Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ich werde Positive Finds Ads nicht los

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.02.2015, 21:09   #1
Jassi1812
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Guten Abend,

nachdem ich mir heute einen Musik-Converter heruntergeladen habe, habe ich überall auf Internetseiten, die ich besuche, blaue, doppelt unterstrichene, anklickbare Wörter und kleine Werbekästen, durch die sich ein weiterer Tab öffnet, sobald ich sie schließen will.
Ich habe das Programm zwar deinstalliert und meinen PC danach neu gestartet, das Problem besteht jedoch weiterhin.

Über schnelle Hilfe wäre ich sehr dankbar.

Mit freundlichen Grüßen

P.S.: Ich nutze ausschließlich Chrome als Browser.

Alt 11.02.2015, 21:17   #2
sunjojo
/// Malwareteam
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Hallo Jassi1812,

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:
Regeln zum Ablauf der Bereinigung
  • Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
  • Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
    • Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
  • Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).
  • Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.
  • Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
    • Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.
Hinweis
  • Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.


Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Poste folgende Logfiles in deiner nächsten Antwort:
  • FRST.txt und Addition.txt
__________________

__________________

Alt 11.02.2015, 21:32   #3
Jassi1812
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by privat (administrator) on PRIVAT-PC on 11-02-2015 22:29:25
Running from C:\Users\privat\Downloads
Loaded Profiles: privat (Available profiles: privat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\privat\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\Run: [GoogleChromeAutoLaunch_DB7CD02E01A26A90D32AF93CFCC12A6B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\Run: [Amazon Music] => C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\MountPoints2: {53b16637-fae0-11e3-83d2-b755386a493c} - G:\XSManager.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\privat\AppData\Roaming\Mozilla\Firefox\Profiles\iqmdyu1a.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\privat\AppData\Roaming\Mozilla\Firefox\Profiles\iqmdyu1a.default\Extensions\abs@avira.com [2014-08-07]
FF Extension: Avira Savings Advisor - C:\Users\privat\AppData\Roaming\Mozilla\Firefox\Profiles\iqmdyu1a.default\Extensions\ciuvo-extension@avira.de [2014-07-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Avira Sparberater) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-07-07]
CHR Extension: (Google-Suche) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Avira Browserschutz) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-07]
CHR Extension: (Google Wallet) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Google Mail) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-09] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2014-06-23] (QUALCOMM Incorporated) [File not signed]
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:28 - 2015-02-11 22:28 - 02134016 _____ (Farbar) C:\Users\privat\Downloads\FRST64 (1).exe
2015-02-11 21:56 - 2015-02-11 22:29 - 00015414 _____ () C:\Users\privat\Downloads\FRST.txt
2015-02-11 21:56 - 2015-02-11 22:29 - 00000000 ____D () C:\FRST
2015-02-11 21:56 - 2015-02-11 21:57 - 00025642 _____ () C:\Users\privat\Downloads\Addition.txt
2015-02-11 21:55 - 2015-02-11 21:55 - 02134016 _____ (Farbar) C:\Users\privat\Downloads\FRST64.exe
2015-02-11 10:23 - 2015-02-11 10:23 - 00000000 ____D () C:\Users\privat\AppData\Roaming\TuneUp Software
2015-02-11 10:23 - 2015-02-11 10:23 - 00000000 ____D () C:\Users\privat\AppData\Local\TuneUp Software
2015-02-11 10:23 - 2015-02-11 10:23 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-11 10:21 - 2015-02-11 21:43 - 00000000 ____D () C:\Users\privat\AppData\Roaming\DVDVideoSoft
2015-02-11 09:11 - 2015-02-11 09:11 - 00635608 _____ () C:\Users\privat\Downloads\Nicht bestätigt 899794.crdownload
2015-02-09 17:00 - 2015-02-09 17:00 - 00005427 _____ () C:\Users\privat\Documents\Sky Kündigung.odt
2015-02-09 16:56 - 2015-02-09 16:56 - 00010239 _____ () C:\Users\privat\Downloads\SKY Kündigung.odt
2015-02-06 23:19 - 2015-02-06 23:19 - 00315552 _____ () C:\Windows\Minidump\020615-5101-01.dmp
2015-01-30 23:35 - 2015-01-30 23:46 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-01-30 23:25 - 2015-01-30 23:35 - 00000000 ____D () C:\Users\privat\AppData\Roaming\Canon
2015-01-30 23:25 - 2015-01-30 23:25 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2015-01-30 23:22 - 2015-01-30 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Benutzerregistrierung
2015-01-30 23:22 - 2015-01-30 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series
2015-01-30 23:22 - 2013-04-04 05:00 - 00394240 _____ (CANON INC.) C:\Windows\system32\CNMXLMBU.DLL
2015-01-30 23:22 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BUL.dll
2015-01-30 23:22 - 2012-11-26 12:24 - 00095744 _____ () C:\Windows\SysWOW64\CNC1771D.TBL
2015-01-30 23:22 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-01-30 23:21 - 2015-01-30 23:21 - 00002025 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-01-30 23:21 - 2015-01-30 23:21 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-01-30 23:18 - 2015-01-30 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-01-30 23:18 - 2015-01-30 23:21 - 00000000 ____D () C:\Program Files\Canon
2015-01-30 23:18 - 2015-01-30 23:18 - 00002360 _____ () C:\Users\Public\Desktop\Canon MG5500 series On-Screen-Handbuch.lnk
2015-01-30 23:18 - 2015-01-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Manual
2015-01-30 23:17 - 2015-01-30 23:17 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-30 23:17 - 2015-01-30 23:17 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-01-30 23:17 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBU.DLL
2015-01-30 23:17 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\Windows\system32\CNC_BUL.dll
2015-01-30 23:17 - 2012-11-26 12:24 - 00095744 _____ () C:\Windows\system32\CNC1771D.TBL
2015-01-30 23:17 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BUC.dll
2015-01-30 23:17 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BUI.dll
2015-01-30 23:17 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-01-30 23:16 - 2015-02-11 09:21 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-30 23:12 - 2015-01-30 23:12 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2015-01-30 23:11 - 2015-01-30 23:22 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-01-28 07:29 - 2015-01-28 07:30 - 00000000 ____D () C:\Users\privat\Documents\VirtualDJ
2015-01-28 07:29 - 2015-01-28 07:29 - 00001030 _____ () C:\Users\privat\Desktop\VirtualDJ 8.lnk
2015-01-28 07:29 - 2015-01-28 07:29 - 00000000 ____D () C:\Users\privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2015-01-28 07:29 - 2015-01-28 07:29 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2015-01-28 07:28 - 2015-01-28 07:28 - 38526976 _____ () C:\Users\privat\Downloads\install_virtualdj_pc_v8.0.2126.msi
2015-01-25 13:45 - 2015-01-25 13:45 - 00001162 _____ () C:\Users\Public\Desktop\Theme Hospital.lnk
2015-01-25 13:45 - 2015-01-25 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theme Hospital
2015-01-23 00:07 - 2015-01-09 23:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 00:06 - 2015-01-13 05:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-23 00:06 - 2015-01-13 05:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 00:06 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-22 23:55 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-22 23:55 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-19 16:12 - 2015-01-19 16:12 - 00291504 _____ () C:\Windows\Minidump\011915-5382-01.dmp
2015-01-14 11:34 - 2014-12-19 04:30 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-01-14 11:34 - 2014-12-19 04:30 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:34 - 2014-12-19 04:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-01-14 11:34 - 2014-12-19 04:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll
2015-01-14 11:34 - 2014-12-19 04:03 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-01-14 11:34 - 2014-12-19 04:03 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-01-14 11:34 - 2014-12-19 02:53 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:34 - 2014-12-12 07:07 - 05553080 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:34 - 2014-12-12 07:07 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-01-14 11:34 - 2014-12-12 07:05 - 00617384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-01-14 11:34 - 2014-12-12 06:45 - 03977656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:34 - 2014-12-12 06:45 - 03921848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:34 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:34 - 2014-12-06 05:31 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:34 - 2014-12-06 05:31 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 11:34 - 2014-12-06 05:18 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:34 - 2014-12-06 05:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 11:34 - 2014-10-29 03:16 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:12 - 2014-07-07 16:40 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 22:01 - 2014-06-23 15:44 - 01829775 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 21:59 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 21:59 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 21:50 - 2011-04-12 08:43 - 00702738 _____ () C:\Windows\system32\perfh007.dat
2015-02-11 21:50 - 2011-04-12 08:43 - 00150378 _____ () C:\Windows\system32\perfc007.dat
2015-02-11 21:50 - 2009-07-14 06:13 - 01628524 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 21:45 - 2014-07-07 16:40 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 21:45 - 2009-07-14 05:51 - 00280451 _____ () C:\Windows\setupact.log
2015-02-11 21:44 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 21:44 - 2014-06-23 16:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-11 21:44 - 2014-06-23 15:46 - 00000000 ____D () C:\Users\privat
2015-02-11 21:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 21:44 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-02-11 21:43 - 2014-12-11 06:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 21:43 - 2014-08-07 09:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 21:43 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 21:43 - 2014-06-23 16:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-11 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 10:55 - 2014-06-23 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-09 14:22 - 2014-07-07 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-09 14:22 - 2014-07-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-08 12:22 - 2014-07-07 16:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-07 23:14 - 2014-07-10 16:42 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 23:19 - 2014-07-16 20:03 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 07:13 - 2014-07-07 16:40 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 18:07 - 2014-07-07 16:40 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 18:07 - 2014-07-07 16:40 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-31 12:15 - 2010-11-21 04:47 - 00269874 _____ () C:\Windows\PFRO.log
2015-01-30 14:11 - 2014-12-13 14:02 - 00000000 ____D () C:\Users\privat\AppData\Roaming\vlc
2015-01-25 13:45 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 00:07 - 2014-06-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-16 07:41 - 2014-07-30 06:03 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 07:41 - 2014-07-30 06:03 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 07:41 - 2014-06-23 16:31 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 07:41 - 2014-06-23 16:31 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-15 00:27 - 2014-06-23 16:28 - 01601868 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 00:24 - 2014-06-23 16:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:15 - 2014-06-23 16:26 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

==================== Files in the root of some directories =======

2014-07-19 20:38 - 2014-07-19 20:38 - 0000000 _____ () C:\Users\privat\AppData\Roaming\ASEUserMetrics.osl

Some content of TEMP:
====================
C:\Users\privat\AppData\Local\Temp\avgnt.exe
C:\Users\privat\AppData\Local\Temp\conduitinstaller.exe
C:\Users\privat\AppData\Local\Temp\Driver_Genius_11_Professional_DE.EXE
C:\Users\privat\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\privat\AppData\Local\Temp\mfc80.dll
C:\Users\privat\AppData\Local\Temp\mfc80u.dll
C:\Users\privat\AppData\Local\Temp\mfcm80.dll
C:\Users\privat\AppData\Local\Temp\mfcm80u.dll
C:\Users\privat\AppData\Local\Temp\MSETUP4.EXE
C:\Users\privat\AppData\Local\Temp\msvcm80.dll
C:\Users\privat\AppData\Local\Temp\msvcp80.dll
C:\Users\privat\AppData\Local\Temp\msvcr80.dll
C:\Users\privat\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\privat\AppData\Local\Temp\nvStInst.exe
C:\Users\privat\AppData\Local\Temp\sonarinst.exe
C:\Users\privat\AppData\Local\Temp\uninstall.exe
C:\Users\privat\AppData\Local\Temp\Uninstaller.exe
C:\Users\privat\AppData\Local\Temp\UninstallerGer.dll
C:\Users\privat\AppData\Local\Temp\WtgDriverInstallX.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 07:58

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 11.02.2015, 22:45   #4
sunjojo
/// Malwareteam
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Bitte noch die Addition.txt posten.
__________________
Gruß,

Jonas

Alt 12.02.2015, 05:48   #5
Jassi1812
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Ich habe gestern nur das eine Fenster mit dem FRST.txt angezeigt bekommen.


