetworkService)
SRV - [2017.01.20 19:39:14 | 000,462,784 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerLocalSystem)
SRV - [2017.01.19 02:30:28 | 001,464,096 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2017.01.16 08:22:44 | 000,317,400 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2016.12.29 09:20:16 | 000,372,272 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe -- (Avira.ServiceHost)
SRV - [2016.12.14 01:57:23 | 000,476,736 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2016.12.14 01:56:50 | 001,490,296 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2016.12.14 01:56:46 | 001,089,592 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe -- (AntiVirMailService)
SRV - [2016.12.14 01:56:46 | 000,476,736 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2016.11.29 22:34:16 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2016.10.18 08:24:54 | 000,069,744 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe -- (Razer Chroma SDK Service)
SRV - [2016.09.24 23:21:05 | 000,189,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
SRV - [2015.06.10 10:11:26 | 000,155,520 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2015.02.04 17:51:05 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014.12.15 12:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2009.07.14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\LevelOne\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\LevelOne\Common\RaRegistry.exe -- (RalinkRegistryWriter)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2017.01.24 00:04:54 | 000,217,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2017.01.20 19:39:20 | 000,057,792 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvhci.sys -- (nvvhci)
DRV:64bit: - [2017.01.06 02:10:32 | 000,047,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016.12.14 01:57:34 | 000,176,464 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2016.12.14 01:57:34 | 000,148,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2016.09.17 01:12:20 | 000,044,144 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
DRV:64bit: - [2016.05.11 00:31:55 | 000,079,696 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt)
DRV:64bit: - [2015.12.14 23:24:25 | 000,130,880 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
DRV:64bit: - [2015.09.16 23:27:47 | 000,030,424 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsomc.sys -- (ggsomc)
DRV:64bit: - [2015.09.16 23:27:47 | 000,016,088 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2014.11.24 10:23:23 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2014.09.16 14:31:02 | 000,111,280 | ---- | M] (Samsung Electronics Co., Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SamsungRapidFSFltr.sys -- (SamsungRapidFSFltr)
DRV:64bit: - [2014.09.16 14:30:16 | 000,268,976 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SamsungRapidDiskFltr.sys -- (SamsungRapidDiskFltr)
DRV:64bit: - [2014.08.15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.10.03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.04.26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.22 08:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010.08.10 10:29:16 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.09.11 13:25:00 | 000,737,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2017.01.20 19:38:53 | 000,027,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D 8C 31 96 F2 2D D0 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 90 7B 45 18 DF 9F D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.de,Bing,DuckDuckGo,eBay,LEO Eng-Deu,Wikipedia (de)"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "msn.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:51.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 51.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 51.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 51.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 51.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015.01.12 00:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Extensions
[2016.11.21 21:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Firefox\Profiles\MMTKCuej.default\browser-extension-data
[2016.11.21 21:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Firefox\Profiles\MMTKCuej.default\browser-extension-data\abs@avira.com
[2017.02.09 10:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Firefox\Profiles\MMTKCuej.default\extensions
[2017.02.09 10:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Firefox\Profiles\MMTKCuej.default\extensions\trash
[2017.02.09 10:24:50 | 001,136,864 | ---- | M] () (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\MMTKCuej.default\extensions\abs@avira.com.xpi
[2016.11.21 21:30:25 | 001,167,023 | ---- | M] () (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\MMTKCuej.default\extensions\trash\abs@avira.com.xpi
[2017.02.26 13:00:54 | 000,005,527 | ---- | M] () (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\MMTKCuej.default\features\{4ab6bb16-9461-41cd-91fb-2a5851080f3c}\diagnostics@mozilla.org.xpi
[2017.02.26 13:00:55 | 000,008,857 | ---- | M] () (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\MMTKCuej.default\features\{4ab6bb16-9461-41cd-91fb-2a5851080f3c}\disableSHA1rollout@mozilla.org.xpi
[2017.02.26 13:00:54 | 000,005,336 | ---- | M] () (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\MMTKCuej.default\features\{4ab6bb16-9461-41cd-91fb-2a5851080f3c}\hsts-priming@mozilla.org.xpi
[2017.01.28 15:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SamsungRapidApp] C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kraken71ChromaHelper] C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe (Razer Inc)
O4 - HKLM..\Run: [PDFPrint] D:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKCU..\Run: [Amazon Music] C:\Users\MP\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81A34DA4-6688-4D08-9197-0AB9E56D2030}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE4519C9-2DC2-4313-B3E0-9F13CC8EF51F}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0db9b26d-4503-11e5-abaf-14dae944cfbd}\Shell - "" = AutoRun
O33 - MountPoints2\{0db9b26d-4503-11e5-abaf-14dae944cfbd}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{897ac2ff-99dc-11e4-bba3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{897ac2ff-99dc-11e4-bba3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{8efc1c05-6f36-11e5-81cd-14dae944cfbd}\Shell - "" = AutoRun
O33 - MountPoints2\{8efc1c05-6f36-11e5-81cd-14dae944cfbd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2017.03.01 20:03:01 | 000,000,000 | R--D | C] -- C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2017.02.25 12:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2017.03.01 20:11:16 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017.03.01 20:11:16 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017.03.01 20:09:21 | 001,619,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017.03.01 20:09:21 | 000,699,190 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2017.03.01 20:09:21 | 000,654,028 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017.03.01 20:09:21 | 000,149,330 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2017.03.01 20:09:21 | 000,121,900 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017.03.01 20:02:57 | 000,001,944 | ---- | M] () -- C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk
[2017.03.01 20:02:56 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2017.03.01 20:02:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017.03.01 20:02:46 | 4276,727,806 | -HS- | M] () -- C:\hiberfil.sys
[2017.03.01 09:10:31 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2017.02.24 23:48:44 | 000,000,219 | ---- | M] () -- C:\Users\MP\Desktop\Dota 2.url
[2017.02.24 10:02:44 | 926,315,819 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2017.02.12 19:22:58 | 000,017,454 | ---- | M] () -- C:\Users\MP\Desktop\Lebenslauf.odt
[2017.02.10 01:52:40 | 040,192,056 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2017.02.10 01:52:40 | 035,272,760 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2017.02.10 01:52:40 | 000,042,606 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2017.02.10 00:13:14 | 000,001,951 | ---- | M] () -- C:\Windows\NvContainerRecovery.bat
[2017.02.09 23:57:04 | 007,791,217 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2017.02.24 23:48:44 | 000,000,219 | ---- | C] () -- C:\Users\MP\Desktop\Dota 2.url
[2017.02.20 21:19:44 | 040,192,056 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2017.02.20 21:19:44 | 035,272,760 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2017.01.26 01:13:16 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-39-1.exe
[2017.01.26 01:12:46 | 000,326,656 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-39-1.dll
[2016.10.21 00:40:14 | 000,007,601 | ---- | C] () -- C:\Users\MP\AppData\Local\Resmon.ResmonCfg
[2016.05.17 22:36:55 | 000,051,920 | ---- | C] () -- C:\Windows\War3Unin.dat
[2016.03.10 21:43:54 | 000,326,656 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016.03.10 21:43:54 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016.02.14 02:47:02 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-0.dll
[2016.02.14 02:45:46 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
[2015.03.26 18:11:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.08.29 16:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.08.29 16:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2016.12.14 00:26:51 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Battle.net
[2015.01.27 22:04:54 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\OpenOffice
[2017.02.06 01:27:06 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Origin
[2015.01.25 12:59:10 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\TeamViewer
[2015.11.02 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\The Creative Assembly
[2016.11.07 23:29:33 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\TS3Client

