Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ?trackid=sp-006 bei jeder Google Suche in Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.03.2015, 13:20   #1
Worf84
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



Hallo,

jedesmal wenn ich über Chrome bei Google etwas suche wird folgendes "?trackid=sp-006" zusätzlich im Suchfeld hinter den Suchbegriff eingefügt.

Ich hoffe Ihr könnt mir weiterhelfen.

Danke im voraus.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Jörg (administrator) on SPOCK on 03-03-2015 14:14:49
Running from C:\Users\Jörg\Downloads
Loaded Profiles: Jörg (Available profiles: Jörg & Rike)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) D:\Programme\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) D:\Programme\Avast\avastui.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7158344 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Programme\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [gmsd_de_245] => [X]
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\Run: [Steam] => D:\Spiele\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\Run: [GoogleChromeAutoLaunch_CED598824E3858529A9A6F9C3FCAA655] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2015-02-18] (Google Inc.)
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\MountPoints2: {32bb4a6f-40bd-11e3-be9a-74d02b9b4d91} - "K:\LaunchU3.exe" -a
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\MountPoints2: {c5a77724-5c69-11e4-bf98-74d02b9b4d91} - "I:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\MountPoints2: {c5a778b6-5c69-11e4-bf98-74d02b9b4d91} - "J:\setup_vmc_lite.exe" /checkApplicationPresence
Startup: C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * aswBoot.exe /M:20b18051 /wow /dir:"D:\Programme\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {83c0e288-8fa0-43d3-acc7-c1e839d85abc} ->  No File
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Programme\arc\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1640622340-885431489-981301766-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\r0mvh8xn.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Programme\arc\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\r0mvh8xn.default\searchplugins\google-avast.xml
FF Extension: leethax.net extension - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\r0mvh8xn.default\Extensions\leethax@leethax.net.xpi [2013-12-20]
FF Extension: Roll Around - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\r0mvh8xn.default\Extensions\{bec0d06e-c92d-48a7-bc8b-4f7ee342b2ad}.xpi [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\Avast\WebRep\FF
FF Extension: Avast Online Security - D:\Programme\Avast\WebRep\FF [2013-09-30]
StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MD1502A26-006B-4EF0-8C00-878CE61C8726&SearchSource=55&CUI=&UM=8&UP=SPF3EC0C08-3C1E-43A6-AE5D-C6FCE9750B31&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MD1502A26-006B-4EF0-8C00-878CE61C8726&SearchSource=55&CUI=&UM=8&UP=SPF3EC0C08-3C1E-43A6-AE5D-C6FCE9750B31&SSPV=", "hxxp://binkiland.com/?f=7&a=bnk_cmi_15_08&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0Bzy0ByE0DzytC0AtB0EyBtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCyCtAtD0CtCtD0AtGtD0D0BtAtGzyzz0FyEtG0EtByDtBtGyEtA0D0AyDtCyCtD0Fzzzz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyD0EtDyByBtC0AtG0BtA0AyCtGyE0AyB0DtGzy0EyE0BtGtCzztByBtAyEyC0BtD0FtB0A2QtN1B2Z1V1T1S1NzuyDtByC&cr=1333732890&ir="
CHR NewTab: Default -> "chrome-extension://hfgjjcbbihjnpdommbepdkpfnkkapnbh/index.html"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Adblock Plus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-15]
CHR Extension: (Google Search) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (AdBlock) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-30]
CHR Extension: (Speed Dial 3™) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgjjcbbihjnpdommbepdkpfnkkapnbh [2014-11-24]
CHR Extension: (Black Wood) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfigpljkonjldfhkfgbbmibfbcggnhj [2014-01-19]
CHR Extension: (Google Wallet) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 ArcService; D:\Programme\arc\Arc\ArcService.exe [88400 2014-10-11] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; D:\Programme\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-16] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 muzoluwo; C:\Users\Jörg\AppData\Roaming\482D6A71-1424507953-FE52-D75B-74D02B9B4D91\jnsv432E.tmp [90624 2015-02-21] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [1903472 2014-12-21] (Electronic Arts)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-07-20] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-01-19] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-23] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-16] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-13] (Symantec Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2013-10-06] (Nicomsoft Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 14:14 - 2015-03-03 14:15 - 00032549 _____ () C:\Users\Jörg\Downloads\FRST.txt
2015-03-03 14:14 - 2015-03-03 14:14 - 00000000 ____D () C:\FRST
2015-03-03 14:06 - 2015-03-03 14:06 - 02092544 _____ (Farbar) C:\Users\Jörg\Downloads\FRST64.exe
2015-03-03 14:03 - 2015-03-03 14:03 - 00002274 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-03 14:03 - 2015-03-03 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-03 13:52 - 2015-03-03 13:52 - 03209728 _____ () C:\Users\Jörg\Desktop\Langzeitkonto Jörg Heuer 23.03.2015 bis 27.03.2015.msg
2015-03-03 13:49 - 2015-03-03 13:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 13:49 - 2015-03-03 13:49 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-03 13:49 - 2015-03-03 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-03 13:49 - 2015-03-03 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-03 13:49 - 2015-03-03 13:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-03 13:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-03 13:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-03 13:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-03 13:47 - 2015-03-03 13:47 - 01388333 _____ (Thisisu) C:\Users\Jörg\Downloads\JRT643.exe
2015-03-03 13:46 - 2015-03-03 13:46 - 01203488 _____ () C:\Users\Jörg\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-03-03 13:41 - 2015-03-03 13:41 - 01203488 _____ () C:\Users\Jörg\Downloads\Revo Uninstaller - CHIP-Installer.exe
2015-03-03 13:41 - 2015-03-03 13:41 - 00001287 _____ () C:\Users\Jörg\Desktop\Revo Uninstaller.lnk
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Abelssoft
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Abelssoft
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Abelssoft
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2015-02-26 15:48 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-26 15:48 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-26 15:48 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-26 15:48 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-26 15:48 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-26 15:48 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-23 16:04 - 2015-02-26 16:44 - 00003212 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-1640622340-885431489-981301766-1001
2015-02-23 15:26 - 2015-02-23 16:12 - 00000000 ____D () C:\AdwCleaner
2015-02-23 15:25 - 2015-02-23 15:25 - 02126848 _____ () C:\Users\Jörg\Downloads\adwcleaner_4.111.exe
2015-02-23 15:02 - 2015-02-23 15:02 - 00274045 _____ () C:\Users\Jörg\AppData\Local\dsi1.dat
2015-02-23 15:02 - 2015-02-23 15:02 - 00161916 _____ () C:\Users\Jörg\AppData\Local\dsi2.dat
2015-02-22 19:12 - 2015-02-22 19:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-22 19:11 - 2015-02-22 19:15 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Sparta
2015-02-22 19:11 - 2015-02-22 19:11 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\sparta123
2015-02-22 19:11 - 2015-02-22 19:11 - 00000000 ____D () C:\Users\Jörg\AppData\Local\GGEmpire
2015-02-22 19:08 - 2015-02-22 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-22 19:04 - 2015-02-22 19:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-22 18:52 - 2015-02-22 18:52 - 00003448 _____ () C:\WINDOWS\System32\Tasks\avayvxvaxc
2015-02-22 18:52 - 2015-02-22 18:52 - 00000000 ____D () C:\Users\Jörg\AppData\Local\avayvxvaxc
2015-02-22 18:46 - 2015-02-22 18:46 - 00000000 ____D () C:\Program Files (x86)\ver7SpeedCheck
2015-02-21 08:40 - 2015-02-22 18:44 - 00000000 ____D () C:\Users\Jörg\AppData\Local\482D6A71-1424508004-FE52-D75B-74D02B9B4D91
2015-02-21 08:39 - 2015-03-03 13:57 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\482D6A71-1424507953-FE52-D75B-74D02B9B4D91
2015-02-21 08:36 - 2015-02-23 14:50 - 00000000 ____D () C:\ProgramData\{67168748-0634-6f4f-6716-687480631d20}
2015-02-21 08:36 - 2015-02-21 08:36 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\jajfdjebpfphpjkocjenkhegepamcbcl
2015-02-21 08:19 - 2015-02-21 08:19 - 00000000 ____D () C:\Users\Jörg\Documents\My Cheat Tables
2015-02-21 08:02 - 2015-02-21 08:02 - 00001772 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-21 08:02 - 2015-02-21 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-21 08:01 - 2015-02-21 08:02 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-21 08:01 - 2015-02-21 08:02 - 00000000 ____D () C:\Program Files\iTunes
2015-02-21 08:01 - 2015-02-21 08:01 - 00000000 ____D () C:\Program Files\iPod
2015-02-21 08:01 - 2015-02-21 08:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-15 19:51 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-15 19:51 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-14 11:19 - 2015-02-14 11:19 - 00002025 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-02-14 11:19 - 2015-02-14 11:19 - 00002015 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2015-02-14 11:19 - 2015-02-14 11:19 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Samsung
2015-02-14 11:19 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-02-14 11:19 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-02-14 11:17 - 2015-02-14 11:17 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2015-02-14 11:17 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2015-02-14 11:10 - 2015-02-14 11:12 - 78374592 _____ (Samsung Electronics Co., Ltd.) C:\Users\Jörg\Downloads\KiesSetup (1).exe
2015-02-13 16:38 - 2015-02-14 11:18 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-13 16:37 - 2015-02-14 11:19 - 00000000 ____D () C:\Users\Jörg\Documents\SelfMV
2015-02-13 16:37 - 2015-02-14 11:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-13 16:37 - 2015-02-14 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-13 16:37 - 2015-02-13 16:37 - 00001992 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-02-13 16:37 - 2015-02-13 16:37 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-02-13 16:37 - 2015-02-13 16:37 - 00000000 ____D () C:\Users\Jörg\Documents\samsung
2015-02-13 16:37 - 2015-02-13 16:37 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Samsung
2015-02-13 16:37 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-02-13 16:34 - 2015-02-13 16:35 - 42498888 _____ (Samsung Electronics Co., Ltd.) C:\Users\Jörg\Downloads\Kies3Setup.exe
2015-02-13 16:03 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-13 16:03 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-13 16:03 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-13 16:03 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-13 16:03 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-13 16:03 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-13 16:03 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-13 16:03 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-13 16:02 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-13 16:02 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-13 16:02 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-13 16:02 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-13 16:02 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-13 16:02 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-13 16:02 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-13 16:02 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-13 16:02 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-13 16:02 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-13 16:02 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-13 16:02 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-13 16:02 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-13 16:02 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-13 16:02 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-13 16:02 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-13 16:02 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-13 16:02 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-13 16:02 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-13 16:02 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-13 16:02 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-13 16:02 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-13 16:02 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-13 16:02 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-13 16:02 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-13 16:02 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-13 16:02 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-13 16:02 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-13 16:02 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-13 16:02 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-13 16:02 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-13 16:02 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-13 16:02 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-13 16:02 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-13 16:02 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-13 16:02 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-13 16:02 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-13 16:02 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-13 16:02 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-13 16:02 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-13 16:02 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-13 16:02 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-13 16:02 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-13 16:02 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-13 16:02 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-13 16:02 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-13 16:02 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-13 16:02 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-13 16:02 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-13 16:02 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-13 16:02 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-13 16:02 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-13 16:02 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-13 16:02 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-13 16:02 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-13 16:01 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-13 16:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-07 18:24 - 2015-02-07 18:24 - 00000000 __SHD () C:\Users\Jörg\AppData\Local\EmieUserList
2015-02-07 18:24 - 2015-02-07 18:24 - 00000000 __SHD () C:\Users\Jörg\AppData\Local\EmieSiteList
2015-02-07 18:24 - 2015-02-07 18:24 - 00000000 __SHD () C:\Users\Jörg\AppData\Local\EmieBrowserModeList
2015-02-05 14:12 - 2015-03-03 13:58 - 00000000 ___RD () C:\Users\Jörg\Google Drive
2015-02-05 14:12 - 2015-02-05 14:12 - 00001751 _____ () C:\Users\Jörg\Desktop\Google Drive.lnk
2015-02-05 14:10 - 2015-02-05 14:10 - 00002065 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-02-05 14:10 - 2015-02-05 14:10 - 00002063 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-02-05 14:10 - 2015-02-05 14:10 - 00002053 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-02-05 14:10 - 2015-02-05 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-05 14:09 - 2015-02-05 14:09 - 00880208 _____ (Google Inc.) C:\Users\Jörg\Desktop\googledrivesync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 14:14 - 2013-09-30 14:14 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 14:14 - 2013-09-30 14:14 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 14:09 - 2013-10-18 17:31 - 01819459 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-03 14:09 - 2013-09-30 20:46 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1640622340-885431489-981301766-1001
2015-03-03 14:02 - 2013-10-18 20:44 - 00000000 ____D () C:\Users\Jörg\Documents\Outlook-Dateien
2015-03-03 14:02 - 2013-09-30 05:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-03 14:02 - 2013-09-30 04:56 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-03 14:02 - 2013-09-30 04:56 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-03 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-03 13:58 - 2013-10-18 18:29 - 00000000 ___DO () C:\Users\Jörg\SkyDrive
2015-03-03 13:56 - 2013-08-22 15:46 - 00468381 _____ () C:\WINDOWS\setupact.log
2015-03-03 13:56 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-03 13:55 - 2013-10-18 17:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-03 13:55 - 2013-09-29 20:04 - 00119306 _____ () C:\WINDOWS\PFRO.log
2015-03-03 13:55 - 2013-08-22 15:44 - 05223480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-03 13:54 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-03 13:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-03 13:23 - 2013-12-20 09:22 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-03 13:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-03 13:07 - 2013-11-19 10:00 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{223E48E3-040C-40E0-9CFA-2AACEB8FACDA}
2015-03-03 13:04 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-26 16:07 - 2013-09-30 20:39 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Packages
2015-02-26 15:48 - 2013-09-30 14:10 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1640622340-885431489-981301766-1004
2015-02-26 15:46 - 2014-10-18 11:10 - 00003846 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1413627013
2015-02-26 15:46 - 2014-10-18 11:10 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-26 15:46 - 2014-10-18 11:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-26 15:45 - 2014-01-03 11:16 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B3333263-C0E4-404A-818B-9931C910CEE7}
2015-02-26 15:43 - 2013-09-30 21:23 - 00004144 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-23 16:13 - 2013-12-20 09:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-23 16:04 - 2013-12-20 09:10 - 00000736 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-23 16:04 - 2013-10-18 17:35 - 00000000 ____D () C:\Users\Rike
2015-02-23 15:27 - 2013-10-18 17:35 - 00000000 ____D () C:\Users\Jörg
2015-02-23 15:02 - 2013-12-20 10:12 - 00000313 _____ () C:\Users\Jörg\AppData\Roaming\WB.CFG
2015-02-22 19:14 - 2012-07-26 06:26 - 00000324 _____ () C:\WINDOWS\win.ini
2015-02-22 18:45 - 2013-10-06 00:13 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Adobe
2015-02-21 08:01 - 2013-10-26 10:36 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-18 11:54 - 2014-03-16 09:55 - 00000462 ____H () C:\WINDOWS\Tasks\Norton Security Scan for Jörg.job
2015-02-18 11:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-14 11:17 - 2013-05-31 19:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-14 11:14 - 2014-04-01 18:12 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Downloaded Installations
2015-02-13 16:47 - 2013-10-31 18:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-13 16:47 - 2013-10-01 10:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 16:42 - 2013-10-01 10:18 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-10 16:56 - 2013-12-20 12:17 - 00000000 ____D () C:\Users\Rike\AppData\Local\NVIDIA Corporation
2015-02-10 16:56 - 2013-12-20 12:16 - 00000000 ____D () C:\Users\Rike\AppData\Local\NVIDIA
2015-02-08 10:08 - 2014-01-03 16:38 - 00096256 ___SH () C:\Users\Rike\Desktop\Thumbs.db
2015-02-08 10:01 - 2013-09-30 14:14 - 00000000 ____D () C:\Users\Rike\AppData\Local\Google
2015-02-07 18:23 - 2013-12-20 09:22 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-05 14:10 - 2013-09-30 20:59 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Google
2015-02-05 14:10 - 2013-09-30 14:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-05 14:09 - 2013-09-30 14:14 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:09 - 2013-09-30 14:14 - 00003854 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-03-16 12:45 - 2014-03-16 13:27 - 0000486 _____ () C:\Users\Jörg\AppData\Roaming\17_01_2014_CS
2014-02-22 16:30 - 2014-03-05 18:29 - 0037297 _____ () C:\Users\Jörg\AppData\Roaming\20_02_2014_CS
2013-10-18 17:28 - 2013-08-17 01:06 - 1171592 _____ (Microsoft Corporation) C:\Users\Jörg\AppData\Roaming\taskserv.exe
2013-12-20 10:12 - 2015-02-23 15:02 - 0000313 _____ () C:\Users\Jörg\AppData\Roaming\WB.CFG
2014-01-02 10:12 - 2014-01-02 10:12 - 0000005 _____ () C:\Users\Jörg\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-12-20 10:12 - 2014-01-04 13:54 - 0000005 _____ () C:\Users\Jörg\AppData\Roaming\WBPU-TTL.DAT
2015-02-23 15:02 - 2015-02-23 15:02 - 0274045 _____ () C:\Users\Jörg\AppData\Local\dsi1.dat
2015-02-23 15:02 - 2015-02-23 15:02 - 0161916 _____ () C:\Users\Jörg\AppData\Local\dsi2.dat