Alt 12.02.2015, 13:24   #6
sunjojo
/// Malwareteam
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Dann starte bitte nochmal FRST und setze einen Haken bei Addition.txt! und drücke auf Scan. Dann poste die beiden Logfiles .
__________________
--> Ich werde Positive Finds Ads nicht los

Alt 12.02.2015, 15:20   #7
Jassi1812
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by privat (administrator) on PRIVAT-PC on 12-02-2015 16:17:37
Running from C:\Users\privat\Downloads
Loaded Profiles: privat (Available profiles: privat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\privat\Downloads\FRST64 (2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\Run: [GoogleChromeAutoLaunch_DB7CD02E01A26A90D32AF93CFCC12A6B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\Run: [Amazon Music] => C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\MountPoints2: {53b16637-fae0-11e3-83d2-b755386a493c} - G:\XSManager.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\privat\AppData\Roaming\Mozilla\Firefox\Profiles\iqmdyu1a.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\privat\AppData\Roaming\Mozilla\Firefox\Profiles\iqmdyu1a.default\Extensions\abs@avira.com [2014-08-07]
FF Extension: Avira Savings Advisor - C:\Users\privat\AppData\Roaming\Mozilla\Firefox\Profiles\iqmdyu1a.default\Extensions\ciuvo-extension@avira.de [2014-07-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Avira Sparberater) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-07-07]
CHR Extension: (Google-Suche) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Avira Browserschutz) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-07]
CHR Extension: (Google Wallet) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Google Mail) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-09] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2014-06-23] (QUALCOMM Incorporated) [File not signed]
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 16:17 - 2015-02-12 16:17 - 02134016 _____ (Farbar) C:\Users\privat\Downloads\FRST64 (2).exe
2015-02-11 22:28 - 2015-02-11 22:28 - 02134016 _____ (Farbar) C:\Users\privat\Downloads\FRST64 (1).exe
2015-02-11 22:01 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 22:01 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 22:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 22:01 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 22:01 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 22:01 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 22:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 22:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 22:01 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 22:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 22:01 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 22:01 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 22:01 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 22:01 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 22:01 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 22:01 - 2015-01-12 03:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 22:01 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 22:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 22:01 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 22:01 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 22:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 22:01 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 22:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 22:01 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 22:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 22:01 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 22:01 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 22:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 22:01 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 22:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 22:01 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 22:01 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 22:01 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 22:01 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 22:01 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 22:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 22:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 22:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 22:01 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 22:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 22:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 22:01 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 22:01 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 22:01 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 22:01 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 22:01 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 22:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 22:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 22:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 22:01 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 22:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 22:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 22:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 22:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 22:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 22:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 22:01 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 22:01 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 22:01 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 22:01 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 21:56 - 2015-02-12 16:17 - 00015579 _____ () C:\Users\privat\Downloads\FRST.txt
2015-02-11 21:56 - 2015-02-12 16:17 - 00000000 ____D () C:\FRST
2015-02-11 21:56 - 2015-02-11 21:57 - 00025642 _____ () C:\Users\privat\Downloads\Addition.txt
2015-02-11 21:56 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 21:56 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 21:56 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 21:56 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 21:56 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 21:56 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 21:56 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 21:56 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 21:55 - 2015-02-11 21:55 - 02134016 _____ (Farbar) C:\Users\privat\Downloads\FRST64.exe
2015-02-11 21:54 - 2015-01-15 09:25 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 21:54 - 2015-01-15 09:25 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 21:54 - 2015-01-15 09:25 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 21:54 - 2015-01-15 09:25 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 21:54 - 2015-01-15 09:09 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 21:54 - 2015-01-15 09:09 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 21:54 - 2015-01-15 09:09 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 21:54 - 2015-01-15 09:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 21:54 - 2015-01-15 09:05 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 21:54 - 2015-01-15 05:22 - 00458832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 21:54 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 21:54 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 21:54 - 2014-12-12 07:02 - 01480704 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 21:54 - 2014-12-12 06:38 - 01175040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 21:54 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 21:54 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 21:54 - 2014-10-30 03:14 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 21:50 - 2014-12-08 04:28 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 21:50 - 2014-12-08 04:03 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 21:49 - 2015-01-14 07:34 - 05553080 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 21:49 - 2015-01-14 07:25 - 03977656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 21:49 - 2015-01-14 07:25 - 03921848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 21:49 - 2015-01-09 03:05 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 10:23 - 2015-02-11 10:23 - 00000000 ____D () C:\Users\privat\AppData\Roaming\TuneUp Software
2015-02-11 10:23 - 2015-02-11 10:23 - 00000000 ____D () C:\Users\privat\AppData\Local\TuneUp Software
2015-02-11 10:23 - 2015-02-11 10:23 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-11 10:21 - 2015-02-11 21:43 - 00000000 ____D () C:\Users\privat\AppData\Roaming\DVDVideoSoft
2015-02-11 09:11 - 2015-02-11 09:11 - 00635608 _____ () C:\Users\privat\Downloads\Nicht bestätigt 899794.crdownload
2015-02-09 17:00 - 2015-02-09 17:00 - 00005427 _____ () C:\Users\privat\Documents\Sky Kündigung.odt
2015-02-09 16:56 - 2015-02-09 16:56 - 00010239 _____ () C:\Users\privat\Downloads\SKY Kündigung.odt
2015-02-06 23:19 - 2015-02-06 23:19 - 00315552 _____ () C:\Windows\Minidump\020615-5101-01.dmp
2015-01-30 23:35 - 2015-01-30 23:46 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-01-30 23:25 - 2015-01-30 23:35 - 00000000 ____D () C:\Users\privat\AppData\Roaming\Canon
2015-01-30 23:25 - 2015-01-30 23:25 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2015-01-30 23:22 - 2015-01-30 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Benutzerregistrierung
2015-01-30 23:22 - 2015-01-30 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series
2015-01-30 23:22 - 2013-04-04 05:00 - 00394240 _____ (CANON INC.) C:\Windows\system32\CNMXLMBU.DLL
2015-01-30 23:22 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BUL.dll
2015-01-30 23:22 - 2012-11-26 12:24 - 00095744 _____ () C:\Windows\SysWOW64\CNC1771D.TBL
2015-01-30 23:22 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-01-30 23:21 - 2015-01-30 23:21 - 00002025 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-01-30 23:21 - 2015-01-30 23:21 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-01-30 23:18 - 2015-01-30 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-01-30 23:18 - 2015-01-30 23:21 - 00000000 ____D () C:\Program Files\Canon
2015-01-30 23:18 - 2015-01-30 23:18 - 00002360 _____ () C:\Users\Public\Desktop\Canon MG5500 series On-Screen-Handbuch.lnk
2015-01-30 23:18 - 2015-01-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Manual
2015-01-30 23:17 - 2015-01-30 23:17 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-30 23:17 - 2015-01-30 23:17 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-01-30 23:17 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBU.DLL
2015-01-30 23:17 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\Windows\system32\CNC_BUL.dll
2015-01-30 23:17 - 2012-11-26 12:24 - 00095744 _____ () C:\Windows\system32\CNC1771D.TBL
2015-01-30 23:17 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BUC.dll
2015-01-30 23:17 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BUI.dll
2015-01-30 23:17 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-01-30 23:16 - 2015-02-11 09:21 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-30 23:12 - 2015-01-30 23:12 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2015-01-30 23:11 - 2015-01-30 23:22 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-01-28 07:29 - 2015-01-28 07:30 - 00000000 ____D () C:\Users\privat\Documents\VirtualDJ
2015-01-28 07:29 - 2015-01-28 07:29 - 00001030 _____ () C:\Users\privat\Desktop\VirtualDJ 8.lnk
2015-01-28 07:29 - 2015-01-28 07:29 - 00000000 ____D () C:\Users\privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2015-01-28 07:29 - 2015-01-28 07:29 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2015-01-28 07:28 - 2015-01-28 07:28 - 38526976 _____ () C:\Users\privat\Downloads\install_virtualdj_pc_v8.0.2126.msi
2015-01-25 13:45 - 2015-01-25 13:45 - 00001162 _____ () C:\Users\Public\Desktop\Theme Hospital.lnk
2015-01-25 13:45 - 2015-01-25 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theme Hospital
2015-01-23 00:07 - 2015-01-09 23:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 00:06 - 2015-01-13 05:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-23 00:06 - 2015-01-13 05:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 00:06 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-22 23:55 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-22 23:55 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-19 16:12 - 2015-01-19 16:12 - 00291504 _____ () C:\Windows\Minidump\011915-5382-01.dmp
2015-01-14 11:34 - 2014-12-19 04:30 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-01-14 11:34 - 2014-12-19 04:30 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:34 - 2014-12-19 04:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-01-14 11:34 - 2014-12-19 04:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll
2015-01-14 11:34 - 2014-12-19 04:03 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-01-14 11:34 - 2014-12-19 04:03 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-01-14 11:34 - 2014-12-19 02:53 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:34 - 2014-12-12 07:07 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-01-14 11:34 - 2014-12-12 07:05 - 00617384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-01-14 11:34 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:34 - 2014-12-06 05:31 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:34 - 2014-12-06 05:31 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 11:34 - 2014-12-06 05:18 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:34 - 2014-12-06 05:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 11:34 - 2014-10-29 03:16 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 16:17 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 16:17 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 16:16 - 2011-04-12 08:43 - 00702738 _____ () C:\Windows\system32\perfh007.dat
2015-02-12 16:16 - 2011-04-12 08:43 - 00150378 _____ () C:\Windows\system32\perfc007.dat
2015-02-12 16:16 - 2009-07-14 06:13 - 01628524 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 16:13 - 2014-06-23 15:44 - 02040406 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 16:12 - 2014-07-07 16:40 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 16:10 - 2014-07-07 16:40 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 16:10 - 2014-06-23 16:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 16:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 16:10 - 2009-07-14 05:51 - 00282103 _____ () C:\Windows\setupact.log
2015-02-12 07:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 06:40 - 2014-12-11 06:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 06:40 - 2014-06-23 16:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 06:40 - 2010-11-21 04:47 - 00275798 _____ () C:\Windows\PFRO.log
2015-02-12 06:40 - 2009-07-14 05:45 - 00410320 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 22:55 - 2014-08-07 09:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 22:54 - 2014-06-23 16:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 22:54 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 22:53 - 2014-06-23 17:10 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 22:53 - 2014-06-23 17:10 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-11 22:53 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 22:53 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 22:52 - 2014-06-23 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 22:51 - 2014-06-23 16:38 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 21:44 - 2014-06-23 15:46 - 00000000 ____D () C:\Users\privat
2015-02-11 21:44 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-02-11 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-11 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-09 14:22 - 2014-07-07 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-09 14:22 - 2014-07-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-08 12:22 - 2014-07-07 16:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-07 23:14 - 2014-07-10 16:42 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 23:19 - 2014-07-16 20:03 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 07:13 - 2014-07-07 16:40 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 18:07 - 2014-07-07 16:40 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 18:07 - 2014-07-07 16:40 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-30 14:11 - 2014-12-13 14:02 - 00000000 ____D () C:\Users\privat\AppData\Roaming\vlc
2015-01-25 13:45 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 00:07 - 2014-06-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-16 07:41 - 2014-07-30 06:03 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 07:41 - 2014-07-30 06:03 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 07:41 - 2014-06-23 16:31 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 07:41 - 2014-06-23 16:31 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-15 00:27 - 2014-06-23 16:28 - 01601868 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-13 05:15 - 2014-06-23 16:26 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

