Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.03.2015, 12:08   #1
zwn
 
PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Hallo zusammen,

verschiedene Virenscans haben auf dem Laptop meiner Freundin verschiedene Funde geliefert:

Vor einiger Zeit hat Malwarebytes "PUP.Optional.SimpleNewTab.A" gefunden. Die Dateien wurden in Quarantäne verschoben, aber erstmal nichts weiter unternommen.. :/

Hier das Log dazu:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.12.2014
Suchlauf-Zeit: 22:27:00
Logdatei: mbam log.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.12.01.07
Rootkit Datenbank: v2014.12.01.02
Lizenz: Kostenlos
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: ***

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 319700
Verstrichene Zeit: 22 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 6
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{8DAA9564-C7BF-43E1-ADB9-17B44DA980A6}, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B47A69DE-9B38-4EC0-996E-99F90C0F8CA5}, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}\INPROCSERVER32, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], 
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, Löschen bei Neustart, [9a0fe27bb4c8ac8a833dbeab1be8ba46], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.SimpleNewTab.A, C:\Users\***\AppData\Local\simple_new_tab, In Quarantäne, [0a9f0a53a9d37cba99c9110fb44f8b75], 
PUP.Optional.SimpleNewTab.A, C:\Users\***\AppData\Local\simple_new_tab\htmls, In Quarantäne, [0a9f0a53a9d37cba99c9110fb44f8b75], 

Dateien: 3
PUP.Optional.SimpleNewTab.A, C:\Users\***\AppData\Local\simple_new_tab\simple_new_tab.dll, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], 
PUP.Optional.Bandoo, C:\Users\***\Desktop\jZipSetup-r110-w-bf.exe, In Quarantäne, [5d4c90cd6b11a59154598d463dc404fc], 
PUP.Optional.SimpleNewTab.A, C:\Users\***\AppData\Local\simple_new_tab\htmls\index.html, In Quarantäne, [0a9f0a53a9d37cba99c9110fb44f8b75], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Dann hat heute Avira folgendn Fund gemeldet: PUA/DownloadSponsor.Gen