Some content of TEMP:
====================
C:\Users\Jörg\AppData\Local\Temp\1ABE0482-DFC1-E888-DB66-3EEC5D6B57BB.dll
C:\Users\Jörg\AppData\Local\Temp\34021uninstall.exe
C:\Users\Jörg\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Jörg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjveit.dll
C:\Users\Jörg\AppData\Local\Temp\f.exe
C:\Users\Jörg\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jörg\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jörg\AppData\Local\Temp\nsg4CC9.exe
C:\Users\Jörg\AppData\Local\Temp\nsj2E4D.exe
C:\Users\Jörg\AppData\Local\Temp\nsq317C.exe
C:\Users\Jörg\AppData\Local\Temp\nsr4EDD.exe
C:\Users\Jörg\AppData\Local\Temp\nssDB66.exe
C:\Users\Jörg\AppData\Local\Temp\nsv4AB5.exe
C:\Users\Jörg\AppData\Local\Temp\nsz2FE4.exe
C:\Users\Jörg\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Jörg\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jörg\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jörg\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Jörg\AppData\Local\Temp\nvStInst.exe
C:\Users\Jörg\AppData\Local\Temp\Odin3 v3.09.exe
C:\Users\Jörg\AppData\Local\Temp\Quarantine.exe
C:\Users\Jörg\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Jörg\AppData\Local\Temp\setup_471.exe
C:\Users\Jörg\AppData\Local\Temp\setup_ra.exe
C:\Users\Jörg\AppData\Local\Temp\sonarinst.exe
C:\Users\Jörg\AppData\Local\Temp\SpOrder.dll
C:\Users\Jörg\AppData\Local\Temp\sqlite3.dll
C:\Users\Jörg\AppData\Local\Temp\supoptsetup.exe
C:\Users\Jörg\AppData\Local\Temp\swt-win32-3347.dll
C:\Users\Jörg\AppData\Local\Temp\tmp27DF.tmp.exe
C:\Users\Rike\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Rike\AppData\Local\Temp\swt-win32-3347.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 16:01