==================== Files in the root of some directories =======

2014-07-19 20:38 - 2014-07-19 20:38 - 0000000 _____ () C:\Users\privat\AppData\Roaming\ASEUserMetrics.osl

Some content of TEMP:
====================
C:\Users\privat\AppData\Local\Temp\avgnt.exe
C:\Users\privat\AppData\Local\Temp\conduitinstaller.exe
C:\Users\privat\AppData\Local\Temp\Driver_Genius_11_Professional_DE.EXE
C:\Users\privat\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\privat\AppData\Local\Temp\mfc80.dll
C:\Users\privat\AppData\Local\Temp\mfc80u.dll
C:\Users\privat\AppData\Local\Temp\mfcm80.dll
C:\Users\privat\AppData\Local\Temp\mfcm80u.dll
C:\Users\privat\AppData\Local\Temp\MSETUP4.EXE
C:\Users\privat\AppData\Local\Temp\msvcm80.dll
C:\Users\privat\AppData\Local\Temp\msvcp80.dll
C:\Users\privat\AppData\Local\Temp\msvcr80.dll
C:\Users\privat\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\privat\AppData\Local\Temp\nvStInst.exe
C:\Users\privat\AppData\Local\Temp\sonarinst.exe
C:\Users\privat\AppData\Local\Temp\uninstall.exe
C:\Users\privat\AppData\Local\Temp\Uninstaller.exe
C:\Users\privat\AppData\Local\Temp\UninstallerGer.dll
C:\Users\privat\AppData\Local\Temp\WtgDriverInstallX.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 07:58

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by privat at 2015-02-12 16:18:10
Running from C:\Users\privat\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Advanced Sound Editor (HKLM-x32\...\{CC7BA35C-324E-45F8-B29D-6F4AAA527490}) (Version: 0.95.12.0 - Turtle Beach)
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Amazon Music (HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG5500 series Benutzerregistrierung (HKLM-x32\...\Canon MG5500 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
Ear Force Audio Hub (HKLM-x32\...\{A492B658-0E72-4561-B745-256CBD202E68}) (Version: 2.0.7.0 - Voyetra Turtle Beach, Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Smart Connect Technology (HKLM\...\{9A37ADB3-3D8D-4EDF-8F6D-B8A66F18087B}) (Version: 5.0.10.2793 - Intel Corporation)
Mass Effect™ 3 Demo (HKLM-x32\...\{A1683CA7-4850-4A21-982B-C6D853C79AF7}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Smart View 2.0 (HKLM-x32\...\{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}) (Version: 1.0.0.0 - Samsung)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
VirtualDJ 8 (HKLM-x32\...\{A1C67963-2767-4C16-9966-A31BFB7C952F}) (Version: 8.0.2126.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-02-2015 06:56:46 Windows Update
11-02-2015 10:28:33 TuneUp Utilities 2014 wird entfernt
11-02-2015 10:28:43 TuneUp Utilities 2014 (de-DE) wird entfernt
11-02-2015 10:52:14 Windows Update
11-02-2015 21:42:46 Wiederherstellungsvorgang
11-02-2015 22:00:51 Windows Update
11-02-2015 22:50:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1DCA4A7F-A574-4E41-9C08-55A36C6867A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)
Task: {34A4FF3C-21EB-4AF3-AD65-D32F3118BD6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)
Task: {4931AC35-42DF-48D1-823C-3F21FECA96BE} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {AD00EE33-C4A8-42B0-89E1-4803B67B817E} - System32\Tasks\Amazon Music Helper => C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-11-19] ()
Task: {F8F75D7D-53A0-4747-B859-CAA2BDB87AA3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-06-23 16:30 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-30 23:23 - 2013-05-14 10:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-02-21 08:47 - 2014-02-21 08:47 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-02-21 08:47 - 2014-02-21 08:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-08-08 19:37 - 2014-08-08 19:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-07 21:03 - 2014-11-19 01:55 - 06277952 _____ () C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-06 07:13 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 07:13 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 07:13 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 07:13 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\privat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1986322406-4146394573-1493830639-500 - Administrator - Disabled)
Gast (S-1-5-21-1986322406-4146394573-1493830639-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1986322406-4146394573-1493830639-1002 - Limited - Enabled)
privat (S-1-5-21-1986322406-4146394573-1493830639-1000 - Administrator - Enabled) => C:\Users\privat

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 04:12:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 06:42:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 06:40:57 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (02/11/2015 09:46:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 09:44:56 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (02/11/2015 09:34:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 03:30:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 08:03:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/11/2015 06:44:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 06:47:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/12/2015 06:50:59 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (02/12/2015 06:50:57 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (02/11/2015 09:44:53 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Beim Laden der Signaturen wurde von %60 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

	Versuchte Signaturen: %24

	Fehlercode: 0x80070002

	Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden. 

	Signaturversion: 0.0.0.0;0.0.0.0

	Modulversion: %600

Error: (02/11/2015 03:38:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (02/11/2015 03:38:54 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (02/06/2015 11:19:09 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000a0 (0x0000000000000009, 0xffffffffc0000001, 0x0000000000000001, 0x0000000000000000)C:\Windows\MEMORY.DMP020615-5101-01

Error: (02/06/2015 11:19:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎02.‎2015 um 21:43:07 unerwartet heruntergefahren.

Error: (01/30/2015 11:25:51 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (01/21/2015 06:18:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.191.2937.0)

Error: (01/21/2015 06:18:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.191.2930.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.6.0305.00

	Quellpfad: 4.6.0305.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608


Microsoft Office Sessions:
=========================
Error: (02/12/2015 04:12:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 06:42:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 06:40:57 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (02/11/2015 09:46:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 09:44:56 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (02/11/2015 09:34:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 03:30:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 08:03:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestG:\Downloads\SoftonicDownloader112311.exe

Error: (02/11/2015 06:44:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 06:47:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3470T CPU @ 2.90GHz
Percentage of memory in use: 28%
Total physical RAM: 8132.01 MB
Available physical RAM: 5840.59 MB
Total Pagefile: 16262.2 MB
Available Pagefile: 13720.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:12.72 GB) NTFS
Drive d: (Laufwerk) (Fixed) (Total:931.51 GB) (Free:890.28 GB) NTFS
Drive e: (Laufwerk) (Fixed) (Total:596.17 GB) (Free:594.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5C04CFDE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B188D4A7)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 351D3598)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 12.02.2015, 17:33   #8
sunjojo
/// Malwareteam
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Hmm, ich sehe da nicht wirklich viel. Wie hieß denn das Programm genau, was du zuletzt runtergeladen hast (und die Probleme verursacht hat)? Tritt die Werbung in allen Browsern auf oder nur in bestimmten?


Schritt 1
Bitte deinstalliere folgende Programme:
  • Avira Savings Advisor
Gehe dafür auf:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Software
Windows Vista/7: Start -> Systemsteuerung -> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) -> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)
und wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8).

Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Wenn das Problem immernoch auftritt, starte nochmal FRST und lösche alle Haken bei Whitelist und drücke auf Scan und poste das Logfile in den Thread.


Poste folgende Logfiles in deiner nächsten Antwort:
  • mbam.txt
  • FRST.txt
__________________
Gruß,

Jonas

Alt 13.02.2015, 06:16   #9
Jassi1812
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Das letzte Programm, das ich runtergeladen hatte, war Free Audio Converter. Ich habe gestern dann eine Systemwiederherstellung gemacht, weil ich dachte, ich würde dieses Positive Finds Ads dadurch loswerden, allerdings ist dadurch nur der Converter weg gewesen.

Ich nutze als Browser ausschließlich Google Chrome, habe aber eben mal geschaut, beim Internet Explorer besteht das Problem nicht, bei Chrome weiterhin.

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 13.02.2015
Suchlauf-Zeit: 06:45:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.13.02
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: privat

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 330564
Verstrichene Zeit: 6 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 2
PUP.Optional.SoftPulse, C:\Users\privat\Downloads\Nicht bestätigt 899794.crdownload, In Quarantäne, [19dd66b7aae0f93d7e4e4bd542c06d93],
PUP.Optional.Conduit.A, C:\Users\privat\AppData\Local\Temp\conduitinstaller.exe, In Quarantäne, [b640d34a69213ef8f701f81361a4ab55],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by privat (administrator) on PRIVAT-PC on 13-02-2015 07:11:03
Running from C:\Users\privat\Downloads
Loaded Profiles: privat (Available profiles: privat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (All) =========================
(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\lsm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskeng.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\conhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\conhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnetwk.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\servicing\TrustedInstaller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\VSSVC.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Farbar) C:\Users\privat\Downloads\FRST64.exe

==================== Registry (All) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe, [30720 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2870784 2014-04-09] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2615808 2014-04-09] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\Run: [GoogleChromeAutoLaunch_DB7CD02E01A26A90D32AF93CFCC12A6B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\Run: [Amazon Music] => C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\...\MountPoints2: {53b16637-fae0-11e3-83d2-b755386a493c} - G:\XSManager.exe
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\system32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\system32\ntshrui.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
BootExecute: autocheck autochk * 
AlternateShell: cmd.exe

==================== Internet (All) ===========================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
HKU\S-1-5-21-1986322406-4146394573-1493830639-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
URLSearchHook: HKU\S-1-5-21-1986322406-4146394573-1493830639-1000 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-1986322406-4146394573-1493830639-1000 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1986322406-4146394573-1493830639-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1986322406-4146394573-1493830639-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\NLAapi.dll [70656] (Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\napinsp.dll [68096] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [86016] (Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\system32\pnrpnsp.dll [86016] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [327168] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\privat\AppData\Roaming\Mozilla\Firefox\Profiles\iqmdyu1a.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\privat\AppData\Roaming\Mozilla\Firefox\Profiles\iqmdyu1a.default\Extensions\abs@avira.com [2014-08-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07]
CHR Extension: (Google Drive) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Google-Suche) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Avira Browserschutz) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-07]
CHR Extension: (Google Wallet) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Google Mail) - C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