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2015.01.11 23:12:27 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2015.09.05 19:37:11 | 000,000,000 | ---D | M] -- C:\Documents
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2015.01.11 23:12:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2015.01.11 23:27:16 | 000,000,000 | ---D | M] -- C:\Intel
[2015.01.12 00:25:37 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2016.09.14 06:47:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2016.11.19 23:15:23 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2016.10.18 19:10:59 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2015.01.11 23:12:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2015.01.11 23:45:41 | 000,000,000 | ---D | M] -- C:\RaidTool
[2015.01.11 23:12:17 | 000,000,000 | -HSD | M] -- C:\Recovery
[2017.03.01 20:55:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2015.01.11 23:12:22 | 000,000,000 | R--D | M] -- C:\Users
[2017.02.24 10:02:44 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2016.08.29 16:04:37 | 003,229,696 | ---- | M] (Microsoft Corporation) MD5=38AE1B3C38FAEF56FE4907922F0385BA -- C:\Windows\explorer.exe
[2016.08.29 16:04:37 | 003,229,696 | ---- | M] (Microsoft Corporation) MD5=38AE1B3C38FAEF56FE4907922F0385BA -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_b0517adca98752cc\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2016.08.29 15:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\SysWOW64\explorer.exe
[2016.08.29 15:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_baa6252edde814c7\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 16 bytes -> C:\Windows\Temp:$DATA

< End of report >
Seitenanfang Seitenende
02.03.2017, 10:11
Gesperrt

Beiträge: 8
#2 Hallo,
bitte lade dir Malwarebytes Anti-Malware herunter und lass es einmal über dein System Scannen.
Poste dann das entsprechende Log hier, leider sind HijackThis Logs nicht wirklich brauchbar in der Hinsicht, da sie extrem Aufgebläht sind.