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Jörg at 2015-03-03 14:15:19
Running from C:\Users\Jörg\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{EAF21E13-5DC6-4BE1-B186-A62BF926BD1E}) (Version: 20.1.6362.11129 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.1.6362.11129 - Alcor Micro Corp.) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS Easy Update (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 2.00.30 - ASUSTeK Computer Inc)
ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 1.00.12 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM-x32\...\MAGIX_{5E00D8DF-905B-41C7-B562-C126DE3A4167}) (Version: 18.0.3.3 - MAGIX AG)
ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM-x32\...\MAGIX_{9204F334-2A46-49F1-89C4-65CEB7AC1974}) (Version: 1.13.0.121 - MAGIX AG)
ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Video easy (HKLM-x32\...\MAGIX_{7DB84618-76E3-4999-A9A0-D7D756E14129}) (Version: 3.0.1.42 - MAGIX AG)
ASUS Video easy (Version: 3.0.1.42 - MAGIX AG) Hidden
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{54ED2E2F-68EE-461C-888C-DB7EBE85C340}) (Version: 1.35.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.6.0 - Canon Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.39 - Abelssoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Dropbox (HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
eM Client (HKLM-x32\...\{88B17ABF-1B95-4DE8-B06F-CB511AFC2D8A}) (Version: 5.0.19406.0 - eM Client Inc.)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
EtikettenAssistent 4.2 (HKLM-x32\...\{9AEF64B1-79A5-4E2F-8FBC-4CA89ECD3595}) (Version: 4.2.1 - HERMA)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gigaflat (HKLM-x32\...\{C9E91711-8600-4919-AEF0-D4821F886797}_is1) (Version:  - Bitrockers Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
i-Menu version 4.0.8 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.0.8 - AOC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Opera Stable 27.0.1689.76 (HKLM-x32\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
Patrizier 4 (HKLM-x32\...\{25B473C3-2C62-482B-858F-94ED76880F79}) (Version: 1.3.0 - Kalypso Media)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15013.18 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15013.18 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Screen+ version Screen+ 1.0.4 (HKLM\...\{5B7AF05A-1962-489C-B00A-F12D49889FC9}_is1) (Version: Screen+ 1.0.4 - AOC)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.4.0.17399 - Blizzard Entertainment)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1640622340-885431489-981301766-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jörg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640622340-885431489-981301766-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640622340-885431489-981301766-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640622340-885431489-981301766-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640622340-885431489-981301766-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

13-02-2015 16:36:40 Installed Samsung Kies3
22-02-2015 19:41:48 Geplanter Prüfpunkt
03-03-2015 13:02:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0449C67B-A074-49AE-9BB4-2D8E310A01CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-22] (Microsoft Corporation)
Task: {047DEFBE-0BC7-4241-95D3-A72D445CBD70} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-22] (Microsoft Corporation)
Task: {2168BD7F-F0E7-43D6-B6D7-2462C446314F} - System32\Tasks\ASUS\ASUS Launcher Helper => C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [2013-04-24] (Microsoft)
Task: {356C3076-E68D-41EA-869E-1674014DE624} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {37B2C380-A831-4317-ADB4-2A6A0274A53C} - System32\Tasks\Opera scheduled Autoupdate 1413627013 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {479046D4-C77C-475B-9791-250373A05E53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {613732E6-2CE9-47CB-9790-6403C443DA39} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {618A6874-FF11-4DA7-AEB0-98E5166E0C57} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {86567482-88DF-45C7-A852-2B20DC9171D9} - System32\Tasks\avayvxvaxc => C:\Users\Jörg\AppData\Local\avayvxvaxc\avayvxvaxc.exe <==== ATTENTION
Task: {87EAB8B7-D3BD-4FCB-A387-BD22840810C4} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-12-04] (CHIP)
Task: {895B959D-A9DC-4D8B-9876-2866E8280079} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8A7035C0-E6F0-4763-AEAF-7730D4599331} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-13] (Microsoft Corporation)
Task: {9B95351C-7F0B-4655-94D7-786FBC6B0691} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {A394E7C5-1687-4076-AA98-1B7ED0C8A983} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {A5AD3ACC-E6AA-4963-B645-21A34A140353} - System32\Tasks\Norton Security Scan for Jörg => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {C495960A-A91C-42AB-9945-8AF5F5D1F996} - System32\Tasks\ASUS\ASUS Easy Update => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2012-11-20] (ASUSTeK Computer Inc.)
Task: {D0819170-8280-44F2-8679-12280AF2FE43} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {E3DD4CA0-1B20-4956-9B71-BEBD97EDA0C8} - System32\Tasks\avastBCLRestartS-1-5-21-1640622340-885431489-981301766-1001 => Firefox.exe 
Task: {F81ADD4F-876A-4CDD-9184-C5753371F505} - System32\Tasks\avast! Emergency Update => D:\Programme\Avast\AvastEmUpdate.exe [2014-11-15] (AVAST Software)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Norton Security Scan for Jörg.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Loaded Modules (whitelisted) ==============

2013-10-18 17:32 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-31 19:41 - 2012-06-01 10:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2015-02-22 19:04 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-20 00:04 - 2014-07-20 00:04 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2014-02-11 03:21 - 2014-02-11 03:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2015-03-03 14:03 - 2015-02-18 02:34 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-03-03 14:03 - 2015-02-18 02:34 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-03-03 14:03 - 2015-02-18 02:34 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-26 15:43 - 2015-02-26 15:43 - 02913792 _____ () D:\Programme\Avast\defs\15022600\algo.dll
2015-03-03 13:56 - 2015-03-03 13:56 - 02913792 _____ () D:\Programme\Avast\defs\15030300\algo.dll
2013-05-31 19:41 - 2015-03-03 13:56 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-05-31 19:41 - 2010-06-29 03:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-05-31 19:39 - 2012-11-19 20:04 - 00050688 _____ () C:\Program Files (x86)\ASUS\ASUS Easy Update\AsMultiLang.dll
2015-02-22 19:04 - 2015-02-22 19:04 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-03-03 13:57 - 2015-03-03 13:57 - 00098816 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32api.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00110080 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\pywintypes27.dll
2015-03-03 13:57 - 2015-03-03 13:57 - 00364544 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\pythoncom27.dll
2015-03-03 13:57 - 2015-03-03 13:57 - 00045568 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\_socket.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 01160704 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\_ssl.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00320512 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32com.shell.shell.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00713216 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\_hashlib.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 01175040 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\wx._core_.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00805888 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\wx._gdi_.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00811008 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\wx._windows_.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 01062400 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\wx._controls_.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00735232 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\wx._misc_.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00557056 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\pysqlite2._sqlite.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00128512 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\_elementtree.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00127488 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\pyexpat.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00087552 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\_ctypes.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00119808 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32file.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00108544 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32security.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00007168 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\hashobjs_ext.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00167936 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32gui.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00018432 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32event.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00038912 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32inet.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00011264 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32crypt.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00070656 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\wx._html2.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00027136 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\_multiprocessing.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00035840 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32process.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00686080 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\unicodedata.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00122368 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\wx._wizard.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00024064 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32pipe.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00025600 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32pdh.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00525640 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\windows._lib_cacheinvalidation.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00010240 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\select.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00017408 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32profile.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00022528 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\win32ts.pyd
2015-03-03 13:57 - 2015-03-03 13:57 - 00078336 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI68602\wx._animate.pyd
2014-11-15 20:55 - 2014-11-15 20:55 - 38562088 _____ () D:\Programme\Avast\libcef.dll
2013-12-30 12:23 - 2012-06-17 11:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll
2013-08-07 00:30 - 2013-02-16 01:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-22 19:04 - 2015-02-22 19:13 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2015-02-22 19:09 - 2015-02-22 19:14 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jörg\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1640622340-885431489-981301766-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jörg\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\StartupApproved\Run: => "Steam"

==================== Accounts: =============================

Administrator (S-1-5-21-1640622340-885431489-981301766-500 - Administrator - Disabled)
Gast (S-1-5-21-1640622340-885431489-981301766-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1640622340-885431489-981301766-1025 - Limited - Enabled)
Jörg (S-1-5-21-1640622340-885431489-981301766-1001 - Administrator - Enabled) => C:\Users\Jörg
Rike (S-1-5-21-1640622340-885431489-981301766-1004 - Administrator - Enabled) => C:\Users\Rike

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2015 01:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Creative Cloud.exe, Version: 2.4.1.351, Zeitstempel: 0x52f9b09f
Name des fehlerhaften Moduls: AdobePIM.dll, Version: 2.4.1.351, Zeitstempel: 0x52f9babe
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009f85
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xCreative Cloud.exe0
Pfad der fehlerhaften Anwendung: Creative Cloud.exe1
Pfad des fehlerhaften Moduls: Creative Cloud.exe2
Berichtskennung: Creative Cloud.exe3
Vollständiger Name des fehlerhaften Pakets: Creative Cloud.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Creative Cloud.exe5

Error: (03/03/2015 01:51:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Explorer.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 00007FFE2B07F5DD

Error: (03/03/2015 01:04:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Creative Cloud.exe, Version: 2.4.1.351, Zeitstempel: 0x52f9b09f
Name des fehlerhaften Moduls: AdobePIM.dll, Version: 2.4.1.351, Zeitstempel: 0x52f9babe
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009f85
ID des fehlerhaften Prozesses: 0x17d8
Startzeit der fehlerhaften Anwendung: 0xCreative Cloud.exe0
Pfad der fehlerhaften Anwendung: Creative Cloud.exe1
Pfad des fehlerhaften Moduls: Creative Cloud.exe2
Berichtskennung: Creative Cloud.exe3
Vollständiger Name des fehlerhaften Pakets: Creative Cloud.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Creative Cloud.exe5

Error: (03/03/2015 01:04:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AiChargerAP.exe, Version: 2.0.0.0, Zeitstempel: 0x50285912
Name des fehlerhaften Moduls: AiChargerAP.exe, Version: 2.0.0.0, Zeitstempel: 0x50285912
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00001393
ID des fehlerhaften Prozesses: 0x1364
Startzeit der fehlerhaften Anwendung: 0xAiChargerAP.exe0
Pfad der fehlerhaften Anwendung: AiChargerAP.exe1
Pfad des fehlerhaften Moduls: AiChargerAP.exe2
Berichtskennung: AiChargerAP.exe3
Vollständiger Name des fehlerhaften Pakets: AiChargerAP.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AiChargerAP.exe5

Error: (02/26/2015 04:03:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Creative Cloud.exe, Version: 2.4.1.351, Zeitstempel: 0x52f9b09f
Name des fehlerhaften Moduls: AdobePIM.dll, Version: 2.4.1.351, Zeitstempel: 0x52f9babe
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009f85
ID des fehlerhaften Prozesses: 0x1130
Startzeit der fehlerhaften Anwendung: 0xCreative Cloud.exe0
Pfad der fehlerhaften Anwendung: Creative Cloud.exe1
Pfad des fehlerhaften Moduls: Creative Cloud.exe2
Berichtskennung: Creative Cloud.exe3
Vollständiger Name des fehlerhaften Pakets: Creative Cloud.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Creative Cloud.exe5