==================== Services (All) ========================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2014-12-03] (Adobe Systems Incorporated)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [34304 2014-07-07] (Microsoft Corporation)
S3 Appinfo; C:\Windows\System32\appinfo.dll [70656 2014-04-10] (Microsoft Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [50864 2014-04-11] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680960 2014-10-03] (Microsoft Corporation)
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680960 2014-10-03] (Microsoft Corporation)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2014-04-09] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-14] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [706560 2014-04-09] (Microsoft Corporation)
R2 BITS; C:\Windows\System32\qmgr.dll [848896 2014-04-09] (Microsoft Corporation)
R3 Browser; C:\Windows\System32\browser.dll [136704 2014-04-09] (Microsoft Corporation)
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2014-04-09] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-03-20] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [103608 2014-04-11] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2014-04-11] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [190976 2014-07-07] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [145920 2014-10-30] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2014-04-09] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [318464 2014-04-09] (Microsoft Corporation)
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [256000 2014-04-09] (Microsoft Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2014-04-09] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [253952 2014-04-09] (Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-21] (Microsoft Corporation)
S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation)
S3 EFS; C:\Windows\System32\lsass.exe [31232 2014-04-12] (Microsoft Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-21] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-14] (Microsoft Corporation)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1650176 2014-04-09] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation)
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-14] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-21] (Microsoft Corporation)
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation)
R3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation)
R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2014-04-09] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777216 2014-04-09] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-07-07] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-07-07] (Google Inc.)
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation)
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-21] (Microsoft Corporation)
R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-21] (Microsoft Corporation)
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-21] (Microsoft Corporation)
R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-21] (Microsoft Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [859280 2014-06-30] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2015-01-12] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
S3 IKEEXT; C:\Windows\System32\ikeext.dll [862208 2014-04-09] (Microsoft Corporation)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [571904 2014-04-09] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation)
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [235520 2014-04-09] (Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2014-04-09] (Microsoft Corporation)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-14] (Microsoft Corporation)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-21] (Microsoft Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-18] (Microsoft Corporation)
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-21] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-21] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-21] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation)
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139944 2014-04-12] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139944 2014-04-12] (Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation)
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-14] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139944 2014-04-12] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139944 2014-04-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2014-12-06] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [26624 2014-04-09] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 nvsvc; C:\Windows\system32\nvvsvc.exe [935056 2015-01-10] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-28] (Electronic Arts)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4925184 2010-01-09] (Microsoft Corporation)
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2014-04-09] (Microsoft Corporation)
R3 p2psvc; C:\Windows\system32\p2psvc.dll [439296 2014-04-09] (Microsoft Corporation)
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [188416 2014-07-07] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-21] (Microsoft Corporation)
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-21] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [402944 2014-04-09] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-08] ()
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-14] (Microsoft Corporation)
R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2014-04-09] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-21] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [164864 2014-04-09] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [225792 2014-12-19] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2014-04-09] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-14] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-14] (Microsoft Corporation)
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [160768 2014-04-09] (Microsoft Corporation)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2014-04-09] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [195584 2014-04-09] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2014-04-09] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2014-04-09] (Microsoft Corporation)
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-21] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2014-04-09] (Microsoft Corporation)
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-14] (Microsoft Corporation)
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [128000 2014-04-09] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [119296 2014-04-09] (Microsoft Corporation)
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [358912 2014-04-09] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [372736 2014-04-09] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [329216 2014-04-09] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2014-04-09] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [4357632 2014-04-09] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-14] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-14] (Microsoft Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [569024 2014-02-08] (Valve Corporation)
R2 Stereo Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [410768 2015-01-09] (NVIDIA Corporation)
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-21] (Microsoft Corporation)
R3 swprv; C:\Windows\System32\swprv.dll [524800 2014-04-09] (Microsoft Corporation)
S3 SysMain; C:\Windows\system32\sysmain.dll [1742848 2014-04-09] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-21] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316416 2014-04-09] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2014-04-09] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [686592 2014-10-14] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation)
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation)
R3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-21] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation)
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation)
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-14] (Microsoft Corporation)
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2014-04-09] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [534016 2014-04-09] (Microsoft Corporation)
R3 VSS; C:\Windows\system32\vssvc.exe [1601536 2014-04-09] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2014-04-09] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1506304 2014-04-09] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [201216 2014-04-09] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-21] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-21] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-14] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-09] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-09] (Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-09] (Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-09] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [265216 2014-12-19] (Microsoft Corporation)
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [210432 2014-12-19] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-14] (Microsoft Corporation)
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-09] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-21] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-21] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2024448 2014-10-03] (Microsoft Corporation)
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1179648 2014-10-03] (Microsoft Corporation)
S3 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-14] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-14] (Microsoft Corporation)
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-21] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [121856 2014-04-09] (Microsoft Corporation)
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-14] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2014-04-09] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2014-04-09] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2477536 2014-05-14] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2014-04-09] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-04-09] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (All) ==========================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2014-04-09] (Microsoft Corporation)
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334704 2014-04-09] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-21] (Microsoft Corporation)
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [491088 2009-07-14] (Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [339536 2009-07-14] (Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [182864 2009-07-14] (Adaptec, Inc.)
R1 AFD; C:\Windows\system32\drivers\afd.sys [496640 2014-05-30] (Microsoft Corporation)
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-14] (Microsoft Corporation)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] (Acer Laboratories Inc.)
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-14] (Microsoft Corporation)
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-14] (Microsoft Corporation)
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-14] (Microsoft Corporation)
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2014-04-09] (Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [194128 2009-07-14] (AMD Technologies Inc.)
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2014-04-09] (Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [62464 2014-07-07] (Microsoft Corporation)
S3 arc; C:\Windows\system32\drivers\arc.sys [87632 2009-07-14] (Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [97856 2009-07-14] (Adaptec, Inc.)
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation)
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] (Microsoft Corporation)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2014-04-09] (Microsoft Corporation)
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] (Microsoft Corporation)
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2014-04-09] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] (Microsoft Corporation)
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [148992 2014-04-09] (Microsoft Corporation)
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] (Microsoft Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [367552 2014-04-09] (Microsoft Corporation)
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-14] (Microsoft Corporation)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] (CMD Technology, Inc.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2014-06-23] (QUALCOMM Incorporated) [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458832 2015-01-15] (Microsoft Corporation)
S3 Compbatt; C:\Windows\system32\drivers\compbatt.sys [21584 2009-07-14] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-21] (Microsoft Corporation)
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] (Microsoft Corporation)
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102912 2014-04-09] (Microsoft Corporation)
R1 discache; C:\Windows\System32\drivers\discache.sys [40960 2014-04-09] (Microsoft Corporation)
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] (Microsoft Corporation)
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] (Microsoft Corporation)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [985536 2014-06-16] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] (Emulex)
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] (Microsoft Corporation)
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] (Microsoft Corporation)
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] (Microsoft Corporation)
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] (Microsoft Corporation)
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] (Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [288624 2014-04-09] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] (Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2014-04-09] (Microsoft Corporation)
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2014-04-09] (Microsoft Corporation)
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] (Microsoft Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2014-04-09] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2014-04-09] (Microsoft Corporation)
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2014-04-09] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] (Microsoft Corporation)
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-21] (Microsoft Corporation)
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] (Hewlett-Packard Company)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753152 2014-04-09] (Microsoft Corporation)
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Corporation)
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] (Microsoft Corporation)
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2014-04-09] (Intel Corporation)
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] (Intel Corp./ICP vortex GmbH)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] (Microsoft Corporation)
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2014-04-09] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2014-04-09] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] (Microsoft Corporation)
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-04-09] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] (Microsoft Corporation)
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2014-04-09] (Microsoft Corporation)
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2014-04-12] (Microsoft Corporation)
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155064 2014-10-14] (Microsoft Corporation)
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation)
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] (LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] (LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] (LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] (LSI Corporation)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] (Microsoft Corporation)
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] (LSI Corporation)
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] (LSI Corporation, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [62784 2012-07-17] (Intel Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2014-04-09] (Microsoft Corporation)
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2014-04-09] (Microsoft Corporation)
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] (Microsoft Corporation)
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] (Microsoft Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [95088 2014-04-09] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 mpio; C:\Windows\system32\drivers\mpio.sys [160704 2014-04-09] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [142336 2014-12-19] (Microsoft Corporation)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158720 2014-04-09] (Microsoft Corporation)
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [289280 2014-04-09] (Microsoft Corporation)
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2014-04-09] (Microsoft Corporation)
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] (Microsoft Corporation)
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [141160 2014-04-09] (Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation)
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] (Microsoft Corporation)
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] (Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation)
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] (Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [323072 2014-04-09] (Microsoft Corporation)
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950208 2014-04-09] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation)
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] (Microsoft Corporation)
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2014-04-09] (Microsoft Corporation)
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] (Microsoft Corporation)
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2014-04-09] (Microsoft Corporation)
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [45056 2014-04-09] (Microsoft Corporation)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] (Microsoft Corporation)
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] (IBM Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] (Microsoft Corporation)
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2014-04-09] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684416 2014-04-09] (Microsoft Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [195728 2015-01-13] (NVIDIA Corporation)
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [10274448 2015-01-10] (NVIDIA Corporation)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2014-04-09] (NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2014-04-09] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] (Microsoft Corporation)
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] (Microsoft Corporation)
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-14] (Microsoft Corporation)
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2014-04-09] (Microsoft Corporation)
R0 pci; C:\Windows\System32\drivers\pci.sys [184688 2014-04-09] (Microsoft Corporation)
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] (Microsoft Corporation)
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] (Microsoft Corporation)
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2014-07-07] (Microsoft Corporation)
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2014-04-09] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] (Microsoft Corporation)
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] (Microsoft Corporation)
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] (QLogic Corporation)
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] (QLogic Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation)
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] (Microsoft Corporation)
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] (Microsoft Corporation)
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2014-04-09] (Microsoft Corporation)
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] (Microsoft Corporation)
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [316416 2014-04-09] (Microsoft Corporation)
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] (Microsoft Corporation)
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation)
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] (Microsoft Corporation)
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2014-04-10] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212992 2014-07-16] (Microsoft Corporation)
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213848 2014-04-09] (Microsoft Corporation)
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation)
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [535656 2011-06-01] (Realtek                                            )
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2014-04-09] (Microsoft Corporation)
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2014-04-09] (Microsoft Corporation)
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] (Microsoft Corporation)
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14848 2014-04-09] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2014-04-09] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2014-04-09] (Microsoft Corporation)
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] (Microsoft Corporation)
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] (Silicon Integrated Systems)
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation)
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2014-04-09] (Microsoft Corporation)
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [406016 2014-04-09] (Microsoft Corporation)
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [167936 2014-04-09] (Microsoft Corporation)
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] (Promise Technology)
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] (Microsoft Corporation)
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1897408 2014-04-05] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1897408 2014-04-05] (Microsoft Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2014-04-09] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2014-04-09] (Microsoft Corporation)
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [118272 2014-11-11] (Microsoft Corporation)
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] (Microsoft Corporation)
S3 terminpt; C:\Windows\system32\drivers\terminpt.sys [29696 2014-04-10] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-16] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2014-04-10] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [29696 2014-04-10] (Microsoft Corporation)
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2014-04-09] (Microsoft Corporation)
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2014-04-09] (Microsoft Corporation)
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] (Microsoft Corporation)
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] (Microsoft Corporation)
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] (Microsoft Corporation)
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2014-04-09] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2014-04-09] (Microsoft Corporation)
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [56320 2014-04-09] (Microsoft Corporation)
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2014-04-09] (Microsoft Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2014-04-09] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] (Microsoft Corporation)
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2014-04-09] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2014-04-09] (Microsoft Corporation)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2014-04-09] (Microsoft Corporation)
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] (Microsoft Corporation)
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] (Microsoft Corporation)
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215408 2014-04-09] (Microsoft Corporation)
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] (VIA Technologies, Inc.)
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [68976 2014-04-09] (Microsoft Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363904 2014-04-09] (Microsoft Corporation)
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296896 2014-04-09] (Microsoft Corporation)
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] (VIA Technologies Inc.,Ltd)
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-14] (Microsoft Corporation)
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2014-04-09] (Microsoft Corporation)
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2014-04-09] (Microsoft Corporation)
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] (Microsoft Corporation)
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2014-04-09] (Microsoft Corporation)
R0 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [19824 2014-04-09] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-14] (Microsoft Corporation)
U3 Winsock; No ImagePath
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] (Microsoft Corporation)
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] (Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2014-04-09] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2014-04-09] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 07:08 - 2015-02-13 07:08 - 00001439 _____ () C:\Users\privat\Desktop\mbam.txt
2015-02-13 06:59 - 2015-02-13 06:59 - 00000000 __SHD () C:\Users\privat\AppData\Local\EmieBrowserModeList
2015-02-12 22:20 - 2015-02-13 07:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 22:20 - 2015-02-12 22:20 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-12 22:20 - 2015-02-12 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-12 22:19 - 2015-02-12 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-12 22:19 - 2015-02-12 22:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\privat\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-12 22:19 - 2015-02-12 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 22:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-12 22:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-12 22:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-12 16:32 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 16:32 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 16:32 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 16:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 16:17 - 2015-02-12 16:17 - 02134016 _____ (Farbar) C:\Users\privat\Downloads\FRST64 (2).exe
2015-02-11 22:28 - 2015-02-11 22:28 - 02134016 _____ (Farbar) C:\Users\privat\Downloads\FRST64 (1).exe
2015-02-11 22:01 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 22:01 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 22:01 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 22:01 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 22:01 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 22:01 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 22:01 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 22:01 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 22:01 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 22:01 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 22:01 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 22:01 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 22:01 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 22:01 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 22:01 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 22:01 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 22:01 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 22:01 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 22:01 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 22:01 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 22:01 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 22:01 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 22:01 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 22:01 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 22:01 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 22:01 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 22:01 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 22:01 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 22:01 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 22:01 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 22:01 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 22:01 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 22:01 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 22:01 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 22:01 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 22:01 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 22:01 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 22:01 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 22:01 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 22:01 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 22:01 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 22:01 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 22:01 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 22:01 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 22:01 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 22:01 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 22:01 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 22:01 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 22:01 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 22:01 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 22:01 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 22:01 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 22:01 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 22:01 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 22:01 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 22:01 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 21:56 - 2015-02-13 07:11 - 00072167 _____ () C:\Users\privat\Downloads\FRST.txt
2015-02-11 21:56 - 2015-02-13 07:11 - 00000000 ____D () C:\FRST
2015-02-11 21:56 - 2015-02-12 16:18 - 00025898 _____ () C:\Users\privat\Downloads\Addition.txt
2015-02-11 21:56 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 21:56 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 21:56 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 21:56 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 21:56 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 21:56 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 21:56 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 21:56 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 21:55 - 2015-02-11 21:55 - 02134016 _____ (Farbar) C:\Users\privat\Downloads\FRST64.exe
2015-02-11 21:54 - 2015-01-15 09:25 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 21:54 - 2015-01-15 09:25 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 21:54 - 2015-01-15 09:25 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 21:54 - 2015-01-15 09:25 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 21:54 - 2015-01-15 09:09 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 21:54 - 2015-01-15 09:09 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 21:54 - 2015-01-15 09:09 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 21:54 - 2015-01-15 09:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 21:54 - 2015-01-15 09:05 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 21:54 - 2015-01-15 05:22 - 00458832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 21:54 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 21:54 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 21:54 - 2014-12-12 07:02 - 01480704 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 21:54 - 2014-12-12 06:38 - 01175040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 21:54 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 21:54 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 21:54 - 2014-10-30 03:14 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 21:50 - 2014-12-08 04:28 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 21:50 - 2014-12-08 04:03 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 21:49 - 2015-01-14 07:34 - 05553080 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 21:49 - 2015-01-14 07:25 - 03977656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 21:49 - 2015-01-14 07:25 - 03921848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 21:49 - 2015-01-09 03:05 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 10:23 - 2015-02-11 10:23 - 00000000 ____D () C:\Users\privat\AppData\Roaming\TuneUp Software
2015-02-11 10:23 - 2015-02-11 10:23 - 00000000 ____D () C:\Users\privat\AppData\Local\TuneUp Software
2015-02-11 10:23 - 2015-02-11 10:23 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-11 10:21 - 2015-02-11 21:43 - 00000000 ____D () C:\Users\privat\AppData\Roaming\DVDVideoSoft
2015-02-09 17:00 - 2015-02-09 17:00 - 00005427 _____ () C:\Users\privat\Documents\Sky Kündigung.odt
2015-02-09 16:56 - 2015-02-09 16:56 - 00010239 _____ () C:\Users\privat\Downloads\SKY Kündigung.odt
2015-02-06 23:19 - 2015-02-06 23:19 - 00315552 _____ () C:\Windows\Minidump\020615-5101-01.dmp
2015-01-30 23:35 - 2015-01-30 23:46 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-01-30 23:25 - 2015-01-30 23:35 - 00000000 ____D () C:\Users\privat\AppData\Roaming\Canon
2015-01-30 23:25 - 2015-01-30 23:25 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2015-01-30 23:22 - 2015-01-30 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Benutzerregistrierung
2015-01-30 23:22 - 2015-01-30 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series
2015-01-30 23:22 - 2013-04-04 05:00 - 00394240 _____ (CANON INC.) C:\Windows\system32\CNMXLMBU.DLL
2015-01-30 23:22 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BUL.dll
2015-01-30 23:22 - 2012-11-26 12:24 - 00095744 _____ () C:\Windows\SysWOW64\CNC1771D.TBL
2015-01-30 23:22 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-01-30 23:21 - 2015-01-30 23:21 - 00002025 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-01-30 23:21 - 2015-01-30 23:21 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-01-30 23:18 - 2015-01-30 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-01-30 23:18 - 2015-01-30 23:21 - 00000000 ____D () C:\Program Files\Canon
2015-01-30 23:18 - 2015-01-30 23:18 - 00002360 _____ () C:\Users\Public\Desktop\Canon MG5500 series On-Screen-Handbuch.lnk
2015-01-30 23:18 - 2015-01-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Manual
2015-01-30 23:17 - 2015-01-30 23:17 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-30 23:17 - 2015-01-30 23:17 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-01-30 23:17 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBU.DLL
2015-01-30 23:17 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\Windows\system32\CNC_BUL.dll
2015-01-30 23:17 - 2012-11-26 12:24 - 00095744 _____ () C:\Windows\system32\CNC1771D.TBL
2015-01-30 23:17 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BUC.dll
2015-01-30 23:17 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BUI.dll
2015-01-30 23:17 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-01-30 23:16 - 2015-02-11 09:21 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-30 23:12 - 2015-01-30 23:12 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2015-01-30 23:11 - 2015-01-30 23:22 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-01-28 07:29 - 2015-01-28 07:30 - 00000000 ____D () C:\Users\privat\Documents\VirtualDJ
2015-01-28 07:29 - 2015-01-28 07:29 - 00001030 _____ () C:\Users\privat\Desktop\VirtualDJ 8.lnk
2015-01-28 07:29 - 2015-01-28 07:29 - 00000000 ____D () C:\Users\privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2015-01-28 07:29 - 2015-01-28 07:29 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2015-01-28 07:28 - 2015-01-28 07:28 - 38526976 _____ () C:\Users\privat\Downloads\install_virtualdj_pc_v8.0.2126.msi
2015-01-25 13:45 - 2015-01-25 13:45 - 00001162 _____ () C:\Users\Public\Desktop\Theme Hospital.lnk
2015-01-25 13:45 - 2015-01-25 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theme Hospital
2015-01-23 00:07 - 2015-01-09 23:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 00:06 - 2015-01-13 05:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-23 00:06 - 2015-01-13 05:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 00:06 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 00:06 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-22 23:55 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-22 23:55 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-19 16:12 - 2015-01-19 16:12 - 00291504 _____ () C:\Windows\Minidump\011915-5382-01.dmp
2015-01-14 11:34 - 2014-12-19 04:30 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-01-14 11:34 - 2014-12-19 04:30 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:34 - 2014-12-19 04:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-01-14 11:34 - 2014-12-19 04:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll
2015-01-14 11:34 - 2014-12-19 04:03 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-01-14 11:34 - 2014-12-19 04:03 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-01-14 11:34 - 2014-12-19 02:53 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:34 - 2014-12-12 07:07 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-01-14 11:34 - 2014-12-12 07:05 - 00617384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-01-14 11:34 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:34 - 2014-12-06 05:31 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:34 - 2014-12-06 05:31 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 11:34 - 2014-12-06 05:18 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:34 - 2014-12-06 05:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 11:34 - 2014-10-29 03:16 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 07:08 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 07:08 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 06:59 - 2011-04-12 08:43 - 00702738 _____ () C:\Windows\system32\perfh007.dat
2015-02-13 06:59 - 2011-04-12 08:43 - 00150378 _____ () C:\Windows\system32\perfc007.dat
2015-02-13 06:59 - 2009-07-14 06:13 - 01628524 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 06:53 - 2014-07-07 16:40 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 06:53 - 2014-06-23 16:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-13 06:53 - 2014-06-23 15:44 - 01113573 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 06:53 - 2010-11-21 04:47 - 00276678 _____ () C:\Windows\PFRO.log
2015-02-13 06:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 06:53 - 2009-07-14 05:51 - 00282929 _____ () C:\Windows\setupact.log
2015-02-13 03:12 - 2014-07-07 16:40 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 22:18 - 2014-07-07 16:51 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-12 07:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 06:40 - 2014-12-11 06:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 06:40 - 2014-06-23 16:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 06:40 - 2009-07-14 05:45 - 00410320 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 22:55 - 2014-08-07 09:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 22:54 - 2014-06-23 16:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 22:54 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 22:53 - 2014-06-23 17:10 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 22:53 - 2014-06-23 17:10 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-11 22:53 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 22:53 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 22:52 - 2014-06-23 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 22:51 - 2014-06-23 16:38 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 21:44 - 2014-06-23 15:46 - 00000000 ____D () C:\Users\privat
2015-02-11 21:44 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-02-11 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-11 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 15:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-09 14:22 - 2014-07-07 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-08 12:22 - 2014-07-07 16:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-07 23:14 - 2014-07-10 16:42 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 23:19 - 2014-07-16 20:03 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 07:13 - 2014-07-07 16:40 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 18:07 - 2014-07-07 16:40 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 18:07 - 2014-07-07 16:40 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-30 14:11 - 2014-12-13 14:02 - 00000000 ____D () C:\Users\privat\AppData\Roaming\vlc
2015-01-25 13:45 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 00:07 - 2014-06-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-16 07:41 - 2014-07-30 06:03 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 07:41 - 2014-07-30 06:03 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 07:41 - 2014-06-23 16:31 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 07:41 - 2014-06-23 16:31 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-15 00:27 - 2014-06-23 16:28 - 01601868 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2014-07-19 20:38 - 2014-07-19 20:38 - 0000000 _____ () C:\Users\privat\AppData\Roaming\ASEUserMetrics.osl