Log:
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 20. März 2015  07:01


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ***-PC

Versionsinformationen:
BUILD.DAT      : 15.0.8.656     91858 Bytes  17.03.2015 13:02:00
AVSCAN.EXE     : 15.0.8.652   1014064 Bytes  20.03.2015 05:17:39
AVSCANRC.DLL   : 15.0.8.652     63792 Bytes  20.03.2015 05:17:39
LUKE.DLL       : 15.0.8.652     60664 Bytes  20.03.2015 05:17:55
AVSCPLR.DLL    : 15.0.8.652     93488 Bytes  20.03.2015 05:17:39
REPAIR.DLL     : 15.0.8.652    365360 Bytes  20.03.2015 05:17:38
REPAIR.RDF     : 1.0.6.48      806858 Bytes  20.03.2015 05:18:03
AVREG.DLL      : 15.0.8.652    265464 Bytes  20.03.2015 05:17:37
AVLODE.DLL     : 15.0.8.656    645368 Bytes  20.03.2015 05:17:36
AVLODE.RDF     : 14.0.4.54      78895 Bytes  08.12.2014 11:27:57
XBV00017.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00018.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00019.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:38
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:39
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:39
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:39
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:39
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:39
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:39
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:39
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:39
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:39
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:40
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:14:40
XBV00178.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:56
XBV00179.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:56
XBV00180.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:56
XBV00181.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:56
XBV00182.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:56
XBV00183.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:56
XBV00184.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:56
XBV00185.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:57
XBV00186.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:57
XBV00187.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:57
XBV00188.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:57
XBV00189.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:57
XBV00190.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:57
XBV00191.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:57
XBV00192.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:57
XBV00193.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:57
XBV00194.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:58
XBV00195.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:58
XBV00196.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:58
XBV00197.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:58
XBV00198.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:58
XBV00199.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:59
XBV00200.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:59
XBV00201.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:59
XBV00202.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:59
XBV00203.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:59
XBV00204.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:59
XBV00205.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:16:59
XBV00206.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:00
XBV00207.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:00
XBV00208.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:00
XBV00209.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:00
XBV00210.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:01
XBV00211.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:01
XBV00212.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:01
XBV00213.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:01
XBV00214.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:01
XBV00215.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:01
XBV00216.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:02
XBV00217.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:02
XBV00218.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:02
XBV00219.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:02
XBV00220.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:02
XBV00221.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:03
XBV00222.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:03
XBV00223.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:03
XBV00224.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:03
XBV00225.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:03
XBV00226.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:03
XBV00227.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:03
XBV00228.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00229.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00230.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00231.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00232.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00233.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00234.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00235.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00236.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00237.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00238.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00239.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00240.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00241.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:04
XBV00242.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00243.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00244.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00245.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00246.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00247.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00248.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00249.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00250.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00251.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00252.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00253.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00254.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00255.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 14:17:05
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 09:56:00
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 11:59:48
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 12:17:03
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 13:44:10
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 13:22:49
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 09:12:29
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 18:24:18
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 14:49:11
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 15:14:36
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 15:16:29
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 16:50:08
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 18:20:06
XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 11:51:13
XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 05:48:43
XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 15:52:21
XBV00015.VDF   : 8.11.213.84  3175936 Bytes  03.03.2015 07:43:21
XBV00016.VDF   : 8.11.213.176   212480 Bytes  05.03.2015 14:16:47
XBV00042.VDF   : 8.11.213.202     3584 Bytes  05.03.2015 14:16:47
XBV00043.VDF   : 8.11.213.204     2048 Bytes  05.03.2015 14:16:47
XBV00044.VDF   : 8.11.213.230    40960 Bytes  05.03.2015 14:16:47
XBV00045.VDF   : 8.11.214.2     29184 Bytes  05.03.2015 20:16:47
XBV00046.VDF   : 8.11.214.28    25088 Bytes  05.03.2015 07:53:26
XBV00047.VDF   : 8.11.214.30    14848 Bytes  05.03.2015 07:53:26
XBV00048.VDF   : 8.11.214.32     3072 Bytes  05.03.2015 07:53:26
XBV00049.VDF   : 8.11.214.34     2048 Bytes  06.03.2015 07:53:26
XBV00050.VDF   : 8.11.214.38    39424 Bytes  06.03.2015 07:53:26
XBV00051.VDF   : 8.11.214.40     6656 Bytes  06.03.2015 07:53:26
XBV00052.VDF   : 8.11.214.42     4608 Bytes  06.03.2015 07:53:27
XBV00053.VDF   : 8.11.214.44     5120 Bytes  06.03.2015 18:00:53
XBV00054.VDF   : 8.11.214.46    23552 Bytes  06.03.2015 18:00:53
XBV00055.VDF   : 8.11.214.48     3072 Bytes  06.03.2015 18:00:53
XBV00056.VDF   : 8.11.214.50    25600 Bytes  06.03.2015 18:00:53
XBV00057.VDF   : 8.11.214.72     2048 Bytes  06.03.2015 18:00:53
XBV00058.VDF   : 8.11.214.92    48128 Bytes  06.03.2015 18:00:53
XBV00059.VDF   : 8.11.214.112    12800 Bytes  06.03.2015 18:00:53
XBV00060.VDF   : 8.11.214.114     2560 Bytes  06.03.2015 18:00:54
XBV00061.VDF   : 8.11.214.136    32256 Bytes  06.03.2015 18:00:54
XBV00062.VDF   : 8.11.214.138     2048 Bytes  06.03.2015 18:00:54
XBV00063.VDF   : 8.11.214.140     2048 Bytes  07.03.2015 18:00:54
XBV00064.VDF   : 8.11.214.144    34304 Bytes  07.03.2015 18:00:54