Error: (02/26/2015 04:01:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile  UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/26/2015 03:43:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Creative Cloud.exe, Version: 2.4.1.351, Zeitstempel: 0x52f9b09f
Name des fehlerhaften Moduls: AdobePIM.dll, Version: 2.4.1.351, Zeitstempel: 0x52f9babe
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009f85
ID des fehlerhaften Prozesses: 0x10a4
Startzeit der fehlerhaften Anwendung: 0xCreative Cloud.exe0
Pfad der fehlerhaften Anwendung: Creative Cloud.exe1
Pfad des fehlerhaften Moduls: Creative Cloud.exe2
Berichtskennung: Creative Cloud.exe3
Vollständiger Name des fehlerhaften Pakets: Creative Cloud.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Creative Cloud.exe5

Error: (02/23/2015 04:03:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000008
Fehleroffset: 0x0000000000092d1a
ID des fehlerhaften Prozesses: 0xffc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5

Error: (02/23/2015 03:30:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Creative Cloud.exe, Version: 2.4.1.351, Zeitstempel: 0x52f9b09f
Name des fehlerhaften Moduls: AdobePIM.dll, Version: 2.4.1.351, Zeitstempel: 0x52f9babe
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009f85
ID des fehlerhaften Prozesses: 0x1894
Startzeit der fehlerhaften Anwendung: 0xCreative Cloud.exe0
Pfad der fehlerhaften Anwendung: Creative Cloud.exe1
Pfad des fehlerhaften Moduls: Creative Cloud.exe2
Berichtskennung: Creative Cloud.exe3
Vollständiger Name des fehlerhaften Pakets: Creative Cloud.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Creative Cloud.exe5

Error: (02/23/2015 03:02:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Creative Cloud.exe, Version: 2.4.1.351, Zeitstempel: 0x52f9b09f
Name des fehlerhaften Moduls: AdobePIM.dll, Version: 2.4.1.351, Zeitstempel: 0x52f9babe
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009f85
ID des fehlerhaften Prozesses: 0x1d9c
Startzeit der fehlerhaften Anwendung: 0xCreative Cloud.exe0
Pfad der fehlerhaften Anwendung: Creative Cloud.exe1
Pfad des fehlerhaften Moduls: Creative Cloud.exe2
Berichtskennung: Creative Cloud.exe3
Vollständiger Name des fehlerhaften Pakets: Creative Cloud.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Creative Cloud.exe5


System errors:
=============
Error: (03/03/2015 01:57:34 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{F0BE5148-BD26-4840-96E0-2541C53BC1CF}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/03/2015 01:57:14 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SPOCK" auf Transport "NetBT_Tcpip_{F0BE5148-BD26-4840-96E0-2541C53BC1CF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (03/03/2015 01:57:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Clipart Renew" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/03/2015 01:06:28 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{F0BE5148-BD26-4840-96E0-2541C53BC1CF}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/26/2015 03:43:20 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{F0BE5148-BD26-4840-96E0-2541C53BC1CF}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/26/2015 03:42:32 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SPOCK" auf Transport "NetBT_Tcpip_{F0BE5148-BD26-4840-96E0-2541C53BC1CF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (02/26/2015 03:42:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎02.‎2015 um 16:13:14 unerwartet heruntergefahren.

Error: (02/26/2015 03:41:47 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841221040

Error: (02/23/2015 04:13:46 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SPOCK" auf Transport "NetBT_Tcpip_{F0BE5148-BD26-4840-96E0-2541C53BC1CF}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (02/23/2015 04:03:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (03/03/2015 01:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Creative Cloud.exe2.4.1.35152f9b09fAdobePIM.dll2.4.1.35152f9babec000000500009f85169401d055b1ab0ffa5cC:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\utils\AdobePIM.dlle9f28081-c1a4-11e4-bfd0-74d02b9b4d91

Error: (03/03/2015 01:51:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Explorer.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 00007FFE2B07F5DD

Error: (03/03/2015 01:04:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Creative Cloud.exe2.4.1.35152f9b09fAdobePIM.dll2.4.1.35152f9babec000000500009f8517d801d055aa3e878ef3C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\utils\AdobePIM.dll814a6283-c19d-11e4-bfcf-74d02b9b4d91

Error: (03/03/2015 01:04:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AiChargerAP.exe2.0.0.050285912AiChargerAP.exe2.0.0.050285912c000040900001393136401d055aa38f30374C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exeC:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe7828fc6a-c19d-11e4-bfcf-74d02b9b4d91

Error: (02/26/2015 04:03:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Creative Cloud.exe2.4.1.35152f9b09fAdobePIM.dll2.4.1.35152f9babec000000500009f85113001d051d55f51af6dC:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\utils\AdobePIM.dll9d62a8d8-bdc8-11e4-bfcf-74d02b9b4d91

Error: (02/26/2015 04:01:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (02/26/2015 03:43:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Creative Cloud.exe2.4.1.35152f9b09fAdobePIM.dll2.4.1.35152f9babec000000500009f8510a401d051d296628a46C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\utils\AdobePIM.dlld68101c5-bdc5-11e4-bfcf-74d02b9b4d91

Error: (02/23/2015 04:03:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1763054b0e17ac00000080000000000092d1affc01d04f7520add4bcC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll1f38d989-bb6d-11e4-bfcd-74d02b9b4d91

Error: (02/23/2015 03:30:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Creative Cloud.exe2.4.1.35152f9b09fAdobePIM.dll2.4.1.35152f9babec000000500009f85189401d04f75318e5328C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\utils\AdobePIM.dll720e193c-bb68-11e4-bfcd-74d02b9b4d91

Error: (02/23/2015 03:02:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Creative Cloud.exe2.4.1.35152f9b09fAdobePIM.dll2.4.1.35152f9babec000000500009f851d9c01d04f716a432f74C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\utils\AdobePIM.dlla86f4b4d-bb64-11e4-bfcc-74d02b9b4d91


CodeIntegrity Errors:
===================================
  Date: 2014-07-20 00:39:50.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.537
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.433
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.132
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.061
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:49.991
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:49.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
Percentage of memory in use: 23%
Total physical RAM: 12196.22 MB
Available physical RAM: 9358.13 MB
Total Pagefile: 14052.22 MB
Available Pagefile: 10391.37 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.66 GB) (Free:65.57 GB) NTFS
Drive d: (Data) (Fixed) (Total:1692.8 GB) (Free:1438.22 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:29.69 GB) (Free:29.55 GB) NTFS
Drive j: (Heuer) (Fixed) (Total:1863.01 GB) (Free:1699.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: C3B123CA)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 292F36CC)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

Alt 03.03.2015, 13:35   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!





Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 03.03.2015, 14:21   #3
Worf84
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



sonst habe ich keine weiteren Logs, hoffe die können trotzdem helfen.
__________________

Alt 03.03.2015, 14:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



Dann gehts mit MBAR weiter:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.03.2015, 13:04   #5
Worf84
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



ist es normal das das Tool ewig an einer Datei beim Scan hängt. seit gut 10 Minuten bei Itunes

das Tool hängt sich beim Scan auf


Alt 04.03.2015, 13:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



Windows rebooten, MBAR neu runterladen und nochmal probieren
__________________
--> ?trackid=sp-006 bei jeder Google Suche in Chrome

Alt 04.03.2015, 17:43   #7
Worf84
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



es bleibt jedesmal woanders stehen, seit gut 15 Minuten bei der gleichen Datei

Alt 04.03.2015, 20:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



Dann mach bitte so weiter:

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.03.2015, 13:09   #9
Worf84
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.111 - Bericht erstellt 05/03/2015 um 13:57:22
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-02.3 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Jörg - SPOCK
# Gestarted von : C:\Users\Jörg\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SearchProtectWS
Schlüssel Gelöscht : HKCU\Software\DesktopDockApp
Schlüssel Gelöscht : HKLM\SOFTWARE\QuickRef_1.10.0.9
Schlüssel Gelöscht : HKLM\SOFTWARE\DesktopDockApp
Schlüssel Gelöscht : HKLM\SOFTWARE\RollAround

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v40.0.2214.115


-\\ Opera v27.0.1689.76


*************************

AdwCleaner[R0].txt - [24024 Bytes] - [23/02/2015 15:26:09]
AdwCleaner[R1].txt - [1110 Bytes] - [23/02/2015 16:04:49]
AdwCleaner[R2].txt - [1523 Bytes] - [05/03/2015 13:55:05]
AdwCleaner[S0].txt - [22734 Bytes] - [23/02/2015 15:27:23]
AdwCleaner[S1].txt - [1172 Bytes] - [23/02/2015 16:12:25]
AdwCleaner[S2].txt - [1284 Bytes] - [05/03/2015 13:57:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1343  Bytes] ##########
         