Some content of TEMP:
====================
C:\Users\privat\AppData\Local\Temp\avgnt.exe
C:\Users\privat\AppData\Local\Temp\Driver_Genius_11_Professional_DE.EXE
C:\Users\privat\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\privat\AppData\Local\Temp\mfc80.dll
C:\Users\privat\AppData\Local\Temp\mfc80u.dll
C:\Users\privat\AppData\Local\Temp\mfcm80.dll
C:\Users\privat\AppData\Local\Temp\mfcm80u.dll
C:\Users\privat\AppData\Local\Temp\MSETUP4.EXE
C:\Users\privat\AppData\Local\Temp\msvcm80.dll
C:\Users\privat\AppData\Local\Temp\msvcp80.dll
C:\Users\privat\AppData\Local\Temp\msvcr80.dll
C:\Users\privat\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\privat\AppData\Local\Temp\nvStInst.exe
C:\Users\privat\AppData\Local\Temp\sonarinst.exe
C:\Users\privat\AppData\Local\Temp\uninstall.exe
C:\Users\privat\AppData\Local\Temp\Uninstaller.exe
C:\Users\privat\AppData\Local\Temp\UninstallerGer.dll
C:\Users\privat\AppData\Local\Temp\WtgDriverInstallX.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 03:00

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 13.02.2015, 17:38   #10
sunjojo
/// Malwareteam
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Hmm, alles klar, dann machen wir mal so weiter:


Schritt 1
Öffne Google Chrome.
  • Klicke auf das Chrome-Menü (rechts im Browser).
  • Wähle nun "Einstellungen" in dem Menü aus.
  • Scrolle nach unten und klicke "Erweiterte Einstellungen anzeigen" an.
  • Nun werden dir weitere Optionen angezeigt. Wähle aus (letzter Punkt der Einstellungsmöglichkeiten).
  • Ein Fenster wird geöffnet, in welchem du "Zurücksetzen" auswählst.
  • Jetzt werden deine aktuellen Browsereinstellungen zurückgesetzt (Startseite, Suchseite, ...), Erweiterungen und Designs deaktiviert.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Besteht das Problem im Google Chrome weiterhin?