XBV00065.VDF   : 8.11.214.146     2048 Bytes  07.03.2015 18:00:54
XBV00066.VDF   : 8.11.214.168    33792 Bytes  07.03.2015 18:00:54
XBV00067.VDF   : 8.11.214.188    71168 Bytes  08.03.2015 18:00:54
XBV00068.VDF   : 8.11.214.190     2048 Bytes  08.03.2015 18:00:54
XBV00069.VDF   : 8.11.214.192     2048 Bytes  08.03.2015 18:00:54
XBV00070.VDF   : 8.11.214.212     2048 Bytes  08.03.2015 18:00:55
XBV00071.VDF   : 8.11.214.232    28672 Bytes  08.03.2015 18:00:55
XBV00072.VDF   : 8.11.214.252    69120 Bytes  09.03.2015 18:00:55
XBV00073.VDF   : 8.11.215.14     3584 Bytes  09.03.2015 18:00:55
XBV00074.VDF   : 8.11.215.32     7168 Bytes  09.03.2015 18:00:55
XBV00075.VDF   : 8.11.215.50    12800 Bytes  09.03.2015 18:00:55
XBV00076.VDF   : 8.11.215.52     5120 Bytes  09.03.2015 18:00:55
XBV00077.VDF   : 8.11.215.70    17920 Bytes  09.03.2015 18:00:55
XBV00078.VDF   : 8.11.215.90     2048 Bytes  09.03.2015 18:00:55
XBV00079.VDF   : 8.11.215.110     2048 Bytes  09.03.2015 18:00:55
XBV00080.VDF   : 8.11.215.132    29696 Bytes  09.03.2015 18:00:55
XBV00081.VDF   : 8.11.215.134    11264 Bytes  09.03.2015 18:00:55
XBV00082.VDF   : 8.11.215.136    11264 Bytes  09.03.2015 18:00:56
XBV00083.VDF   : 8.11.215.138    12288 Bytes  10.03.2015 18:00:56
XBV00084.VDF   : 8.11.215.140    35840 Bytes  10.03.2015 18:00:56
XBV00085.VDF   : 8.11.215.158     6144 Bytes  10.03.2015 18:00:56
XBV00086.VDF   : 8.11.215.174     5632 Bytes  10.03.2015 18:00:56
XBV00087.VDF   : 8.11.215.190     8704 Bytes  10.03.2015 18:00:56
XBV00088.VDF   : 8.11.215.206    19968 Bytes  10.03.2015 18:00:56
XBV00089.VDF   : 8.11.215.222    12800 Bytes  10.03.2015 18:00:56
XBV00090.VDF   : 8.11.215.226     2048 Bytes  10.03.2015 18:00:56
XBV00091.VDF   : 8.11.215.230    14336 Bytes  10.03.2015 18:00:56
XBV00092.VDF   : 8.11.215.234    26112 Bytes  10.03.2015 18:00:56
XBV00093.VDF   : 8.11.215.236    11776 Bytes  10.03.2015 18:00:56
XBV00094.VDF   : 8.11.215.240    22016 Bytes  11.03.2015 18:00:57
XBV00095.VDF   : 8.11.215.242     2048 Bytes  11.03.2015 18:00:57
XBV00096.VDF   : 8.11.215.244     2048 Bytes  11.03.2015 18:00:57
XBV00097.VDF   : 8.11.216.4      7680 Bytes  11.03.2015 18:00:57
XBV00098.VDF   : 8.11.216.20    12800 Bytes  11.03.2015 18:00:57
XBV00099.VDF   : 8.11.216.36    19968 Bytes  11.03.2015 18:00:57
XBV00100.VDF   : 8.11.216.52     2560 Bytes  11.03.2015 18:00:57
XBV00101.VDF   : 8.11.216.54    22016 Bytes  11.03.2015 18:00:57
XBV00102.VDF   : 8.11.216.56     8192 Bytes  11.03.2015 18:00:57
XBV00103.VDF   : 8.11.216.58     4608 Bytes  11.03.2015 18:00:57
XBV00104.VDF   : 8.11.216.60    16896 Bytes  11.03.2015 18:00:58
XBV00105.VDF   : 8.11.216.76    14336 Bytes  11.03.2015 18:00:58
XBV00106.VDF   : 8.11.216.90    30208 Bytes  11.03.2015 18:00:58
XBV00107.VDF   : 8.11.216.104     5632 Bytes  12.03.2015 18:00:58
XBV00108.VDF   : 8.11.216.118     6656 Bytes  12.03.2015 18:00:58
XBV00109.VDF   : 8.11.216.120    24576 Bytes  12.03.2015 18:00:58
XBV00110.VDF   : 8.11.216.122    16896 Bytes  12.03.2015 05:13:15
XBV00111.VDF   : 8.11.216.124     2048 Bytes  12.03.2015 05:13:15
XBV00112.VDF   : 8.11.216.138    16896 Bytes  12.03.2015 05:13:15
XBV00113.VDF   : 8.11.216.140     2048 Bytes  12.03.2015 05:13:15
XBV00114.VDF   : 8.11.216.154     3584 Bytes  12.03.2015 05:13:15
XBV00115.VDF   : 8.11.216.168     2048 Bytes  12.03.2015 05:13:15
XBV00116.VDF   : 8.11.216.182    70144 Bytes  12.03.2015 05:13:16
XBV00117.VDF   : 8.11.216.196     2048 Bytes  13.03.2015 05:13:16
XBV00118.VDF   : 8.11.216.200    46080 Bytes  13.03.2015 05:13:16
XBV00119.VDF   : 8.11.216.214    11776 Bytes  13.03.2015 05:13:16
XBV00120.VDF   : 8.11.216.228     4096 Bytes  13.03.2015 05:13:16
XBV00121.VDF   : 8.11.216.242     2560 Bytes  13.03.2015 05:13:16
XBV00122.VDF   : 8.11.216.254     2560 Bytes  13.03.2015 05:13:16
XBV00123.VDF   : 8.11.217.10     7680 Bytes  13.03.2015 05:13:16
XBV00124.VDF   : 8.11.217.14     2048 Bytes  13.03.2015 05:13:16
XBV00125.VDF   : 8.11.217.16    24576 Bytes  13.03.2015 05:13:17
XBV00126.VDF   : 8.11.217.22    17408 Bytes  13.03.2015 05:13:17
XBV00127.VDF   : 8.11.217.24     2048 Bytes  13.03.2015 05:13:17
XBV00128.VDF   : 8.11.217.26     2048 Bytes  13.03.2015 05:13:17
XBV00129.VDF   : 8.11.217.28    15872 Bytes  13.03.2015 05:13:17
XBV00130.VDF   : 8.11.217.42    84480 Bytes  14.03.2015 05:13:17
XBV00131.VDF   : 8.11.217.54     2048 Bytes  14.03.2015 05:13:17
XBV00132.VDF   : 8.11.217.66     2048 Bytes  14.03.2015 05:13:17
XBV00133.VDF   : 8.11.217.78    19456 Bytes  14.03.2015 05:13:17
XBV00134.VDF   : 8.11.217.90    71680 Bytes  15.03.2015 05:13:18
XBV00135.VDF   : 8.11.217.102     2048 Bytes  15.03.2015 05:13:18
XBV00136.VDF   : 8.11.217.124     6656 Bytes  15.03.2015 05:13:18
XBV00137.VDF   : 8.11.217.136    76800 Bytes  16.03.2015 05:13:18
XBV00138.VDF   : 8.11.217.146     3584 Bytes  16.03.2015 05:13:18
XBV00139.VDF   : 8.11.217.156     3584 Bytes  16.03.2015 05:13:18
XBV00140.VDF   : 8.11.217.166     4096 Bytes  16.03.2015 05:13:18
XBV00141.VDF   : 8.11.217.176    12288 Bytes  16.03.2015 05:13:18
XBV00142.VDF   : 8.11.217.186    13312 Bytes  16.03.2015 05:13:18
XBV00143.VDF   : 8.11.217.188    24064 Bytes  16.03.2015 05:13:18
XBV00144.VDF   : 8.11.217.194     7680 Bytes  16.03.2015 05:13:18
XBV00145.VDF   : 8.11.217.198    31232 Bytes  16.03.2015 05:13:18
XBV00146.VDF   : 8.11.217.208    13824 Bytes  16.03.2015 20:42:02
XBV00147.VDF   : 8.11.217.216     7680 Bytes  16.03.2015 20:42:02
XBV00148.VDF   : 8.11.217.224     2048 Bytes  17.03.2015 20:42:02
XBV00149.VDF   : 8.11.217.232    23552 Bytes  17.03.2015 20:42:03
XBV00150.VDF   : 8.11.217.240     7168 Bytes  17.03.2015 20:42:03
XBV00151.VDF   : 8.11.217.242     9216 Bytes  17.03.2015 20:42:03
XBV00152.VDF   : 8.11.217.244    13824 Bytes  17.03.2015 20:42:03
XBV00153.VDF   : 8.11.217.252     4608 Bytes  17.03.2015 20:42:03
XBV00154.VDF   : 8.11.218.4     10240 Bytes  17.03.2015 20:42:03
XBV00155.VDF   : 8.11.218.6     12800 Bytes  17.03.2015 20:42:03
XBV00156.VDF   : 8.11.218.16    14848 Bytes  17.03.2015 20:42:03
XBV00157.VDF   : 8.11.218.20     2048 Bytes  17.03.2015 20:42:03
XBV00158.VDF   : 8.11.218.28     4096 Bytes  17.03.2015 05:15:15
XBV00159.VDF   : 8.11.218.30    25600 Bytes  17.03.2015 05:15:15
XBV00160.VDF   : 8.11.218.32     2048 Bytes  17.03.2015 05:15:16
XBV00161.VDF   : 8.11.218.34    18432 Bytes  17.03.2015 05:15:16
XBV00162.VDF   : 8.11.218.38    26112 Bytes  18.03.2015 04:52:51
XBV00163.VDF   : 8.11.218.46     4096 Bytes  18.03.2015 04:52:51
XBV00164.VDF   : 8.11.218.52     3584 Bytes  18.03.2015 04:52:51
XBV00165.VDF   : 8.11.218.66     5120 Bytes  18.03.2015 04:52:51
XBV00166.VDF   : 8.11.218.78    24576 Bytes  18.03.2015 04:52:51
XBV00167.VDF   : 8.11.218.88    15360 Bytes  18.03.2015 04:52:51
XBV00168.VDF   : 8.11.218.98    17408 Bytes  18.03.2015 04:52:51
XBV00169.VDF   : 8.11.218.100    10240 Bytes  18.03.2015 04:52:51
XBV00170.VDF   : 8.11.218.102     7680 Bytes  18.03.2015 04:52:51
XBV00171.VDF   : 8.11.218.106    39936 Bytes  19.03.2015 05:18:00
XBV00172.VDF   : 8.11.218.116    37888 Bytes  19.03.2015 05:18:00
XBV00173.VDF   : 8.11.218.126    14336 Bytes  19.03.2015 05:18:00
XBV00174.VDF   : 8.11.218.136    58880 Bytes  19.03.2015 05:18:00
XBV00175.VDF   : 8.11.218.148    79872 Bytes  19.03.2015 05:18:00
XBV00176.VDF   : 8.11.218.150    16896 Bytes  19.03.2015 05:18:00
XBV00177.VDF   : 8.11.218.152     2048 Bytes  19.03.2015 05:18:00
LOCAL000.VDF   : 8.11.218.152 125038592 Bytes  19.03.2015 05:18:52
Engineversion  : 8.3.30.4  
AEVDF.DLL      : 8.3.1.6       133992 Bytes  20.08.2014 18:41:53
AESCRIPT.DLL   : 8.2.2.58      560248 Bytes  17.03.2015 20:42:02
AESCN.DLL      : 8.3.2.2       139456 Bytes  21.07.2014 17:01:18
AESBX.DLL      : 8.2.20.34    1615784 Bytes  04.03.2015 13:43:08
AERDL.DLL      : 8.2.1.20      731040 Bytes  11.02.2015 17:14:00
AEPACK.DLL     : 8.4.0.62      793456 Bytes  23.02.2015 09:22:26
AEOFFICE.DLL   : 8.3.1.14      354216 Bytes  12.03.2015 18:00:52
AEMOBILE.DLL   : 8.1.7.0       281456 Bytes  12.03.2015 18:00:53
AEHEUR.DLL     : 8.1.4.1606   8256368 Bytes  20.03.2015 05:17:32
AEHELP.DLL     : 8.3.2.0       281456 Bytes  20.03.2015 05:17:27
AEGEN.DLL      : 8.1.7.40      456608 Bytes  22.12.2014 15:42:44
AEEXP.DLL      : 8.4.2.70      255904 Bytes  06.02.2015 13:47:53
AEEMU.DLL      : 8.1.3.4       399264 Bytes  07.08.2014 15:14:24
AEDROID.DLL    : 8.4.3.116    1050536 Bytes  12.03.2015 18:00:53
AECORE.DLL     : 8.3.4.0       243624 Bytes  18.12.2014 11:30:28
AEBB.DLL       : 8.1.2.0        60448 Bytes  07.08.2014 15:14:23
AVWINLL.DLL    : 15.0.8.652     25904 Bytes  20.03.2015 05:17:26
AVPREF.DLL     : 15.0.8.652     53248 Bytes  20.03.2015 05:17:37
AVREP.DLL      : 15.0.8.652    221432 Bytes  20.03.2015 05:17:37
AVARKT.DLL     : 15.0.8.652    228088 Bytes  20.03.2015 05:17:32
AVEVTLOG.DLL   : 15.0.8.652    183600 Bytes  20.03.2015 05:17:35
SQLITE3.DLL    : 15.0.8.652    456440 Bytes  20.03.2015 05:17:59
AVSMTP.DLL     : 15.0.8.652     79360 Bytes  20.03.2015 05:17:39
NETNT.DLL      : 15.0.8.652     17352 Bytes  20.03.2015 05:17:56
RCIMAGE.DLL    : 15.0.8.652   4864816 Bytes  20.03.2015 05:17:26
RCTEXT.DLL     : 15.0.8.652     75056 Bytes  20.03.2015 05:17:26