--- --- ---


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 x64
Ran by J”rg on 05.03.2015 at 14:01:47,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.03.2015 at 14:04:54,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Jörg (administrator) on SPOCK on 05-03-2015 14:07:01
Running from C:\Users\Jörg\Desktop
Loaded Profiles: Jörg (Available profiles: Jörg & Rike)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) D:\Programme\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Jörg\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) D:\Programme\Avast\avastui.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7158344 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Programme\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [gmsd_de_245] => [X]
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\Run: [Steam] => D:\Spiele\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\Run: [GoogleChromeAutoLaunch_CED598824E3858529A9A6F9C3FCAA655] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2015-02-18] (Google Inc.)
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\MountPoints2: {32bb4a6f-40bd-11e3-be9a-74d02b9b4d91} - "K:\LaunchU3.exe" -a
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\MountPoints2: {c5a77724-5c69-11e4-bf98-74d02b9b4d91} - "I:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\MountPoints2: {c5a778b6-5c69-11e4-bf98-74d02b9b4d91} - "J:\setup_vmc_lite.exe" /checkApplicationPresence
Startup: C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Programme\arc\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1640622340-885431489-981301766-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\r0mvh8xn.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Programme\arc\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\r0mvh8xn.default\searchplugins\google-avast.xml
FF Extension: leethax.net extension - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\r0mvh8xn.default\Extensions\leethax@leethax.net.xpi [2013-12-20]
FF Extension: Roll Around - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\r0mvh8xn.default\Extensions\{bec0d06e-c92d-48a7-bc8b-4f7ee342b2ad}.xpi [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\Avast\WebRep\FF
FF Extension: Avast Online Security - D:\Programme\Avast\WebRep\FF [2013-09-30]
StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MD1502A26-006B-4EF0-8C00-878CE61C8726&SearchSource=55&CUI=&UM=8&UP=SPF3EC0C08-3C1E-43A6-AE5D-C6FCE9750B31&SSPV=
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR NewTab: Default -> "chrome-extension://hfgjjcbbihjnpdommbepdkpfnkkapnbh/index.html"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Adblock Plus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-15]
CHR Extension: (Google Search) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (AdBlock) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-30]
CHR Extension: (Speed Dial 3™) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgjjcbbihjnpdommbepdkpfnkkapnbh [2014-11-24]
CHR Extension: (Black Wood) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfigpljkonjldfhkfgbbmibfbcggnhj [2014-01-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR HKU\S-1-5-21-1640622340-885431489-981301766-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 ArcService; D:\Programme\arc\Arc\ArcService.exe [88400 2014-10-11] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; D:\Programme\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-16] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 muzoluwo; C:\Users\Jörg\AppData\Roaming\482D6A71-1424507953-FE52-D75B-74D02B9B4D91\jnsv432E.tmp [90624 2015-02-21] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [1903472 2014-12-21] (Electronic Arts)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-07-20] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-01-19] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-23] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-16] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-13] (Symantec Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-03-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2013-10-06] (Nicomsoft Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 14:07 - 2015-03-05 14:07 - 00031880 _____ () C:\Users\Jörg\Desktop\FRST.txt
2015-03-05 14:06 - 2015-03-05 14:06 - 02092544 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe
2015-03-05 14:04 - 2015-03-05 14:04 - 00001277 _____ () C:\Users\Jörg\Desktop\JRT.txt
2015-03-05 14:01 - 2015-03-05 14:01 - 01388333 _____ (Thisisu) C:\Users\Jörg\Desktop\JRT.exe
2015-03-05 13:54 - 2015-03-05 13:54 - 02126848 _____ () C:\Users\Jörg\Desktop\AdwCleaner_4.111.exe
2015-03-04 17:33 - 2015-03-04 17:33 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Jörg\Downloads\E8F8.tmp
2015-03-03 17:00 - 2015-03-04 18:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-03 14:15 - 2015-03-03 14:15 - 00049654 _____ () C:\Users\Jörg\Downloads\Addition.txt
2015-03-03 14:14 - 2015-03-05 14:07 - 00000000 ____D () C:\FRST
2015-03-03 14:14 - 2015-03-03 14:15 - 00058092 _____ () C:\Users\Jörg\Downloads\FRST.txt
2015-03-03 14:06 - 2015-03-03 14:06 - 02092544 _____ (Farbar) C:\Users\Jörg\Downloads\FRST64.exe
2015-03-03 14:03 - 2015-03-03 14:03 - 00002274 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-03 14:03 - 2015-03-03 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-03 13:52 - 2015-03-03 13:52 - 03209728 _____ () C:\Users\Jörg\Desktop\Langzeitkonto Jörg Heuer 23.03.2015 bis 27.03.2015.msg
2015-03-03 13:49 - 2015-03-04 18:20 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 13:49 - 2015-03-03 16:57 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-03 13:49 - 2015-03-03 13:49 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-03 13:49 - 2015-03-03 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-03 13:49 - 2015-03-03 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-03 13:49 - 2015-03-03 13:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-03 13:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-03 13:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-03 13:47 - 2015-03-03 13:47 - 01388333 _____ (Thisisu) C:\Users\Jörg\Downloads\JRT643.exe
2015-03-03 13:46 - 2015-03-03 13:46 - 01203488 _____ () C:\Users\Jörg\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-03-03 13:41 - 2015-03-03 13:41 - 01203488 _____ () C:\Users\Jörg\Downloads\Revo Uninstaller - CHIP-Installer.exe
2015-03-03 13:41 - 2015-03-03 13:41 - 00001287 _____ () C:\Users\Jörg\Desktop\Revo Uninstaller.lnk
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Abelssoft
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Abelssoft
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Abelssoft
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-03 13:41 - 2015-03-03 13:41 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2015-02-26 15:48 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-26 15:48 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-26 15:48 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-26 15:48 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-26 15:48 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-26 15:48 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-23 16:04 - 2015-02-26 16:44 - 00003212 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-1640622340-885431489-981301766-1001
2015-02-23 15:26 - 2015-03-05 13:57 - 00000000 ____D () C:\AdwCleaner
2015-02-23 15:25 - 2015-02-23 15:25 - 02126848 _____ () C:\Users\Jörg\Downloads\adwcleaner_4.111.exe
2015-02-23 15:02 - 2015-02-23 15:02 - 00274045 _____ () C:\Users\Jörg\AppData\Local\dsi1.dat
2015-02-23 15:02 - 2015-02-23 15:02 - 00161916 _____ () C:\Users\Jörg\AppData\Local\dsi2.dat
2015-02-22 19:12 - 2015-02-22 19:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-22 19:11 - 2015-02-22 19:15 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Sparta
2015-02-22 19:11 - 2015-02-22 19:11 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\sparta123
2015-02-22 19:11 - 2015-02-22 19:11 - 00000000 ____D () C:\Users\Jörg\AppData\Local\GGEmpire
2015-02-22 19:08 - 2015-02-22 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-22 19:04 - 2015-02-22 19:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-22 18:52 - 2015-02-22 18:52 - 00003448 _____ () C:\WINDOWS\System32\Tasks\avayvxvaxc
2015-02-22 18:52 - 2015-02-22 18:52 - 00000000 ____D () C:\Users\Jörg\AppData\Local\avayvxvaxc
2015-02-22 18:46 - 2015-02-22 18:46 - 00000000 ____D () C:\Program Files (x86)\ver7SpeedCheck
2015-02-21 08:40 - 2015-02-22 18:44 - 00000000 ____D () C:\Users\Jörg\AppData\Local\482D6A71-1424508004-FE52-D75B-74D02B9B4D91
2015-02-21 08:39 - 2015-03-03 13:57 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\482D6A71-1424507953-FE52-D75B-74D02B9B4D91
2015-02-21 08:36 - 2015-02-23 14:50 - 00000000 ____D () C:\ProgramData\{67168748-0634-6f4f-6716-687480631d20}
2015-02-21 08:36 - 2015-02-21 08:36 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\jajfdjebpfphpjkocjenkhegepamcbcl
2015-02-21 08:19 - 2015-02-21 08:19 - 00000000 ____D () C:\Users\Jörg\Documents\My Cheat Tables
2015-02-21 08:02 - 2015-02-21 08:02 - 00001772 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-21 08:02 - 2015-02-21 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-21 08:01 - 2015-02-21 08:02 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-21 08:01 - 2015-02-21 08:02 - 00000000 ____D () C:\Program Files\iTunes
2015-02-21 08:01 - 2015-02-21 08:01 - 00000000 ____D () C:\Program Files\iPod
2015-02-21 08:01 - 2015-02-21 08:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-15 19:51 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-15 19:51 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-14 11:19 - 2015-02-14 11:19 - 00002025 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-02-14 11:19 - 2015-02-14 11:19 - 00002015 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2015-02-14 11:19 - 2015-02-14 11:19 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Samsung
2015-02-14 11:19 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-02-14 11:19 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-02-14 11:17 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2015-02-14 11:10 - 2015-02-14 11:12 - 78374592 _____ (Samsung Electronics Co., Ltd.) C:\Users\Jörg\Downloads\KiesSetup (1).exe
2015-02-13 16:38 - 2015-02-14 11:18 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-13 16:37 - 2015-02-14 11:19 - 00000000 ____D () C:\Users\Jörg\Documents\SelfMV
2015-02-13 16:37 - 2015-02-14 11:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-13 16:37 - 2015-02-14 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-13 16:37 - 2015-02-13 16:37 - 00001992 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-02-13 16:37 - 2015-02-13 16:37 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-02-13 16:37 - 2015-02-13 16:37 - 00000000 ____D () C:\Users\Jörg\Documents\samsung
2015-02-13 16:37 - 2015-02-13 16:37 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Samsung
2015-02-13 16:37 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-02-13 16:34 - 2015-02-13 16:35 - 42498888 _____ (Samsung Electronics Co., Ltd.) C:\Users\Jörg\Downloads\Kies3Setup.exe
2015-02-13 16:03 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-13 16:03 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-13 16:03 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-13 16:03 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-13 16:03 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-13 16:03 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-13 16:03 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-13 16:03 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-13 16:02 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-13 16:02 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-13 16:02 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-13 16:02 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-13 16:02 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-13 16:02 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-13 16:02 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-13 16:02 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-13 16:02 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-13 16:02 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-13 16:02 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-13 16:02 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-13 16:02 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-13 16:02 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-13 16:02 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-13 16:02 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-13 16:02 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-13 16:02 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-13 16:02 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-13 16:02 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-13 16:02 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-13 16:02 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-13 16:02 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-13 16:02 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-13 16:02 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-13 16:02 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-13 16:02 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-13 16:02 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-13 16:02 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-13 16:02 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-13 16:02 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-13 16:02 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-13 16:02 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-13 16:02 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-13 16:02 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-13 16:02 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-13 16:02 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-13 16:02 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-13 16:02 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-13 16:02 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-13 16:02 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-13 16:02 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-13 16:02 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-13 16:02 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-13 16:02 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-13 16:02 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-13 16:02 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-13 16:02 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-13 16:02 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-13 16:02 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-13 16:02 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-13 16:02 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-13 16:02 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-13 16:02 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-13 16:02 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-13 16:01 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-13 16:01 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-07 18:24 - 2015-02-07 18:24 - 00000000 __SHD () C:\Users\Jörg\AppData\Local\EmieUserList
2015-02-07 18:24 - 2015-02-07 18:24 - 00000000 __SHD () C:\Users\Jörg\AppData\Local\EmieSiteList
2015-02-07 18:24 - 2015-02-07 18:24 - 00000000 __SHD () C:\Users\Jörg\AppData\Local\EmieBrowserModeList
2015-02-05 14:12 - 2015-03-05 13:59 - 00000000 ___RD () C:\Users\Jörg\Google Drive
2015-02-05 14:12 - 2015-02-05 14:12 - 00001751 _____ () C:\Users\Jörg\Desktop\Google Drive.lnk
2015-02-05 14:10 - 2015-02-05 14:10 - 00002065 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-02-05 14:10 - 2015-02-05 14:10 - 00002063 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-02-05 14:10 - 2015-02-05 14:10 - 00002053 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-02-05 14:10 - 2015-02-05 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-05 14:09 - 2015-02-05 14:09 - 00880208 _____ (Google Inc.) C:\Users\Jörg\Desktop\googledrivesync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 14:05 - 2013-09-30 05:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-05 14:05 - 2013-09-30 04:56 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-05 14:05 - 2013-09-30 04:56 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-05 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-05 14:00 - 2013-10-18 18:29 - 00000000 ___DO () C:\Users\Jörg\SkyDrive
2015-03-05 14:00 - 2013-09-30 14:14 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-05 13:58 - 2013-10-18 17:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-05 13:58 - 2013-08-22 15:46 - 00469998 _____ () C:\WINDOWS\setupact.log
2015-03-05 13:58 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-05 13:57 - 2013-10-18 17:31 - 01074902 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-05 13:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-05 13:56 - 2013-11-19 10:00 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{223E48E3-040C-40E0-9CFA-2AACEB8FACDA}
2015-03-04 18:23 - 2013-12-20 09:22 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-04 18:14 - 2013-09-30 14:14 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 17:39 - 2013-09-30 20:46 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1640622340-885431489-981301766-1001
2015-03-04 17:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-04 14:10 - 2013-10-18 20:44 - 00000000 ____D () C:\Users\Jörg\Documents\Outlook-Dateien
2015-03-04 14:09 - 2014-02-15 17:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-04 14:08 - 2014-11-15 20:58 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-04 14:08 - 2014-11-15 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-04 14:08 - 2014-11-15 20:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-04 13:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-03 13:55 - 2013-09-29 20:04 - 00119306 _____ () C:\WINDOWS\PFRO.log
2015-03-03 13:55 - 2013-08-22 15:44 - 05223480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-03 13:04 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-26 16:07 - 2013-09-30 20:39 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Packages
2015-02-26 15:48 - 2013-09-30 14:10 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1640622340-885431489-981301766-1004
2015-02-26 15:46 - 2014-10-18 11:10 - 00003846 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1413627013
2015-02-26 15:46 - 2014-10-18 11:10 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-26 15:46 - 2014-10-18 11:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-26 15:45 - 2014-01-03 11:16 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B3333263-C0E4-404A-818B-9931C910CEE7}
2015-02-26 15:43 - 2013-09-30 21:23 - 00004144 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-23 16:13 - 2013-12-20 09:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-23 16:04 - 2013-12-20 09:10 - 00000736 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-23 16:04 - 2013-10-18 17:35 - 00000000 ____D () C:\Users\Rike
2015-02-23 15:27 - 2013-10-18 17:35 - 00000000 ____D () C:\Users\Jörg
2015-02-23 15:02 - 2013-12-20 10:12 - 00000313 _____ () C:\Users\Jörg\AppData\Roaming\WB.CFG
2015-02-22 19:14 - 2012-07-26 06:26 - 00000324 _____ () C:\WINDOWS\win.ini
2015-02-22 18:45 - 2013-10-06 00:13 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Adobe
2015-02-21 08:01 - 2013-10-26 10:36 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-18 11:54 - 2014-03-16 09:55 - 00000462 ____H () C:\WINDOWS\Tasks\Norton Security Scan for Jörg.job
2015-02-18 11:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-14 11:17 - 2013-05-31 19:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-14 11:14 - 2014-04-01 18:12 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Downloaded Installations
2015-02-13 16:47 - 2013-10-31 18:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-13 16:47 - 2013-10-01 10:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 16:42 - 2013-10-01 10:18 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-10 16:56 - 2013-12-20 12:17 - 00000000 ____D () C:\Users\Rike\AppData\Local\NVIDIA Corporation
2015-02-10 16:56 - 2013-12-20 12:16 - 00000000 ____D () C:\Users\Rike\AppData\Local\NVIDIA
2015-02-08 10:08 - 2014-01-03 16:38 - 00096256 ___SH () C:\Users\Rike\Desktop\Thumbs.db
2015-02-08 10:01 - 2013-09-30 14:14 - 00000000 ____D () C:\Users\Rike\AppData\Local\Google
2015-02-07 18:23 - 2013-12-20 09:22 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-05 14:10 - 2013-09-30 20:59 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Google
2015-02-05 14:10 - 2013-09-30 14:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-05 14:09 - 2013-09-30 14:14 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:09 - 2013-09-30 14:14 - 00003854 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-03-16 12:45 - 2014-03-16 13:27 - 0000486 _____ () C:\Users\Jörg\AppData\Roaming\17_01_2014_CS
2014-02-22 16:30 - 2014-03-05 18:29 - 0037297 _____ () C:\Users\Jörg\AppData\Roaming\20_02_2014_CS
2013-10-18 17:28 - 2013-08-17 01:06 - 1171592 _____ (Microsoft Corporation) C:\Users\Jörg\AppData\Roaming\taskserv.exe
2013-12-20 10:12 - 2015-02-23 15:02 - 0000313 _____ () C:\Users\Jörg\AppData\Roaming\WB.CFG
2014-01-02 10:12 - 2014-01-02 10:12 - 0000005 _____ () C:\Users\Jörg\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-12-20 10:12 - 2014-01-04 13:54 - 0000005 _____ () C:\Users\Jörg\AppData\Roaming\WBPU-TTL.DAT
2015-02-23 15:02 - 2015-02-23 15:02 - 0274045 _____ () C:\Users\Jörg\AppData\Local\dsi1.dat
2015-02-23 15:02 - 2015-02-23 15:02 - 0161916 _____ () C:\Users\Jörg\AppData\Local\dsi2.dat