Poste folgende Logfiles in deiner nächsten Antwort:
  • log.txt
__________________
Gruß,

Jonas

Alt 13.02.2015, 22:20   #11
Jassi1812
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ba17fcc6fb03224d9cf95fbaeeab2149
# engine=22464
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-13 10:12:18
# local_time=2015-02-13 11:12:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 43903 20230393 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 177554 46849532 0 0
# scanned=255532
# found=21
# cleaned=0
# scan_time=8348
sh=44F60AFE167D05C8430EFE72CFC942063D907399 ft=1 fh=63026b1a5122f89b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\privat\AppData\Local\Temp\DMR\dmr_72.exe"
sh=C6664455FBC757721A2723052FFB5307482B14BB ft=1 fh=f7c91a8c8dd130d5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\privat\Downloads\VLC media player 32 Bit - CHIP-Installer.exe"
sh=0C48AD5FD960B6737DECE15B75EB869457AE30DB ft=1 fh=0ec49c36d9645849 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeAudioConverter234.exe"
sh=4430C604805369DB564DC691E0E15BA254E56865 ft=1 fh=5c04fd8a7b0f8de1 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeAudioConverter_5.0.15.exe"
sh=D366627B609FFF4DAD032805E204F56F84BA67D0 ft=1 fh=26716298ead2f4f9 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeAudioConverter_5.0.21.1212.exe"
sh=1F905FBB047E55C9ACD75D6D64F88EDCF1C71AEA ft=1 fh=5a5e42141b27077f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeStudio (1).exe"
sh=03B90E25CCAABBA4227742B7DB2C6DBB68A99716 ft=1 fh=cc91c5a568129962 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeStudio.exe"
sh=AA190194CD322F27B81B57B66F0E48B16DDF09FC ft=1 fh=7a1e2a1eaadddca3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeYouTubeToMP3Converter.exe"
sh=C2BD463845CFF168315094CEE59883A98D38BB04 ft=1 fh=c904b112d3bd37a6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeYouTubeToMP3Converter31121(1).exe"
sh=C2BD463845CFF168315094CEE59883A98D38BB04 ft=1 fh=c904b112d3bd37a6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeYouTubeToMP3Converter31121.exe"
sh=AA190194CD322F27B81B57B66F0E48B16DDF09FC ft=1 fh=7a1e2a1eaadddca3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeYouTubeToMP3Converter_3.11.35.1031.exe"
sh=AD359F9AEB3ACC4396982EDAA7D2D8816CCDF704 ft=1 fh=0e92f613a45ecf97 vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\iLividSetupV1.exe"
sh=A5A185CA0B32709B52C725B6745B6486630CD115 ft=1 fh=a0e962c1830712bc vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="G:\Downloads\Iron_Man_3.exe"
sh=5E9C1A371D9FAB20E58EAFB60FBCBB3D2D69E172 ft=1 fh=ac11839439f17120 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\PDFssoftware (1).exe"
sh=5E9C1A371D9FAB20E58EAFB60FBCBB3D2D69E172 ft=1 fh=ac11839439f17120 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\PDFssoftware.exe"
sh=53909C3DDCCA048FC0D9AB714F97791A19237BDA ft=1 fh=adc0a5393e306b22 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\ReimageRepair.exe"
sh=FC204D22EB99DF6505E8AC916E166B3F07CE463E ft=1 fh=d9677f7f8890f1ba vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\Setup_FreeVideoConverter_3.1.0.0.exe"
sh=3EDE01ED7F516BA5A9FD0DE5A7D413B6E099E222 ft=1 fh=e9f8be5b37c94986 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\SoftonicDownloader112311.exe"
sh=33263A2F18BF02AFB401F41B216219E041BC34B3 ft=1 fh=89521b7c9e1f745d vn="Variante von Win32/SmartTweak.A evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\UpdateMyDrivers.exe"
sh=38E74BE3AA8DF2084A0195EDD112554EE2AB565A ft=1 fh=287de5366329752c vn="Variante von Win32/Adware.MediaFinder.F Anwendung" ac=I fn="G:\Downloads\your_file_download.exe"
sh=2806269A086AA204797E79A92D8291280C3F4233 ft=1 fh=9cf9320245c94106 vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\zipper_V.5959406.exe"

Also in Google Chrome besteht das Problem weiterhin. Habe heute Firefox runtergeladen, da gibt es keine Probleme, ebenso keine beim Internet Explorer.

Alt 14.02.2015, 10:52   #12
sunjojo
/// Malwareteam
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Ok, in deinen Logfiles sehe ich keine schädlichen Einträge mehr. Wir versuchen mal folgendes:


Schritt 1
Deinstalliere bitte Chrome komplett und lade dir Chrome neu herunter und berichte mir, ob die Probleme weiterhin auftreten.

Schritt 2
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.


Poste folgende Logfiles in deiner nächsten Antwort:
  • OTL Logfiles
__________________
Gruß,

Jonas

Alt 14.02.2015, 13:17   #13
Jassi1812
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Chrome lässt sich nicht deinstallieren. Wenn ich auf deinstallieren klicke, erscheint ein Fenster, in dem steht, dass ich alle Chromefenster schließen und es erneut versuchen soll.