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 20. März 2015  07:01

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\adsm_pdata_0150\dragwait.exe
  [HINWEIS]   Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\_avt
  [HINWEIS]   Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\si.db
  [HINWEIS]   Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\ul.db
  [HINWEIS]   Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\vl.db
  [HINWEIS]   Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\_avt
  [HINWEIS]   Die Datei ist nicht sichtbar.
c:\program files\asus\asus data security manager\driver\x86\asdsm.sys
  [HINWEIS]   Die Datei ist nicht sichtbar.
c:\program files\asus\asus data security manager\driver\x86\_avt
  [HINWEIS]   Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150
  [HINWEIS]   Das Verzeichnis ist nicht sichtbar.
c:\adsm_pdata_0150\db
  [HINWEIS]   Das Verzeichnis ist nicht sichtbar.
c:\program files\asus\asus data security manager\driver\x86
  [HINWEIS]   Das Verzeichnis ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskeng.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WPFFontCache_v0400.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'spmgr.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Amazon Music Helper.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACEngSvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSMMgr.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACMON.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'aspg.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'Hcontrol.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdSync.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASScrPro.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'P4P.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMSrv.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '155' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2072' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <VistaOS>
C:\Users\***\AppData\Local\temp\OCS\ocs_v71a.exe
  [FUND]      Enthält Muster der Software PUA/DownloadSponsor.Gen
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\temp\OCS\ocs_v71a.exe
  [FUND]      Enthält Muster der Software PUA/DownloadSponsor.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56495262.qua' verschoben!


Ende des Suchlaufs: Freitag, 20. März 2015  11:12
Benötigte Zeit:  1:43:38 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  27385 Verzeichnisse wurden überprüft
 447892 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 447891 Dateien ohne Befall
   4325 Archive wurden durchsucht
      0 Warnungen
     12 Hinweise
 701368 Objekte wurden beim Rootkitscan durchsucht
     11 Versteckte Objekte wurden gefunden
         
Ein zusätzlicher Scan mit Malwarebytes hat einen weiteren Fund geliefert, aber nicht den gleichen. Der Fund sollte in Quarantäne verschoben werden, allerdings kann ich den Fund nirgends finden...
Hier das Log dazu:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.03.2015
Suchlauf-Zeit: 10:40:14
Logdatei: mbam log 2.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.20.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: ***

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 345181
Verstrichene Zeit: 30 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
So und jetzt kommen die geforderten Dateien:

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by *** (administrator) on ***-PC on 20-03-2015 11:20:54
Running from C:\Users\***\Desktop
Loaded Profiles: *** &  (Available profiles: *** & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\ASUS\ATK Media\DMedia.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\P4P\P4P.exe
() C:\Windows\ASScrPro.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2008-02-01] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [PowerForPhone] => C:\Program Files\P4P\P4P.exe [778240 2008-01-26] ()
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-10] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\ASScrProlog.exe [37232 2008-07-10] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-01-19] ()
HKLM\...\Run: [BCSSync] => D:\Instalationsdateien\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [Amazon Music] => C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Instalationsdateien\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1227966909
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Homepage: hxxp://de-de.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\INSTAL~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\INSTAL~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2795298741-2112087132-3505275501-1000: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Plugin HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-10-26] (Nullsoft, Inc.)
FF Extension: GMX MailCheck - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\toolbar@gmx.net [2015-03-03]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-06]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-03-12]
FF Extension: PHPNukeDE Toolbar - C:\Program Files\Mozilla Firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2015-03-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2007-09-26] (Windows (R) Codename Longhorn DDK provider)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-03-20] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-04-23] (Samsung Electronics) [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 11:20 - 2015-03-20 11:21 - 00017616 _____ () C:\Users\***\Desktop\FRST.txt
2015-03-20 11:20 - 2015-03-20 11:20 - 00000000 ____D () C:\FRST
2015-03-20 11:19 - 2015-03-20 11:19 - 00000474 _____ () C:\Users\***\Desktop\defogger_disable.log
2015-03-20 11:19 - 2015-03-20 11:19 - 00000000 _____ () C:\Users\***\defogger_reenable
2015-03-20 11:17 - 2015-03-20 11:18 - 00000000 ____D () C:\Users\***\Desktop\Avira log
2015-03-20 11:16 - 2015-03-20 11:16 - 00380416 _____ () C:\Users\***\Desktop\Gmer-19357.exe
2015-03-20 11:15 - 2015-03-20 11:15 - 01135104 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2015-03-20 11:13 - 2015-03-20 11:13 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2015-03-13 06:53 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 06:52 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 06:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 06:45 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 06:45 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 06:44 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 06:44 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 06:44 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 06:44 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 06:44 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 06:43 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 06:43 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-13 06:41 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 19:25 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 19:25 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 19:25 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 19:25 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 19:25 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 19:25 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 19:25 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 19:25 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 19:25 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 18:59 - 2015-03-12 18:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 09:50 - 2015-02-27 10:37 - 00000000 ____D () C:\Users\***\Desktop\Saghar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 11:21 - 2013-01-23 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 11:19 - 2008-10-16 21:36 - 00000000 ____D () C:\Users\***
2015-03-20 11:15 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 11:15 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 11:05 - 2014-05-10 12:04 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job
2015-03-20 11:05 - 2014-05-10 12:04 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job
2015-03-20 10:40 - 2014-12-02 20:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 10:39 - 2008-07-10 18:00 - 01790867 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 06:09 - 2014-12-11 18:59 - 00000000 ____D () C:\Users\***\AppData\Local\FreePDF_XP
2015-03-20 06:09 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 06:21 - 2006-11-02 14:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-19 05:44 - 2012-09-28 11:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-17 21:41 - 2008-07-10 19:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-17 06:04 - 2006-11-02 13:47 - 00377464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 06:51 - 2014-05-16 08:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 06:46 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-05 20:34 - 2012-10-17 20:13 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 14:43 - 2012-10-17 20:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 14:43 - 2012-10-17 20:13 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 16:43 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 03:23 - 2009-10-02 19:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2008-11-13 20:42 - 2014-05-02 18:48 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.001
2008-11-13 18:58 - 2014-05-01 11:45 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.dat
2008-12-07 14:21 - 2008-12-07 14:23 - 1279254 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081207.bmp
2008-12-11 20:20 - 2008-12-11 20:20 - 23970870 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081211.bmp
2010-05-21 09:18 - 2010-05-21 09:18 - 2560054 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20100521.bmp
2013-01-22 20:30 - 2013-01-22 20:37 - 42467382 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20130122.bmp
2013-11-03 20:46 - 2013-11-03 20:47 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20131103.bmp
2014-05-19 20:09 - 2014-05-19 20:09 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140519.bmp
2014-09-13 20:22 - 2014-09-13 20:27 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140913.bmp
2011-06-03 19:34 - 2015-01-15 06:48 - 0000680 _____ () C:\Users\***\AppData\Local\d3d9caps.dat
2008-10-18 14:56 - 2014-02-05 17:58 - 0049664 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-10 20:50 - 2011-09-19 11:54 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-05-02 21:07 - 2015-03-20 10:37 - 0176142 _____ () C:\ProgramData\nvModes.001
2014-05-02 21:06 - 2015-03-20 10:37 - 0176142 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\***\AppData\Local\temp\avgnt.exe
C:\Users\***\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-8u31-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-20 06:26

==================== End Of Log ============================
         
--- --- ---


Addition:
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by *** at 2015-03-20 11:21:35
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS CopyProtect (HKLM\...\{2396F815-84E0-4353-83D7-8B190556DA42}) (Version: 1.00.0003 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS InstantFun (HKLM\...\{57B15AD4-8C9D-4164-82BB-E33D8644E757}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.6 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0004 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}) (Version: 1.02.0019 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 2.4.7.7 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0023 - ATK)
ATK Media (HKLM\...\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}) (Version:  - )
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.6 - ATK)
AudibleManager (HKLM\...\AudibleManager) (Version: 7559957.-2.2004512950.2004511964 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame PlugIn 3.96 APS  (HKLM\...\Audiograbber Lame PlugIn) (Version: 3.96 APS - )
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2830 - CyberLink Corp.)
Das Geheimnis des silbernen Ohrrings (HKLM\...\{4D6D0AA7-DD0E-47A8-BFCE-5A8E4E074CD0}) (Version: 1.00.0000 - Frogwares)
DEUTSCHLAND SPIELT GAME CENTER (HKLM\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
dm Fotowelt (HKLM\...\dm Fotowelt) (Version:  - )
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version:  - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Google Chrome Frame (HKLM\...\{7455D86F-5295-389C-AA29-18D2BDAF8DD8}) (Version: 65.169.102 - Google, Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2010 (HKLM\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 6.80.5.1 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
P4P (HKLM\...\{FC3D290D-79BE-44B7-ABF9-FDD110925930}) (Version: 1.0.0.17 - P4P)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sherlock Holmes (HKLM\...\Sherlock Holmes) (Version: 0.0.0.0 - INTENIUM GmbH)
Sherlock Holmes und der Hund der Baskervilles (HKLM\...\Sherlock Holmes und der Hund der Baskervilles) (Version: 1.0.0.0 - INTENIUM GmbH)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Total Video Converter 3.61 100319 (HKLM\...\Total Video Converter 3.61_is1) (Version:  - EffectMatrix Inc.)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
VIS (HKLM\...\VIS) (Version:  - ) <==== ATTENTION
VLC media player 1.1.10 (HKLM\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Wartung Samsung CLP-620 Series (HKLM\...\Samsung CLP-620 Series) (Version:  - Samsung Electronics CO.,LTD)
Winamp (HKLM\...\Winamp) (Version: 5.622  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version:  - )
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
XnView 1.80 (HKLM\...\XnView_is1) (Version: 1.80 - Gougelet Pierre-e)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File