Some content of TEMP:
====================
C:\Users\Jörg\AppData\Local\Temp\1ABE0482-DFC1-E888-DB66-3EEC5D6B57BB.dll
C:\Users\Jörg\AppData\Local\Temp\34021uninstall.exe
C:\Users\Jörg\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Jörg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjveit.dll
C:\Users\Jörg\AppData\Local\Temp\f.exe
C:\Users\Jörg\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jörg\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jörg\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Jörg\AppData\Local\Temp\nsg4CC9.exe
C:\Users\Jörg\AppData\Local\Temp\nsj2E4D.exe
C:\Users\Jörg\AppData\Local\Temp\nsq317C.exe
C:\Users\Jörg\AppData\Local\Temp\nsr4EDD.exe
C:\Users\Jörg\AppData\Local\Temp\nssDB66.exe
C:\Users\Jörg\AppData\Local\Temp\nsv4AB5.exe
C:\Users\Jörg\AppData\Local\Temp\nsz2FE4.exe
C:\Users\Jörg\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Jörg\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jörg\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jörg\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Jörg\AppData\Local\Temp\nvStInst.exe
C:\Users\Jörg\AppData\Local\Temp\Odin3 v3.09.exe
C:\Users\Jörg\AppData\Local\Temp\Quarantine.exe
C:\Users\Jörg\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Jörg\AppData\Local\Temp\setup_471.exe
C:\Users\Jörg\AppData\Local\Temp\setup_ra.exe
C:\Users\Jörg\AppData\Local\Temp\sonarinst.exe
C:\Users\Jörg\AppData\Local\Temp\SpOrder.dll
C:\Users\Jörg\AppData\Local\Temp\sqlite3.dll
C:\Users\Jörg\AppData\Local\Temp\supoptsetup.exe
C:\Users\Jörg\AppData\Local\Temp\swt-win32-3347.dll
C:\Users\Jörg\AppData\Local\Temp\tmp27DF.tmp.exe
C:\Users\Rike\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Rike\AppData\Local\Temp\swt-win32-3347.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-04 18:26

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Jörg at 2015-03-05 14:07:35
Running from C:\Users\Jörg\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{EAF21E13-5DC6-4BE1-B186-A62BF926BD1E}) (Version: 20.1.6362.11129 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.1.6362.11129 - Alcor Micro Corp.) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS Easy Update (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 2.00.30 - ASUSTeK Computer Inc)
ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 1.00.12 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM-x32\...\MAGIX_{5E00D8DF-905B-41C7-B562-C126DE3A4167}) (Version: 18.0.3.3 - MAGIX AG)
ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM-x32\...\MAGIX_{9204F334-2A46-49F1-89C4-65CEB7AC1974}) (Version: 1.13.0.121 - MAGIX AG)
ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Video easy (HKLM-x32\...\MAGIX_{7DB84618-76E3-4999-A9A0-D7D756E14129}) (Version: 3.0.1.42 - MAGIX AG)
ASUS Video easy (Version: 3.0.1.42 - MAGIX AG) Hidden
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{54ED2E2F-68EE-461C-888C-DB7EBE85C340}) (Version: 1.35.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.6.0 - Canon Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.39 - Abelssoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Dropbox (HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
eM Client (HKLM-x32\...\{88B17ABF-1B95-4DE8-B06F-CB511AFC2D8A}) (Version: 5.0.19406.0 - eM Client Inc.)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
EtikettenAssistent 4.2 (HKLM-x32\...\{9AEF64B1-79A5-4E2F-8FBC-4CA89ECD3595}) (Version: 4.2.1 - HERMA)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gigaflat (HKLM-x32\...\{C9E91711-8600-4919-AEF0-D4821F886797}_is1) (Version:  - Bitrockers Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
i-Menu version 4.0.8 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.0.8 - AOC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Opera Stable 27.0.1689.76 (HKLM-x32\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
Patrizier 4 (HKLM-x32\...\{25B473C3-2C62-482B-858F-94ED76880F79}) (Version: 1.3.0 - Kalypso Media)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15013.18 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15013.18 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Screen+ version Screen+ 1.0.4 (HKLM\...\{5B7AF05A-1962-489C-B00A-F12D49889FC9}_is1) (Version: Screen+ 1.0.4 - AOC)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.4.0.17399 - Blizzard Entertainment)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1640622340-885431489-981301766-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jörg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640622340-885431489-981301766-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640622340-885431489-981301766-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640622340-885431489-981301766-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640622340-885431489-981301766-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jörg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