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.02.2015 14:10:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\privat\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,94 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 75,89% Memory free
15,88 Gb Paging File | 13,62 Gb Available in Paging File | 85,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 12,99 Gb Free Space | 11,63% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 890,28 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 594,27 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-PC | User Name: privat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01504728-799A-4168-9E7F-F4E9C9E11CC7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{02778CF2-3D53-4A48-A5A0-34C888114F70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0DC06678-5953-4385-99F8-52A0500E15E6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{166E0605-7B9D-4CAE-B172-C08AEC5A1AA8}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{1DF2385C-7DE3-4B92-9BFB-2B74BC45ACFB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1F89F25D-B7A5-497F-84B3-5EFCFC33E714}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2A7CEC47-E08C-4F0E-8695-10488DEB205C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{30002BE5-2F2A-4D52-B255-F9982BB3A286}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{32D7107C-ACCF-429E-851B-8FA3949E1E0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3EA3BBF9-1DBD-40D1-BB72-801299444ED2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40047FB3-994C-4E1B-BF9F-F8B5C189A891}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{496DCB15-5CFC-4B5F-8440-117B8787288D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6AC53F30-E6CA-40FD-8C08-7EF84F10C44B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{721E540A-AD94-47F0-87F5-3438602BAC08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75745A70-0B93-41CF-9EE5-68AF09973E0E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{7F129F0D-F4BF-45E4-ADD2-A4865D367A43}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B78A56C-8DE6-466E-BDAD-FD8F8B3683EA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9E3F9E11-21FA-45D4-8D3D-20BDCD56D07E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9E691B4B-BBEA-4003-9A5E-28BC3245967F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9F1EDF97-A4E7-4CF0-A15F-A95880646A0A}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{9F4152F7-81BC-4934-BE48-04AAD08E5D53}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A2D82757-44E6-420B-A94B-8C13250C81BC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AABDA01E-8D25-471B-B6D2-E27ACAF46D02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AFA6FDB4-DC7A-4DD5-B84A-A0CE9DB32644}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{B0893072-9D4B-4E70-928F-601357A5A182}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B22E6A6A-F741-40A9-A15F-423EA2EE46B8}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{BC8AB292-7CDB-4E6C-9E2C-51C2BAECF363}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C7E72587-D6A5-4249-9DDF-D09929F5FBFE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CEB9C56F-6976-4F7D-A8A2-68BBE120C235}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{DC1BC563-3C42-47AA-AA9E-A5D0884B5A0B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F0C9E708-323C-4B54-97F3-D9FBB8B0B367}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FE6FD698-493A-4729-A997-4B4C8715E0A3}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A16665-1824-4C17-B9B5-D1E2CAB6F662}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0ADC943F-ACCC-415B-8D79-CE21DFC03C8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E117EED-F1FC-45A4-BFA9-B936714754EF}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxddcoms.exe | 
"{113908DB-76A6-4BF8-B6AD-2E3C09CB2933}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{16F3D30C-EC01-47B7-86AF-86D47227DC19}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\peggle deluxe\peggle.exe | 
"{192020A4-1F1D-4E1D-9844-F8B862ABD54A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe | 
"{19D466A0-E24C-450E-A418-E0FA60944A87}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\the sims 4\game\bin\ts4.exe | 
"{1F53205E-E72E-4448-8DCB-62A332EADE99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{20D3B887-F66F-4D67-A305-BCEA05ED2DE0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{20F4876F-DC22-4D2B-86FD-82EFA4D49E75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{29F00810-EE27-43B0-89F3-297DE14DEAA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2AF02968-A998-4787-9F6A-A8A8DC13B3F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3063FF14-63C2-4CDE-B176-800DF0D3A997}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{375D2033-4068-4AFE-87DF-F2AB8ABE8435}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{37E42D4E-2669-4430-8068-922BAADD1375}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3C8C2337-A6C0-480D-81D0-CA9338C131D0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\launcher.exe | 
"{3DD24518-5260-45AD-A354-026513DE7C7B}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\bejeweled 3\bejeweled3.exe | 
"{422A15F4-3E3C-46A9-94E0-69D6BB8A79F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4281D679-D5D5-4E33-A4A3-52E049B46EF1}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\theme hospital\data\game\dosbox\launcher.exe | 
"{44A088D7-E5B2-4AC1-9B98-E7AB9D80CBA0}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{45170C1C-214F-403F-AC94-E20237C8AA12}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{46FBB066-3D2A-45A2-B63E-0AC295FBF1D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{49E323BD-C797-45B4-9CE2-3CE65E429645}" = protocol=6 | dir=in | app=d:\program files (x86)\smartview2\smart view 2.0.exe | 
"{4A0A943D-E3F3-4097-AE64-45B68A9D5433}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{4E242E3B-6A63-4AFB-906C-4AF0EF81B68D}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\the sims 2 ultimate collection\fun with pets\sp9\tsbin\sims2ep9.exe | 
"{4FFBE236-A320-421B-BFE0-9E1F83FA4C40}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{51E73379-E827-4824-BFFC-6DD866FDF1DC}" = protocol=17 | dir=in | app=d:\program files (x86)\smartview2\smart view 2.0.exe | 
"{5246512E-5760-4275-8A8C-B5B63BE63271}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5F07B111-2F40-4BD7-AF02-4057D36AB528}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddmon.exe | 
"{60C93418-5937-49FC-AF44-13C1DF8A9A20}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{677B2C3F-D87A-480F-9EAB-7A25299CE97E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{688CB72E-08A8-4D83-9EFE-5FE4C46A5002}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{695AAA12-0B34-4980-B32A-42EC82C4D5FA}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\peggle deluxe\peggle.exe | 
"{72458955-6BA3-4410-83E8-B821E1C61C2D}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{731A7469-2106-4951-9F0C-2523701C97B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7ABEE322-2220-4DE1-AFB8-C30B918E78C7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{87A417B3-7551-4902-BB28-BF809CE4A754}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe | 
"{8A92E0AC-17BD-450E-92A4-CD1870AC15BA}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe | 
"{8C130612-B3D8-4C5A-B0DE-7FA4A7B724BF}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\theme hospital\data\game\dosbox\launcher.exe | 
"{8DBB7A8F-762E-4ECB-97C0-A9A8AC273645}" = protocol=17 | dir=in | app=d:\program files (x86)\smartview2\smart view 2.0.exe | 
"{95A3F7D1-8F67-405C-9626-38E00D4A2531}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{98CD373A-DD07-4372-A5C8-3B5E8B54DBEE}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\the sims 2 ultimate collection\fun with pets\sp9\tsbin\sims2ep9.exe | 
"{98D91D9A-7CBF-42BB-818E-B1B935051C05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9A658269-B42B-4BC9-99B3-995F407EB733}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe | 
"{9D95467E-6724-40CE-AD2B-0250A5E1E815}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\bejeweled 3\bejeweled3.exe | 
"{A52EE2E3-2EA7-470E-89A2-9783F91B0A23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A9956328-D070-4157-8654-9E54056EA6B2}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\the sims 4\game\bin\ts4.exe | 
"{B6099C86-277F-4C60-A6A1-FDAC50229FCE}" = protocol=6 | dir=out | app=system | 
"{BEA0F25B-C57C-449A-952A-3F5870CB6C8A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C10AADD2-3D0F-455D-A795-40D715A5A4F4}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{C5AAA1AB-45CA-449C-952A-CDBF85EEA4ED}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe | 
"{C90103EC-D5CA-4B65-946E-AB98F1B38040}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF117AB0-A8EF-4AAB-9B34-165C91195FCC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D20895F5-0C89-4569-A758-4438E31FEC51}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E006E3C8-4247-45BB-9D48-0BF1A3D53CDF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{E189ED9F-12D6-43E3-A7EA-B64F39F3475E}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe | 
"{E381CC5C-C773-405E-BD1A-E21B92CF73BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA9BD02B-A87E-4A8D-A2EA-0CE368B15015}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F173E6D7-485D-45F4-8237-6AEB115764BC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\launcher.exe | 
"{F24700A5-C9C6-48DD-A67B-4509FCD945B8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxddcoms.exe | 
"{F5D3E175-B695-4E9C-AAA8-A6AA760B1F66}" = protocol=6 | dir=in | app=d:\program files (x86)\smartview2\smart view 2.0.exe | 
"{F7969CE5-9A8B-4A59-8CFE-179C1A82B127}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddmon.exe | 
"TCP Query User{BF307CE6-F738-4FC2-957B-44954A6573F8}D:\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe | 
"UDP Query User{AB5BF837-DB36-40A4-A5C8-3D2F69A0344F}D:\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series" = Canon MG5500 series MP Drivers
"{180500C1-57BB-3AA8-8E55-DCD5ECD16537}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{996D32B6-F629-4764-894B-CB24D9C19051}" = Microsoft Security Client
"{9A37ADB3-3D8D-4EDF-8F6D-B8A66F18087B}" = Intel(R) Smart Connect Technology
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 347.25
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 347.25
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 347.25
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.2.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 17.12.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.33.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 17.12.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04450C18-F039-4B81-A621-70C3B0F523D5}" = The Sims 2: Ultimate Collection
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{462A1E00-58EA-4D63-96F4-3EFAEC9A5BCA}" = Avira
"{48EBEBBF-B9F8-4520-A3CF-89A730721917}" = Die Sims™ 4
"{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}" = Theme Hospital
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715AD72D-887A-459E-988B-D4F3E87FA24B}" = Peggle
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A1C67963-2767-4C16-9966-A31BFB7C952F}" = VirtualDJ 8
"{A492B658-0E72-4561-B745-256CBD202E68}" = Ear Force Audio Hub
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.13) - Deutsch
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{bd538030-07d4-4999-a525-7fafa2483f56}" = Avira
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CC7BA35C-324E-45F8-B29D-6F4AAA527490}" = Advanced Sound Editor
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}" = Bejeweled® 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}" = Smart View 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Canon MG5500 series Benutzerregistrierung" = Canon MG5500 series Benutzerregistrierung
"Canon MG5500 series On-screen Manual" = Canon MG5500 series On-screen Manual
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"Mozilla Firefox 35.0.1 (x86 de)" = Mozilla Firefox 35.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam" = Steam
"Steam App 272350" = Tom Clancy's Ghost Recon Phantoms - EU
"VLC media player" = VLC media player
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Amazon Music" = Amazon Music
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.12.2014 07:54:33 | Computer Name = privat-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.01.2015 19:12:05 | Computer Name = privat-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.01.2015 14:38:16 | Computer Name = privat-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.01.2015 08:17:00 | Computer Name = privat-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.01.2015 08:05:25 | Computer Name = privat-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.01.2015 09:58:01 | Computer Name = privat-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.01.2015 01:50:06 | Computer Name = privat-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.01.2015 01:34:44 | Computer Name = privat-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2015 01:19:53 | Computer Name = privat-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2015 08:15:31 | Computer Name = privat-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.10.2014 16:44:14 | Computer Name = privat-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?10.?2014 um 20:01:16 unerwartet heruntergefahren.
 
Error - 12.10.2014 16:44:15 | Computer Name = privat-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 13.10.2014 07:13:13 | Computer Name = privat-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 14.10.2014 06:02:42 | Computer Name = privat-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 15.10.2014 07:51:36 | Computer Name = privat-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
 (KB2952664)
 
Error - 23.10.2014 13:29:22 | Computer Name = privat-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 03.11.2014 18:18:45 | Computer Name = privat-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?11.?2014 um 12:26:54 unerwartet heruntergefahren.
 