Außerdem würde ich dir einen anderen AV Scanner als Avira empfehlen, da Avira aus mehreren Gründen sehr schlecht ist.
Empfehlen kann ich hier ESET als Alternative.

Oftmals kann der von dir beschriebene Fund ein False-Positive von Avira sein leider

Grüße
Fuzzy90
Seitenanfang Seitenende
03.03.2017, 07:57
Member

Themenstarter

Beiträge: 35
#3 Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 03.03.17
Scan-Zeit: 01:42
Protokolldatei: Logfile.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.75
Version des Aktualisierungspakets: 1.0.1409
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: TheRisingDoom\MP

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 358066
Abgelaufene Zeit: 2 Min., 28 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 4
Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\833aba7126d40dde1c6c602b489cd056, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409
Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409
Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\Downloads, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409
Adware.ChinAd, C:\USERS\MP\APPDATA\LOCAL\TEMP\DMR, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409

Datei: 7
PUP.Optional.DownloadSponsor, C:\USERS\MP\APPDATA\LOCAL\TEMP\DMR\DMR_72.EXE, Keine Aktion durch Benutzer, [643], [373684],1.0.1409
Adware.ChinAd, C:\USERS\MP\APPDATA\LOCAL\TEMP\DMR\WYWEGPIBLBOGUNDG.DAT, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409
Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\833aba7126d40dde1c6c602b489cd056\SkypeSetup74Full.exe, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409
Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\ivlftkwokfzffemo.dat, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409
Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\lwfjtfuacmeqqknb.dat, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409
Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\wuiyrqmrznzmuncb.dat, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409
Adware.ChinAd, C:\Users\MP\AppData\Local\Temp\DMR\ysibmbmuedafgbiv.dat, Keine Aktion durch Benutzer, [1417], [375557],1.0.1409

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
Seitenanfang Seitenende
03.03.2017, 09:04
Gesperrt

Beiträge: 8
#4 Guten Morgen,
also beim genaueren Durchsehen deines Hijack Logs und Malwarebytes Logs konnte ich jetzt nichts entdecken.
Lediglich.
Allerdings hast du Potentiell Unerwünschte Software wie z.B Toolbars anscheinend, schau mal in den Ordnern die unter "Ordner" bzw Datei am Ende gelistet sind nach

Grüße
Seitenanfang Seitenende
03.03.2017, 19:27
Member

Themenstarter

Beiträge: 35
#5 Guten Abend,

mhh das ulkige ist wenn ich den Pfad suche unter C existiert kein Ordner mit dem Namen AppData

verwirrt mich ein wenig...???

Gruß
Seitenanfang Seitenende
05.03.2017, 17:59
Gesperrt

Beiträge: 8
#6 Hallo,
sie haben wahrscheinlich ihre Versteckten Dateien und Ordner ausgeblendet.

Folgendermaßen schalten sie diese "an":
-> Gehen sie in einen Beliebigen Ordner
-> Drücken sie die Linke ALT Taste
-> Oben sollten sie ein Menü sehen
-> Dort auf "Extras" und dann auf "Ordneroptionen"
-> Im neuen Fenster auf "Ansicht"
-> Ganz nach unten Scrollen und den Blauen Kreis auf "Ausgeblendete Dateien, Ordner und Laufwerke anzeigen" stellen (einfach drauf klicken)
-> Übernehmen

Sie sollten nun den Appdata Ordner sehen

Grüße
Seitenanfang Seitenende
06.03.2017, 22:39
Member

Themenstarter

Beiträge: 35
#7 Guten Abend,

Danke schonmal dafür!

Soweit so gut ich war im Temp Ordner drin, nun ist es aber sehr verwunderlich das ich den Ordner DMR nicht finden kann obwohl auch hier im Ordner die versteckten Ornder ja nun sichtbar sind da die Einstellung die wir grade vorgenommen haben da auch gelten.

Meine Frage auch hier, braucht man eigentlich diesen Temp Ordner oder ist das eigentlich nur alles Müll??
Bei mir sind es fast 1 GB Daten...


Greetz
Seitenanfang Seitenende
07.03.2017, 10:32
Gesperrt

Beiträge: 8
#8 Hallo,
teilweise braucht man die Daten darin ja. CC Cleaner kann hier helfen, "unnötige" Daten zu entfernen.

Grüße
Seitenanfang Seitenende