22-02-2015 19:41:48 Geplanter Prüfpunkt
03-03-2015 13:02:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0449C67B-A074-49AE-9BB4-2D8E310A01CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-22] (Microsoft Corporation)
Task: {047DEFBE-0BC7-4241-95D3-A72D445CBD70} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-22] (Microsoft Corporation)
Task: {2168BD7F-F0E7-43D6-B6D7-2462C446314F} - System32\Tasks\ASUS\ASUS Launcher Helper => C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [2013-04-24] (Microsoft)
Task: {356C3076-E68D-41EA-869E-1674014DE624} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {37B2C380-A831-4317-ADB4-2A6A0274A53C} - System32\Tasks\Opera scheduled Autoupdate 1413627013 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {479046D4-C77C-475B-9791-250373A05E53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {58883749-6A1C-4470-A0F8-42A31EA7750E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-13] (Microsoft Corporation)
Task: {613732E6-2CE9-47CB-9790-6403C443DA39} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {618A6874-FF11-4DA7-AEB0-98E5166E0C57} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {86567482-88DF-45C7-A852-2B20DC9171D9} - System32\Tasks\avayvxvaxc => C:\Users\Jörg\AppData\Local\avayvxvaxc\avayvxvaxc.exe <==== ATTENTION
Task: {87EAB8B7-D3BD-4FCB-A387-BD22840810C4} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-12-04] (CHIP)
Task: {895B959D-A9DC-4D8B-9876-2866E8280079} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9B95351C-7F0B-4655-94D7-786FBC6B0691} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {A394E7C5-1687-4076-AA98-1B7ED0C8A983} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {A5AD3ACC-E6AA-4963-B645-21A34A140353} - System32\Tasks\Norton Security Scan for Jörg => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {C495960A-A91C-42AB-9945-8AF5F5D1F996} - System32\Tasks\ASUS\ASUS Easy Update => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2012-11-20] (ASUSTeK Computer Inc.)
Task: {D0819170-8280-44F2-8679-12280AF2FE43} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {E3DD4CA0-1B20-4956-9B71-BEBD97EDA0C8} - System32\Tasks\avastBCLRestartS-1-5-21-1640622340-885431489-981301766-1001 => Firefox.exe 
Task: {F81ADD4F-876A-4CDD-9184-C5753371F505} - System32\Tasks\avast! Emergency Update => D:\Programme\Avast\AvastEmUpdate.exe [2014-11-15] (AVAST Software)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Norton Security Scan for Jörg.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Loaded Modules (whitelisted) ==============

2013-10-18 17:32 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-31 19:41 - 2012-06-01 10:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2015-02-22 19:04 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-20 00:04 - 2014-07-20 00:04 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2014-02-11 03:21 - 2014-02-11 03:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2015-03-03 14:03 - 2015-02-18 02:34 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-03-03 14:03 - 2015-02-18 02:34 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-03-03 14:03 - 2015-02-18 02:34 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-03-05 13:52 - 2015-03-05 13:52 - 02917376 _____ () D:\Programme\Avast\defs\15030500\algo.dll
2013-05-31 19:41 - 2015-03-05 13:58 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-05-31 19:41 - 2010-06-29 03:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-05-31 19:39 - 2012-11-19 20:04 - 00050688 _____ () C:\Program Files (x86)\ASUS\ASUS Easy Update\AsMultiLang.dll
2015-02-22 19:04 - 2015-02-22 19:04 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-11-15 20:55 - 2014-11-15 20:55 - 38562088 _____ () D:\Programme\Avast\libcef.dll
2013-12-30 12:23 - 2012-06-17 11:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll
2015-03-05 13:59 - 2015-03-05 13:59 - 00098816 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32api.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00110080 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\pywintypes27.dll
2015-03-05 13:59 - 2015-03-05 13:59 - 00364544 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\pythoncom27.dll
2015-03-05 13:59 - 2015-03-05 13:59 - 00045568 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\_socket.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 01160704 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\_ssl.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00320512 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32com.shell.shell.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00713216 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\_hashlib.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 01175040 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\wx._core_.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00805888 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\wx._gdi_.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00811008 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\wx._windows_.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 01062400 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\wx._controls_.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00735232 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\wx._misc_.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00557056 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\pysqlite2._sqlite.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00128512 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\_elementtree.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00127488 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\pyexpat.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00087552 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\_ctypes.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00119808 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32file.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00108544 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32security.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00007168 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\hashobjs_ext.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00167936 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32gui.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00018432 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32event.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00038912 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32inet.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00011264 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32crypt.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00070656 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\wx._html2.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00027136 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\_multiprocessing.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00035840 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32process.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00686080 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\unicodedata.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00122368 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\wx._wizard.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00024064 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32pipe.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00025600 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32pdh.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00525640 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\windows._lib_cacheinvalidation.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00010240 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\select.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00017408 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32profile.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00022528 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\win32ts.pyd
2015-03-05 13:59 - 2015-03-05 13:59 - 00078336 _____ () C:\Users\JRG~1\AppData\Local\Temp\_MEI54282\wx._animate.pyd
2013-08-07 00:30 - 2013-02-16 01:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jörg\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1640622340-885431489-981301766-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jörg\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKU\S-1-5-21-1640622340-885431489-981301766-1001\...\StartupApproved\Run: => "Steam"

==================== Accounts: =============================

Administrator (S-1-5-21-1640622340-885431489-981301766-500 - Administrator - Disabled)
Gast (S-1-5-21-1640622340-885431489-981301766-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1640622340-885431489-981301766-1025 - Limited - Enabled)
Jörg (S-1-5-21-1640622340-885431489-981301766-1001 - Administrator - Enabled) => C:\Users\Jörg
Rike (S-1-5-21-1640622340-885431489-981301766-1004 - Administrator - Enabled) => C:\Users\Rike

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-20 00:39:50.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.537
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.433
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.132
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:50.061
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:49.991
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-20 00:39:49.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
Percentage of memory in use: 23%
Total physical RAM: 12196.22 MB
Available physical RAM: 9330.23 MB
Total Pagefile: 14052.22 MB
Available Pagefile: 10535.99 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.66 GB) (Free:65.34 GB) NTFS
Drive d: (Data) (Fixed) (Total:1692.8 GB) (Free:1437.92 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:29.69 GB) (Free:29.55 GB) NTFS
Drive j: (Heuer) (Fixed) (Total:1863.01 GB) (Free:1699.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: C3B123CA)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 292F36CC)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 05.03.2015, 13:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MD1502A26-006B-4EF0-8C00-878CE61C8726&SearchSource=55&CUI=&UM=8&UP=SPF3EC0C08-3C1E-43A6-AE5D-C6FCE9750B31&SSPV=
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: {86567482-88DF-45C7-A852-2B20DC9171D9} - System32\Tasks\avayvxvaxc => C:\Users\Jörg\AppData\Local\avayvxvaxc\avayvxvaxc.exe <==== ATTENTION
C:\Users\Jörg\AppData\Local\avayvxvaxc
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.03.2015, 16:17   #11
Worf84
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by Jörg at 2015-03-05 17:07:05 Run:1
Running from C:\Users\Jörg\Desktop
Loaded Profiles: Jörg (Available profiles: Jörg & Rike)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MD1502A26-006B-4EF0-8C00-878CE61C8726&SearchSource=55&CUI=&UM=8&UP=SPF3EC0C08-3C1E-43A6-AE5D-C6FCE9750B31&SSPV=
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: {86567482-88DF-45C7-A852-2B20DC9171D9} - System32\Tasks\avayvxvaxc => C:\Users\Jörg\AppData\Local\avayvxvaxc\avayvxvaxc.exe <==== ATTENTION
C:\Users\Jörg\AppData\Local\avayvxvaxc
EmptyTemp:
Hosts:
*****************

Chrome HomePage deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86567482-88DF-45C7-A852-2B20DC9171D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86567482-88DF-45C7-A852-2B20DC9171D9}" => Key deleted successfully.
C:\Windows\System32\Tasks\avayvxvaxc => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvxvaxc" => Key deleted successfully.
C:\Users\Jörg\AppData\Local\avayvxvaxc => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 4.8 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:08:19 ====
         

Alt 05.03.2015, 20:16   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



Schau mal ob MBAR jetzt geht
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.03.2015, 07:55   #13
Worf84
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



Hallo,

mbar bleibt wieder bei C:\Programm Files\Ituneshelper.exe stehen, bzw. scan die Datei ewig (warte schon 15 Minuten)

Alt 06.03.2015, 09:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



Brich MBAR ab, mach Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.03.2015, 14:43   #15
Worf84
 
?trackid=sp-006 bei jeder Google Suche in Chrome - Standard

?trackid=sp-006 bei jeder Google Suche in Chrome



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.03.2015
Suchlauf-Zeit: 13:03:53
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.06.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Jörg

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 404522
Verstrichene Zeit: 5 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 6
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [7ad1fe44543642f40733d85326df4bb5], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [7dce43ff5337e5515ddc0922be47758b], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, In Quarantäne, [aaa119299af051e58e75cfffd82b1ee2], 
PUP.Optional.QuickRef.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qrnfd_1_10_0_9, In Quarantäne, [a2a9ff435d2d171f59c006a4669da957], 
Malware.Trace, HKU\S-1-5-21-1640622340-885431489-981301766-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID, In Quarantäne, [4209043eafdbfb3bd032ed7f0301c43c], 
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1640622340-885431489-981301766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, In Quarantäne, [83c84200fd8da78f5f3120e8e61f4eb2], 

Registrierungswerte: 1
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_245, In Quarantäne, [f556241e9af01d1986938c262ed5bd43], 