==================== Restore Points  =========================

27-02-2015 11:49:52 Windows Update
03-03-2015 11:36:16 Windows Update
12-03-2015 19:22:19 Windows Update
13-03-2015 06:38:58 Windows Update
17-03-2015 06:29:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2013-05-14 21:21 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION
Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288} - \{08C1F56F-088D-4C39-90C8-DC91FC840E23} No Task File <==== ATTENTION
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {181E6DDB-34B4-413B-BB3A-13569A47B47C} - \{C65372D3-A2AC-4846-B224-9DA52C853565} No Task File <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - \Microsoft\Windows\MobilePC\TMM No Task File <==== ATTENTION
Task: {1F4FCD5D-8ED2-4212-BDDA-6DC446BA43B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {23C4BEA3-5DAF-4A7D-A6CF-5237554F840E} - \{9FA2F356-D9B9-4379-BFB3-561836FACC41} No Task File <==== ATTENTION
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {30FF26BF-5D0E-4A0D-8E3A-74F448F3278C} - \{7DFD5A6F-BED3-4940-864C-795168F886B4} No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI No Task File <==== ATTENTION
Task: {357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {39B2AB48-552A-4DDD-89F6-BD28784C4795} - \User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B} No Task File <==== ATTENTION
Task: {3A17516A-C56F-4909-A45C-1E4EE8BE0837} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION
Task: {3BB5D87B-C851-4325-97B6-95E4EA1CBC61} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - \Microsoft\Windows\Shell\CrawlStartPages No Task File <==== ATTENTION
Task: {3C5B104F-A9EF-40F3-82A6-917E09DBB6B1} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {3CD7BF6C-F120-476E-AF84-851D43BDDEEE} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {42955E89-15F6-4B96-B803-8F10D491AF65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - \Microsoft\Windows\RAC\RACAgent No Task File <==== ATTENTION
Task: {48909068-64F9-4B29-8C14-6957F35923C3} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {4914F671-C936-43DC-99FF-FA6CEFA48631} - \{0C7F530A-D15D-4BE8-816A-B3F93F0750DB} No Task File <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {54F6CCFE-6C12-4522-A0F6-9DABAC751D2F} - \Microsoft\Windows\MUI\Mcbuilder No Task File <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - \Microsoft\Windows\Wired\GatherWiredInfo No Task File <==== ATTENTION
Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {61CFE991-4061-4219-8E70-0EDF343472E9} - \{9CC80E87-3310-4336-A010-8A18DC3F2535} No Task File <==== ATTENTION
Task: {6B91DF4F-7E1F-4AE8-820A-2FB331567D67} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {6BD37163-E955-4095-A64E-D09EB8917C21} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {6C041448-C69A-4D8B-A774-4F3948997407} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION
Task: {6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47} - \WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000 No Task File <==== ATTENTION
Task: {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {792493DE-3878-4323-B44D-F6F0C3562126} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
Task: {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
Task: {80EF5715-7C51-4381-AC78-AEEC32723C56} - \ASUS Live Update No Task File <==== ATTENTION
Task: {8352B580-641E-4BAD-89CA-3DCC243218D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION
Task: {89BC8B22-30CE-4893-9DC1-F51764E377F4} - \Microsoft\Windows\Tcpip\WSHReset No Task File <==== ATTENTION
Task: {90934D6D-B296-4720-9332-BBCE3BBAFAFE} - \{3A89627D-AE65-40F3-88A3-B9951A36F0A5} No Task File <==== ATTENTION
Task: {92C1E05D-0752-44C4-9541-E0311D8076F1} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {98AEA341-4C47-49D0-8C2D-FE77D5555D9A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION
Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification No Task File <==== ATTENTION
Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F} - \{B05EBB8C-D310-4191-A51D-C8E4B46199A1} No Task File <==== ATTENTION
Task: {C6CBFEC8-EF47-4B48-9718-3A4170F99600} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {D0181A7F-943E-4C95-81B0-B19DB84FAC6B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84} - \{0CD70452-7D35-4999-B126-2DCD7ABA619F} No Task File <==== ATTENTION
Task: {D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {D2D7C16D-D9DC-4982-A8C3-774722DEEB9F} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION
Task: {D8AB5B03-9FA1-497A-90C5-C11888682D07} - \{5320A76D-52E5-4D51-96BD-ABE6C59047C8} No Task File <==== ATTENTION
Task: {D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91} - \{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8} No Task File <==== ATTENTION
Task: {D913FE43-F22E-4EBD-880E-712ABDE8E828} - \{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B} No Task File <==== ATTENTION
Task: {DCF8CA49-10FE-40EA-A5B8-504B864BC698} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo No Task File <==== ATTENTION
Task: {E6031411-55F5-4DD3-B55A-CE322D523FA7} - \{CD11F57F-3271-4269-91B6-4BFCBC014426} No Task File <==== ATTENTION
Task: {E9D54BE1-CB20-4DFC-914B-4A2FA7C00403} - \Microsoft\Windows\MUI\Lpksetup No Task File <==== ATTENTION
Task: {EBC018B6-24B0-4279-98A5-0081A2EB83B1} - \{DE3B6822-025B-4A3E-8682-2116DC6AD7C4} No Task File <==== ATTENTION
Task: {EBF16443-B75E-45A5-BCBB-56B7BF614AF9} - \{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF} No Task File <==== ATTENTION
Task: {EFE3EA02-AD42-4B49-A996-BB3CFEE832BD} - \{0151438E-71FB-4644-9B9F-4D162F36262E} No Task File <==== ATTENTION
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {F81EF21C-F8FA-43AB-A6CB-C763D176EB75} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {FB297749-1051-4B6F-9D00-661A406EC721} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {FC6EE397-3ADC-4083-9CE2-6140F304DE98} - \{5C8A63CF-60C3-4332-99A4-8F60FFE0C241} No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2008-07-10 19:00 - 2007-05-18 10:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-07-10 18:53 - 2007-10-03 05:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-07-10 18:54 - 2007-08-08 08:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-12-11 18:57 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2012-05-20 13:08 - 2009-05-13 01:30 - 00026624 _____ () C:\Windows\System32\ssd2cl3.dll
2012-05-20 13:08 - 2009-09-04 09:59 - 00491520 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssd2cdu.dll
2008-07-10 19:00 - 2007-06-15 18:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-07-10 19:00 - 2007-06-02 01:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2011-12-13 11:54 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2008-07-10 19:00 - 2007-08-08 10:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-07-10 18:55 - 2007-10-18 03:04 - 07737344 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00061440 _____ () C:\Program Files\ASUS\ATK Media\DMedia.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00049152 _____ () C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll
2008-07-10 18:56 - 2006-10-25 23:37 - 00045056 _____ () C:\Program Files\ASUS\ATK Media\GERSTRING.dll
2008-07-10 19:17 - 2008-01-26 02:32 - 00778240 _____ () C:\Program Files\P4P\P4P.exe
2008-07-10 19:27 - 2008-07-10 19:27 - 00033136 _____ () C:\Windows\ASScrPro.exe
2008-07-10 18:53 - 2004-05-28 02:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-07-10 18:57 - 2007-09-26 19:24 - 00147456 _____ () C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
2008-07-10 19:03 - 2007-07-06 00:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-10 19:11 - 2007-07-10 06:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2012-05-20 13:07 - 2010-01-19 10:19 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2008-07-10 18:53 - 2007-08-08 19:03 - 02441216 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2014-12-03 21:41 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
2008-07-10 18:53 - 2007-08-15 19:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-07-10 18:53 - 2007-08-15 19:38 - 00147456 _____ () C:\Program Files\ATK Hotkey\WDC.exe
2008-07-10 19:08 - 2007-08-03 20:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-07-10 19:08 - 2007-09-14 18:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-07-10 19:08 - 2003-11-28 10:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-07-10 19:08 - 2005-08-29 23:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-07-10 19:08 - 2003-09-10 00:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-07-10 19:08 - 2006-04-04 18:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-07-10 19:08 - 2005-04-08 03:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2795298741-2112087132-3505275501-500 - Administrator - Disabled)
Gast (S-1-5-21-2795298741-2112087132-3505275501-501 - Limited - Enabled) => C:\Users\Gast
*** (S-1-5-21-2795298741-2112087132-3505275501-1000 - Administrator - Enabled) => C:\Users\***

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 10:43:43 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\PERMISSIONS.SQLITE-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/20/2015 10:43:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/20/2015 10:43:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/20/2015 06:18:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (03/20/2015 06:11:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/19/2015 05:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/17/2015 06:05:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/12/2015 06:55:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/12/2015 06:54:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.03.2015 um 18:51:41 unerwartet heruntergefahren.