Error - 03.11.2014 18:18:46 | Computer Name = privat-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 10.11.2014 04:41:49 | Computer Name = privat-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 11.11.2014 06:45:21 | Computer Name = privat-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.02.2015 14:10:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\privat\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,94 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 75,89% Memory free
15,88 Gb Paging File | 13,62 Gb Available in Paging File | 85,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 12,99 Gb Free Space | 11,63% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 890,28 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 594,27 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-PC | User Name: privat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\privat\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\93a0883923e78cc3e80b7ac4a9768c60\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\f9d8efe5e01d08740774a12f20a3e640\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8092ad8ffb37d779da3984d6e11e7516\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\9e42fe7c83345249b5dde1693d1bf8b5\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\825c2900a23128a2fd3de768abc9b023\PresentationFramework-SystemData.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\92edcd808511b7f4b642f922f8ebc31c\PresentationFramework-SystemXmlLinq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\201032e5afa8609da580589102a67857\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\9bcbefb742496c55841dfcb21be24c6e\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1196cc375887ce75f134047505fe19bf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\19e39fd21583dacdbf083aef2e0ae4a3\System.Data.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\20aaf6bbc4e93d10d6a2ce3c0193b859\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d8223c30928e02bc7ed5b8b81effa7b5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd2f9ea99ac0f984b9dc430824638c9f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\14cc73701aac461eb89d6473a88fcd56\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\736256bbeb4557664ef1d22ce2b8cd47\System.ComponentModel.Composition.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\9f1f464b854d655c74c8cd4ee5b731bd\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\5e3e26e6c81809aab854ea76a884fde2\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\eb3ba0fe2449d7ca96b51f71b2061cf6\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5a977e1f055b4f8f41da5d9142a1913c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\61c8a838d217ea8b4f68bbf38172114f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\23d1162d1943c1b1d6c4fd7c6d8512d4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\de2a832558f95db343e443c365bd3575\System.Numerics.ni.dll ()
MOD - C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Origin Client Service) -- D:\Program Files (x86)\Origin\OriginClientService.exe (Electronic Arts)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Avira.OE.ServiceHost) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (GfExperienceService) -- C:\Programme\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation)
SRV - (NvStreamSvc) -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ISCTAgent) -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (QUALCOMM Incorporated)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD.sys ()
DRV:64bit: - (INETMON) -- C:\Windows\SysNative\drivers\INETMON.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NvStreamKms) -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014.06.23 16:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\privat\AppData\Roaming\mozilla\Extensions
[2015.02.13 18:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\privat\AppData\Roaming\mozilla\Firefox\Profiles\iqmdyu1a.default\extensions
[2015.02.13 18:19:33 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\privat\AppData\Roaming\mozilla\Firefox\Profiles\iqmdyu1a.default\extensions\abs@avira.com
[2015.02.13 16:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2015.02.13 16:31:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\
CHR - Extension: No name found = C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\privat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKCU..\Run: [Amazon Music] C:\Users\privat\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_DB7CD02E01A26A90D32AF93CFCC12A6B] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D65F8BD-3D77-4427-9A81-1570172126BB}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53b16637-fae0-11e3-83d2-b755386a493c}\Shell - "" = AutoRun
O33 - MountPoints2\{53b16637-fae0-11e3-83d2-b755386a493c}\Shell\AutoRun\command - "" = G:\XSManager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.02.13 16:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015.02.13 06:59:23 | 000,000,000 | -HSD | C] -- C:\Users\privat\AppData\Local\EmieBrowserModeList
[2015.02.12 22:20:10 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.02.12 22:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2015.02.12 22:19:55 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015.02.12 22:19:55 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015.02.12 22:19:55 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015.02.12 22:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2015.02.12 22:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.02.12 22:18:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015.02.12 16:32:20 | 006,041,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015.02.12 16:32:20 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015.02.12 16:32:20 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015.02.11 22:01:47 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perftrack.dll
[2015.02.11 22:01:47 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powertracker.dll
[2015.02.11 22:01:46 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015.02.11 22:01:46 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015.02.11 22:01:46 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015.02.11 22:01:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015.02.11 22:01:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015.02.11 22:01:46 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015.02.11 22:01:46 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015.02.11 22:01:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015.02.11 22:01:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015.02.11 22:01:45 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015.02.11 22:01:44 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015.02.11 22:01:44 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015.02.11 22:01:44 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015.02.11 22:01:44 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015.02.11 22:01:44 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015.02.11 22:01:44 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015.02.11 22:01:44 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015.02.11 22:01:44 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015.02.11 22:01:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015.02.11 22:01:43 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015.02.11 22:01:43 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015.02.11 22:01:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015.02.11 22:01:42 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015.02.11 22:01:42 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015.02.11 22:01:42 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015.02.11 22:01:42 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015.02.11 22:01:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015.02.11 22:01:41 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015.02.11 22:01:41 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015.02.11 22:01:41 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015.02.11 22:01:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015.02.11 22:01:40 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015.02.11 21:56:10 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2015.02.11 21:56:10 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015.02.11 21:56:10 | 000,894,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015.02.11 21:56:10 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015.02.11 21:56:10 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015.02.11 21:56:10 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015.02.11 21:56:10 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015.02.11 21:56:10 | 000,000,000 | ---D | C] -- C:\FRST
[2015.02.11 21:56:09 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015.02.11 21:54:42 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015.02.11 21:54:41 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015.02.11 21:54:41 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015.02.11 21:54:40 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2015.02.11 21:54:40 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2015.02.11 21:54:37 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2015.02.11 21:54:35 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2015.02.11 21:50:40 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015.02.11 21:50:40 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015.02.11 21:49:35 | 005,553,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015.02.11 21:49:34 | 003,977,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015.02.11 21:49:34 | 003,921,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015.02.11 10:23:23 | 000,000,000 | ---D | C] -- C:\Users\privat\AppData\Roaming\TuneUp Software
[2015.02.11 10:23:23 | 000,000,000 | ---D | C] -- C:\Users\privat\AppData\Local\TuneUp Software
[2015.02.11 10:23:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015.02.11 10:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2015.02.11 10:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2015.02.11 10:21:30 | 000,000,000 | ---D | C] -- C:\Users\privat\AppData\Roaming\DVDVideoSoft
[2015.01.30 23:35:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2015.01.30 23:25:44 | 000,000,000 | ---D | C] -- C:\Users\privat\AppData\Roaming\Canon
[2015.01.30 23:25:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJQuickMenu
[2015.01.30 23:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series
[2015.01.30 23:22:31 | 000,394,240 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMXLMBU.DLL
[2015.01.30 23:22:14 | 000,321,536 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_BUL.dll
[2015.01.30 23:22:14 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2015.01.30 23:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Benutzerregistrierung
[2015.01.30 23:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2015.01.30 23:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2015.01.30 23:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2015.01.30 23:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Manual
[2015.01.30 23:17:46 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2015.01.30 23:17:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2015.01.30 23:17:21 | 000,391,168 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMBU.DLL
[2015.01.30 23:17:04 | 000,367,104 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_BUL.dll
[2015.01.30 23:17:04 | 000,282,624 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_BUC.dll
[2015.01.30 23:17:04 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_BUI.dll
[2015.01.30 23:17:04 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll
[2015.01.30 23:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2015.01.30 23:12:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJETV
[2015.01.30 23:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2015.01.28 07:29:17 | 000,000,000 | ---D | C] -- C:\Users\privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2015.01.28 07:29:15 | 000,000,000 | ---D | C] -- C:\Users\privat\Documents\VirtualDJ
[2015.01.28 07:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2015.01.25 13:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theme Hospital
[2015.01.23 00:07:20 | 000,621,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2015.01.23 00:06:10 | 032,102,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2015.01.23 00:06:10 | 025,459,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2015.01.23 00:06:10 | 024,765,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2015.01.23 00:06:10 | 020,465,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2015.01.23 00:06:10 | 017,250,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2015.01.23 00:06:10 | 013,295,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2015.01.23 00:06:10 | 013,210,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2015.01.23 00:06:10 | 010,774,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2015.01.23 00:06:10 | 010,714,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2015.01.23 00:06:10 | 003,607,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2015.01.23 00:06:10 | 003,245,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2015.01.23 00:06:10 | 001,895,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434725.dll
[2015.01.23 00:06:10 | 001,556,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434725.dll
[2015.01.23 00:06:10 | 000,994,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2015.01.23 00:06:10 | 000,969,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2015.01.23 00:06:10 | 000,942,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2015.01.23 00:06:10 | 000,929,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2015.01.23 00:06:10 | 000,906,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2015.01.23 00:06:10 | 000,877,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2015.01.23 00:06:10 | 000,496,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2015.01.23 00:06:10 | 000,399,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2015.01.23 00:06:10 | 000,390,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2015.01.23 00:06:10 | 000,353,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2015.01.23 00:06:10 | 000,345,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2015.01.23 00:06:10 | 000,305,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2015.01.23 00:06:10 | 000,195,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2015.01.23 00:06:10 | 000,177,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2015.01.23 00:06:10 | 000,164,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2015.01.23 00:06:10 | 000,030,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2015.01.22 23:55:52 | 000,038,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2015.01.22 23:55:52 | 000,032,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
 
========== Files - Modified Within 30 Days ==========
 
[2015.02.14 14:12:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.02.14 14:10:07 | 000,001,424 | ---- | M] () -- C:\Users\privat\Desktop\OTL - Verknüpfung.lnk
[2015.02.14 13:42:14 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.02.14 13:42:14 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.02.14 13:41:27 | 001,628,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015.02.14 13:41:27 | 000,702,738 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2015.02.14 13:41:27 | 000,656,970 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015.02.14 13:41:27 | 000,150,378 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2015.02.14 13:41:27 | 000,122,782 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015.02.14 13:35:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.02.14 13:34:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.02.14 13:34:53 | 2100,301,823 | -HS- | M] () -- C:\hiberfil.sys
[2015.02.13 16:31:42 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015.02.13 07:03:51 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.02.12 22:20:04 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.02.12 06:40:54 | 000,410,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015.02.11 22:53:11 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015.02.09 17:00:17 | 000,005,427 | ---- | M] () -- C:\Users\privat\Documents\Sky Kündigung.odt
[2015.02.06 07:13:58 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.02.04 04:16:29 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015.02.04 04:16:20 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015.02.04 04:16:16 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015.02.04 04:16:14 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015.02.04 04:16:13 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015.02.04 04:16:13 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015.02.04 04:13:28 | 001,098,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015.01.30 23:21:11 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2015.01.30 23:18:16 | 000,002,360 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG5500 series On-Screen-Handbuch.lnk
[2015.01.28 07:29:17 | 000,001,030 | ---- | M] () -- C:\Users\privat\Desktop\VirtualDJ 8.lnk
[2015.01.28 00:36:21 | 001,239,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2015.01.25 13:45:22 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Theme Hospital.lnk
[2015.01.23 05:42:35 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015.01.23 05:41:36 | 006,041,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015.01.23 04:43:04 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015.01.16 07:41:34 | 001,316,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2015.01.16 07:41:34 | 001,278,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2015.01.16 07:41:18 | 001,756,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2015.01.16 07:41:18 | 001,514,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
 
========== Files Created - No Company Name ==========
 
[2015.02.14 14:10:07 | 000,001,424 | ---- | C] () -- C:\Users\privat\Desktop\OTL - Verknüpfung.lnk
[2015.02.13 16:31:42 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015.02.13 16:31:42 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015.02.12 22:20:04 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.02.09 17:00:11 | 000,005,427 | ---- | C] () -- C:\Users\privat\Documents\Sky Kündigung.odt
[2015.01.30 23:22:14 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\CNC1771D.TBL
[2015.01.30 23:21:11 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2015.01.30 23:18:16 | 000,002,360 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG5500 series On-Screen-Handbuch.lnk
[2015.01.30 23:17:04 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\CNC1771D.TBL
[2015.01.28 07:29:17 | 000,001,030 | ---- | C] () -- C:\Users\privat\Desktop\VirtualDJ 8.lnk
[2015.01.25 13:45:22 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Theme Hospital.lnk
[2014.08.08 19:37:41 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.08.08 19:37:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.07.19 20:38:24 | 000,000,000 | ---- | C] () -- C:\Users\privat\AppData\Roaming\ASEUserMetrics.osl
[2014.06.23 16:28:08 | 001,601,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.04.09 17:58:02 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:06:10 | 014,179,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:37:22 | 012,877,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

Alt 14.02.2015, 18:38   #14
sunjojo
/// Malwareteam
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Hi,

Zitat:
Chrome lässt sich nicht deinstallieren. Wenn ich auf deinstallieren klicke, erscheint ein Fenster, in dem steht, dass ich alle Chromefenster schließen und es erneut versuchen soll.
Probiere es nochmal. Wenn die gleiche Meldung kommt, dann öffne den Task Manager (rechte Maustaste auf die Taskleiste klicken -> Task-Manager öffnen) und wechsle in den Reiter "Prozesse" und beende Prozesse, die "chrome.exe" im Namen enthalten. Danach versuche Chrome nochmal zu deinstallieren.
__________________
Gruß,

Jonas

Alt 14.02.2015, 19:21   #15
Jassi1812
 
Ich werde Positive Finds Ads nicht los - Standard

Ich werde Positive Finds Ads nicht los



Nach Deinstallation und Neuinstallation habe ich keine unerwünschte Werbung mehr.

Vielen lieben Dank für deine Hilfe

Gruß, Jassi1812

Antwort

Themen zu Ich werde Positive Finds Ads nicht los
ads, browser, deinstalliert, doppel, doppelt, gestartet, guten, heute, interne, internetseite, internetseiten, kleine, neu, nutze, positive finds ads, problem, programm, schließe, schließen, schnelle, seite, seiten, sobald, tab, überall, öffnet



Ähnliche Themen: Ich werde Positive Finds Ads nicht los


  1. Positive finds-ad nicht zu löschen, trotz manueller Suche und AV
    Plagegeister aller Art und deren Bekämpfung - 18.06.2015 (9)
  2. Positive Finds Ads lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 30.03.2015 (5)
  3. Positive Finds lässt sich auch bei mir nicht deinstallieren
    Log-Analyse und Auswertung - 07.03.2015 (15)
  4. Positive Finds will nicht verschwinden.
    Plagegeister aller Art und deren Bekämpfung - 04.03.2015 (3)
  5. Ich bekomme "positive finds ads" nicht von meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (7)
  6. Positive Finds lassen sich mit Anti-Malware nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 01.03.2015 (13)
  7. Positive Finds ist überall! und lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 21.02.2015 (17)
  8. Windows7: PC Reparatur Alarm-popups erscheinen; bringe positive finds nicht weg; Werbeseiten gehen auf
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (23)
  9. Positive Finds ads, ABP
    Log-Analyse und Auswertung - 19.02.2015 (8)
  10. Adware "Positive Finds" lässt sich in google Chrome nicht enfernen.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (10)
  11. Positive finds lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2015 (18)
  12. Positive finds
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (52)
  13. Ich werde Positive Finds nicht los...
    Plagegeister aller Art und deren Bekämpfung - 10.02.2015 (19)
  14. ads by positive finds
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (11)
  15. Positive Finds - ich werd das nicht los
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (33)
  16. Positive Finds
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (13)
  17. Google Chrome funktioniert nicht mehr (nach "Positive finds"-Malwarebekämpfung)
    Plagegeister aller Art und deren Bekämpfung - 01.02.2015 (11)

Zum Thema Ich werde Positive Finds Ads nicht los - Guten Abend, nachdem ich mir heute einen Musik-Converter heruntergeladen habe, habe ich überall auf Internetseiten, die ich besuche, blaue, doppelt unterstrichene, anklickbare Wörter und kleine Werbekästen, durch die sich ein - Ich werde Positive Finds Ads nicht los...
Archiv
Du betrachtest: Ich werde Positive Finds Ads nicht los auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.