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 

Dateien: 13
PUP.Optional.OpenCandy, C:\Users\Jörg\Downloads\DTLite4491-0356.exe, In Quarantäne, [df6c32108406f145a46a3ec63cca5fa1], 
PUP.Optional.RollAround.A, C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\r0mvh8xn.default\extensions\{bec0d06e-c92d-48a7-bc8b-4f7ee342b2ad}.xpi, In Quarantäne, [b596bc86abdf2c0a7459cfd738cb27d9], 
Trojan.Banker, C:\Users\Jörg\AppData\Roaming\taskserv.exe, In Quarantäne, [eb60ad95fe8c092d6c6f33da798bda26], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp\a.db, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp\b.db, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp\b.res, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp\c4.arc, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp\i.arc, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp\Sqlite3.dll, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp\tb32.arc, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp\tb64.arc, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp\u.arc, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 
PUP.Optional.SpeedCheck.A, C:\Program Files (x86)\ver7SpeedCheck\temp\Uninstall.exe, In Quarantäne, [5eedbd85a0ea6dc9b26d4f3ea45fb34d], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a609de2fa8cb12439bb0ea626e470c94
# engine=22785
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-06 02:33:55
# local_time=2015-03-06 03:33:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 9501834 20348477 0 0
# scanned=372293
# found=31
# cleaned=0
# scan_time=7884
sh=31D0B125962639ACC9DF9F39782A3207099DD924 ft=1 fh=ca95fc211bc2fbc3 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll.vir"
sh=6857BD88EA938B705EFC3FD46D5C91D2C1B3EDE9 ft=1 fh=a2f65d85debd6839 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll.vir"
sh=7ABB587B2A0D80E1EC4B2F1E8BB0E2C194FBB4A0 ft=1 fh=9074270edfd38722 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe.vir"
sh=3407FB00757C71D9CB28AEC2EC7855FF5D3A6609 ft=1 fh=67364266c19decdd vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll.vir"
sh=89DC63472DE94DF3F12DBAE15B7EBE6C04263369 ft=1 fh=7fb9e45e0079471d vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll.vir"
sh=C07D98031E67DD7268505B4BE06691D763A2106E ft=1 fh=742ddfee9fbec440 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\orbiter.dll.vir"
sh=781F9B92B453B90F3C04D98B5153DD5C6C26F589 ft=1 fh=135374a5b4967ccc vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\uninstall.exe.vir"
sh=A6350D711270B658DDD4D9C26D10679FBA18C1FA ft=1 fh=9d7420da1e8d8d5f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir"
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JRG~1\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=8E31A6EE67EBE1E2FF92DF93A8154C4A1B4ADF7F ft=1 fh=628770b15a532e61 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jörg\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jörg\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir"
sh=03D5349FCDA79881C183D2F668CDFF8231AC1448 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jörg\AppData\Roaming\Binkiland\UpdateProc\bkup.dat.vir"
sh=1C474DFCEF8A44892A22A407EDC8C4F3C1E66FAF ft=1 fh=09011d21ac0250f2 vn="Variante von Win32/DealPly.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jörg\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe.vir"
sh=DD5B4DC6D4DB951642395DDA4F282B5C36F5DA8F ft=1 fh=4b33ce6d51c3dc89 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jörg\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe.vir"
sh=4079AA4A83E650C4295194FB47E73D794E23A970 ft=1 fh=c6f978291297a546 vn="Win64/Riskware.NetFilter.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\wStLibG64.sys.vir"
sh=8D26B6600B0A391A6C6F4FA1FC3D353A7C3EAC25 ft=1 fh=c3321340d5e442f5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Jörg\AppData\Local\avayvxvaxc\pbqrmvbub"
sh=8F2E86569D27AFB5414456D3BDEADA80C0BA6D33 ft=1 fh=7b4f8cd248ba8492 vn="Variante von Win32/Adware.ConvertAd.BP Anwendung" ac=I fn="C:\Users\Jörg\AppData\Local\482D6A71-1424508004-FE52-D75B-74D02B9B4D91\onsuBFF4.tmp"
sh=634905F686D66A3A1A6C2B1198F4B8FCE9B0E549 ft=1 fh=cc1b684a1d5d1600 vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Jörg\AppData\Local\482D6A71-1424508004-FE52-D75B-74D02B9B4D91\pnseC033.exe"
sh=23E31F09CCF254759BBA8B35304BBBA2C0ECBB30 ft=1 fh=0a258ea94ea0827d vn="Variante von Win32/Adware.AdService.AN Anwendung" ac=I fn="C:\Users\Jörg\AppData\Local\482D6A71-1424508004-FE52-D75B-74D02B9B4D91\snsuBFF2.tmp"
sh=1D1D34DC98C74DCDDB3339DE06818ECA044453A7 ft=1 fh=adb40b6c67caf399 vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Jörg\AppData\Local\482D6A71-1424508004-FE52-D75B-74D02B9B4D91\Uninstall.exe"
sh=96105BB07D807E3EADABBB47DF91E7602466B4E2 ft=1 fh=9329c69ae45b252a vn="Variante von Win32/Adware.ConvertAd.BJ Anwendung" ac=I fn="C:\Users\Jörg\AppData\Roaming\482D6A71-1424507953-FE52-D75B-74D02B9B4D91\jnsv432E.tmp"
sh=D6A2832B6C23ED7DFA0A704D2F2CF74D78F0DB3E ft=1 fh=9c04837a22010006 vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Jörg\AppData\Roaming\482D6A71-1424507953-FE52-D75B-74D02B9B4D91\Uninstall.exe"
sh=08957ACD899D1CC9CC9EF22DE81E82F65B08B9FC ft=1 fh=477c3fba40b029fc vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Jörg\AppData\Roaming\482D6A71-1424507953-FE52-D75B-74D02B9B4D91\vnscF0E9.tmp"
sh=D371F6AC23332348489F14839F4D672B65C324F4 ft=1 fh=79b60214b738da68 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jörg\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jörg\Downloads\PDFCreator-1_7_3_setup.exe"
sh=5100EB5304E57772A1D080FDD98E8188ADAE1285 ft=1 fh=3f21312417496a8d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jörg\Downloads\Revo Uninstaller - CHIP-Installer.exe"
sh=3169B934BE14FB2F69153B54CCA4B36A794EA39D ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\Heuer\externe FSP\Adobe Photoshop CS6 Extended German rar (1)\Adobe Photoshop CS6 Extended German.rar"
sh=24EACADAF8910146B00A3B6146FAD19E11BFF03B ft=1 fh=5e1dc8d93e2d8e01 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="D:\Programme\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe"
sh=34D77A23AA7C7648948E4BFAB31F33F517A785DC ft=1 fh=11cdaad78b073df2 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="D:\Programme\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe"
sh=D6AE522FF8806F7589D0FD0CC5D70B65B0B5E390 ft=1 fh=1211e94886f9a591 vn="Variante von Win32/Hao123.D evtl. unerwünschte Anwendung" ac=I fn="D:\Programme\FormatFactory\FFModules\Package\BaiDu\hao123inst-saudi-forf.exe"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="D:\Programme\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
         

Antwort

Themen zu ?trackid=sp-006 bei jeder Google Suche in Chrome
bingbar, chrome, folge, folgendes, google, hoffe, newtab, remotecomputer, suche, suchfeld, super, trackid, trackid=sp-006, zusätzlich



Ähnliche Themen: ?trackid=sp-006 bei jeder Google Suche in Chrome


  1. Trackid=sp-006 hinter jeder Googlesuche!
    Plagegeister aller Art und deren Bekämpfung - 09.11.2015 (11)
  2. ?trackid=sp-004752 angehangen bei Suche über Adresszeile des Browsers
    Log-Analyse und Auswertung - 16.10.2015 (3)
  3. Trackid=sp-006 hinter jeder Googlesuche
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (13)
  4. Trackid=sp-006 hinter jeder Googlesuche
    Log-Analyse und Auswertung - 12.04.2015 (12)
  5. Trackid=sp-006 hinter jeder Googlesuche
    Log-Analyse und Auswertung - 05.04.2015 (11)
  6. Trackid=sp-006 hinter jeder Googlesuche.
    Log-Analyse und Auswertung - 03.04.2015 (1)
  7. Google Chrome bei jeder Suche trackid=sp-006
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (13)
  8. Google hängt ?trackid=sp-006
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (41)
  9. Win 8.1, 32bit: Trackid=sp-006 in jeder Google-Suche
    Plagegeister aller Art und deren Bekämpfung - 25.02.2015 (3)
  10. Trackid=sp-006 hinter jeder Googlesuche.
    Plagegeister aller Art und deren Bekämpfung - 22.02.2015 (25)
  11. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  12. Google Suche in Chrome wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 22.10.2014 (23)
  13. [Google Chrome]Neue Seiten öffnen sich automatisch ( Werbung ) zufällige wörter jeder Internet seiten sind mit URL's verseht
    Plagegeister aller Art und deren Bekämpfung - 01.04.2014 (5)
  14. bei etwa jeder zweiten google suche werde ich zu "click compare" verlinkt.
    Log-Analyse und Auswertung - 15.02.2013 (1)
  15. goingonearth website als 1. ergebnis bei jeder google suche
    Plagegeister aller Art und deren Bekämpfung - 15.05.2011 (6)
  16. Google Redirect / Umleitung bei jeder Suche - Rootkit?
    Log-Analyse und Auswertung - 18.01.2010 (4)
  17. Mozilla und Google Chrome starten nicht, dafür Fehlermeldung und Inet Explorer Suche
    Plagegeister aller Art und deren Bekämpfung - 15.12.2009 (7)

Zum Thema ?trackid=sp-006 bei jeder Google Suche in Chrome - Hallo, jedesmal wenn ich über Chrome bei Google etwas suche wird folgendes "?trackid=sp-006" zusätzlich im Suchfeld hinter den Suchbegriff eingefügt. Ich hoffe Ihr könnt mir weiterhelfen. Danke im voraus. FRST - ?trackid=sp-006 bei jeder Google Suche in Chrome...
Archiv
Du betrachtest: ?trackid=sp-006 bei jeder Google Suche in Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.