Error: (03/12/2015 06:49:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/06/2015 08:47:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/06/2015 08:46:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 06.03.2015 um 08:16:10 unerwartet heruntergefahren.

Error: (03/06/2015 08:15:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/05/2015 08:30:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2


Microsoft Office Sessions:
=========================
Error: (03/20/2015 10:43:43 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\PERMISSIONS.SQLITE-JOURNAL

Error: (03/20/2015 10:43:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK

Error: (03/20/2015 10:43:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.CACHE

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.CACHE

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.SBSTORE

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.SBSTORE

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET

Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET

Error: (03/20/2015 06:18:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.CACHE


CodeIntegrity Errors:
===================================
  Date: 2015-03-20 10:50:32.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:31.749
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:31.218
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:30.594
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:29.877
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:29.331
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:28.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:28.223
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:42:40.756
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:42:40.199
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 51%
Total physical RAM: 3070.29 MB
Available physical RAM: 1473.81 MB
Total Pagefile: 6350.87 MB
Available Pagefile: 4568.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.02 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:11.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:70.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8D1C393D)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106.7 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
--- --- ---


Gmer:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-20 11:43:46
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AA 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliypod.sys


---- System - GMER 2.1 ----

SSDT            8C3489FE                                                                                 ZwCreateSection
SSDT            8C3489D6                                                                                 ZwCreateSymbolicLinkObject
SSDT            8C3489DB                                                                                 ZwLoadDriver
SSDT            8C3489D1                                                                                 ZwOpenSection
SSDT            8C348A08                                                                                 ZwRequestWaitReplyPort
SSDT            8C348A03                                                                                 ZwSetContextThread
SSDT            8C348A0D                                                                                 ZwSetSecurityObject
SSDT            8C3489E0                                                                                 ZwSetSystemInformation
SSDT            8C348A12                                                                                 ZwSystemDebugControl
SSDT            8C34899F                                                                                 ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                            828C57D8 4 Bytes  [FE, 89, 34, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 21D                                                            828C57E0 4 Bytes  [D6, 89, 34, 8C] {SALC ; MOV [ESP+ECX*4], ESI}
.text           ntkrnlpa.exe!KeSetEvent + 37D                                                            828C5940 4 Bytes  [DB, 89, 34, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 3FD                                                            828C59C0 4 Bytes  [D1, 89, 34, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                            828C5AFC 4 Bytes  [08, 8A, 34, 8C]
.text           ...                                                                                      

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!LdrLoadDll                  77A89378 5 Bytes  JMP 7007900C C:\Program Files\Mozilla Firefox\mozglue.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtCreateFile                77AC4264 5 Bytes  JMP 5494D441 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtFlushBuffersFile          77AC4764 5 Bytes  JMP 5494D181 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtQueryFullAttributesFile   77AC4C94 5 Bytes  JMP 5494D2B9 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtReadFile                  77AC4EC4 5 Bytes  JMP 5494D1BB C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtReadFileScatter           77AC4ED4 5 Bytes  JMP 54D33D7D C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtWriteFile                 77AC54D4 5 Bytes  JMP 5494D5E5 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtWriteFileGather           77AC54E4 5 Bytes  JMP 54D33DCD C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] kernel32.dll!HeapSetInformation + 26  774BA9B8 7 Bytes  JMP 54AD497B C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] kernel32.dll!LockResource + C         774D6BD3 7 Bytes  JMP 54D1ECDA C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] kernel32.dll!VirtualAllocEx + 54      774DB030 7 Bytes  JMP 54D2041B C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] USER32.dll!GetWindowInfo              776A428E 5 Bytes  JMP 5580FA10 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1716] GDI32.dll!SetStretchBltMode + 256     7709745C 7 Bytes  JMP 54D1D492 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                  Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                  Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                 fltmgr.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                 fltmgr.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                    unknown MBR code

---- EOF - GMER 2.1 ----
         
Abgesehen von Funden ist nichts ungewöhnliches zu beobachten.
Ich habe die Hoffung, dass es sich dabei "nur" im potentiell unerwünschte Programme handelt, bin mir aber nicht sicher...
Schonmal im vorraus ein Danke für eure Hilfe!

Alt 20.03.2015, 14:24   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 20.03.2015, 14:59   #3
zwn
 
PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Hi Schrauber, danke für die schnelle Antwort!

Hier die Datei:
Code:
ATTFilter
# AdwCleaner v4.112 - Bericht erstellt 20/03/2015 um 14:51:43
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : *** - ***-PC
# Gestarted von : C:\Users\***\Desktop\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\OCS

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VIS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v36.0.1 (x86 de)

[1ubr1awq.default-1423215999919\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

*************************

AdwCleaner[R0].txt - [1674 Bytes] - [20/03/2015 14:47:08]
AdwCleaner[S0].txt - [1555 Bytes] - [20/03/2015 14:51:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1614  Bytes] ##########
         
__________________

Alt 21.03.2015, 11:06   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    VIS


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




FRST öffnen, Haken setzen bei Addition und scannen ,poste bitte beide Logs.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.03.2015, 09:21   #5
zwn
 
PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Hallo Schrauber,

2 Dinge:

1. Beim Revo Uninstaller kann ich kein Programm mit dem Namen "VIS" finden. Wenn ich es in das Suchfeld eingebe, dann bekomme ich nur verschiedene Sachen von Microsoft angezeigt: "Microsoft Visual C++ ...." oder "Microsoft Visual Studio..."

2. Beim Neustarst nachdem ich das Logfile vom Scan mit AdwCleaner gepostet habe, bekam ich folgende Meldung: Neue Hardware gefunden. Treibersoftware für "Unbekanntes Gerät" muss installiert werden.

Ich habe hier erstmal auf "Später nachfragen" geklickt...


Alt 22.03.2015, 17:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Kannste von dem Hardware-Fenster mal einen Screenshot machen? Und bitte die frischen FRST logs posten
__________________
--> PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden

Alt 22.03.2015, 18:04   #7
zwn
 
PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Einen Screenshot kann ich leider nicht machen, denn komischerweise ist das Fenster bei zwei weiteren Neustarts nicht aufgetaucht...

Was ist mit der Tatsache, dass ich "VIS" beim Revo Uninstaller nicht finden kann?

Hier die neuen Logs:
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by *** (administrator) on ***-PC on 22-03-2015 17:55:04
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\ASUS\ATK Media\DMedia.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\P4P\P4P.exe
() C:\Windows\ASScrPro.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2008-02-01] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [PowerForPhone] => C:\Program Files\P4P\P4P.exe [778240 2008-01-26] ()
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-10] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\ASScrProlog.exe [37232 2008-07-10] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-01-19] ()
HKLM\...\Run: [BCSSync] => D:\Instalationsdateien\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [Amazon Music] => C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Instalationsdateien\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1227966909
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Homepage: hxxp://de-de.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\INSTAL~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\INSTAL~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-10-26] (Nullsoft, Inc.)
FF Extension: GMX MailCheck - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\toolbar@gmx.net [2015-03-03]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-06]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-03-12]
FF Extension: PHPNukeDE Toolbar - C:\Program Files\Mozilla Firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2015-03-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2007-09-26] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-04-23] (Samsung Electronics) [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 09:12 - 2015-03-22 09:12 - 00001024 _____ () C:\Users\***\Desktop\Revo Uninstaller.lnk
2015-03-22 09:12 - 2015-03-22 09:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-22 09:10 - 2015-03-22 09:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\***\Desktop\revosetup95.exe
2015-03-20 14:56 - 2015-03-20 14:56 - 00001682 _____ () C:\Users\***\Desktop\AdwCleaner bearbeitet.txt
2015-03-20 14:46 - 2015-03-20 14:51 - 00000000 ____D () C:\AdwCleaner
2015-03-20 14:45 - 2015-03-20 14:46 - 02171392 _____ () C:\Users\***\Desktop\AdwCleaner_4.112.exe
2015-03-20 11:55 - 2015-03-20 11:55 - 00005505 _____ () C:\Users\***\Desktop\Gmer bearbeitet.txt
2015-03-20 11:54 - 2015-03-20 11:54 - 00040448 _____ () C:\Users\***\Desktop\Addition bearbeitet.txt
2015-03-20 11:53 - 2015-03-20 11:53 - 00027532 _____ () C:\Users\***\Desktop\FRST bearbeitet.txt
2015-03-20 11:43 - 2015-03-20 11:43 - 00005508 _____ () C:\Users\***\Desktop\Gmer.txt
2015-03-20 11:21 - 2015-03-20 11:22 - 00040497 _____ () C:\Users\***\Desktop\Addition.txt
2015-03-20 11:20 - 2015-03-22 17:56 - 00015986 _____ () C:\Users\***\Desktop\FRST.txt
2015-03-20 11:20 - 2015-03-22 17:55 - 00000000 ____D () C:\FRST
2015-03-20 11:19 - 2015-03-20 11:19 - 00000474 _____ () C:\Users\***\Desktop\defogger_disable.log
2015-03-20 11:19 - 2015-03-20 11:19 - 00000000 _____ () C:\Users\***\defogger_reenable
2015-03-20 11:17 - 2015-03-20 11:18 - 00000000 ____D () C:\Users\***\Desktop\Avira log
2015-03-20 11:16 - 2015-03-20 11:16 - 00380416 _____ () C:\Users\***\Desktop\Gmer-19357.exe
2015-03-20 11:15 - 2015-03-20 11:15 - 01135104 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2015-03-20 11:13 - 2015-03-20 11:13 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2015-03-13 06:53 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 06:52 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 06:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 06:45 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 06:45 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 06:44 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 06:44 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 06:44 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 06:44 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 06:44 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 06:43 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 06:43 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-13 06:41 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 19:25 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 19:25 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 19:25 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 19:25 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 19:25 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 19:25 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 19:25 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 19:25 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 19:25 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 18:59 - 2015-03-12 18:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 09:50 - 2015-02-27 10:37 - 00000000 ____D () C:\Users\***\Desktop\Saghar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 17:55 - 2008-07-10 18:00 - 01853917 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 17:51 - 2014-12-11 18:59 - 00000000 ____D () C:\Users\***\AppData\Local\FreePDF_XP
2015-03-22 17:51 - 2014-05-10 12:04 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job
2015-03-22 17:51 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 17:51 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 17:51 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 17:49 - 2006-11-02 14:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-22 17:43 - 2013-01-23 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 17:41 - 2014-05-10 12:04 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job
2015-03-20 14:53 - 2008-07-10 19:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-20 11:48 - 2014-12-02 20:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 11:19 - 2008-10-16 21:36 - 00000000 ____D () C:\Users\***
2015-03-19 05:44 - 2012-09-28 11:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-17 06:04 - 2006-11-02 13:47 - 00377464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 06:51 - 2014-05-16 08:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 06:46 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-05 20:34 - 2012-10-17 20:13 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 14:43 - 2012-10-17 20:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 14:43 - 2012-10-17 20:13 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 16:43 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 03:23 - 2009-10-02 19:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2008-11-13 20:42 - 2014-05-02 18:48 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.001
2008-11-13 18:58 - 2014-05-01 11:45 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.dat
2008-12-07 14:21 - 2008-12-07 14:23 - 1279254 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081207.bmp
2008-12-11 20:20 - 2008-12-11 20:20 - 23970870 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081211.bmp
2010-05-21 09:18 - 2010-05-21 09:18 - 2560054 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20100521.bmp
2013-01-22 20:30 - 2013-01-22 20:37 - 42467382 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20130122.bmp
2013-11-03 20:46 - 2013-11-03 20:47 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20131103.bmp
2014-05-19 20:09 - 2014-05-19 20:09 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140519.bmp
2014-09-13 20:22 - 2014-09-13 20:27 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140913.bmp
2011-06-03 19:34 - 2015-01-15 06:48 - 0000680 _____ () C:\Users\***\AppData\Local\d3d9caps.dat
2008-10-18 14:56 - 2014-02-05 17:58 - 0049664 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-10 20:50 - 2011-09-19 11:54 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-05-02 21:07 - 2015-03-22 17:51 - 0176142 _____ () C:\ProgramData\nvModes.001
2014-05-02 21:06 - 2015-03-22 17:51 - 0176142 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\***\AppData\Local\temp\avgnt.exe
C:\Users\***\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\***\AppData\Local\temp\Quarantine.exe
C:\Users\***\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-22 17:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by *** at 2015-03-22 17:57:07
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS CopyProtect (HKLM\...\{2396F815-84E0-4353-83D7-8B190556DA42}) (Version: 1.00.0003 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS InstantFun (HKLM\...\{57B15AD4-8C9D-4164-82BB-E33D8644E757}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.6 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0004 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}) (Version: 1.02.0019 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 2.4.7.7 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0023 - ATK)
ATK Media (HKLM\...\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}) (Version:  - )
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.6 - ATK)
AudibleManager (HKLM\...\AudibleManager) (Version: 7559957.-2.2004512950.2004511964 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame PlugIn 3.96 APS  (HKLM\...\Audiograbber Lame PlugIn) (Version: 3.96 APS - )
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2830 - CyberLink Corp.)
Das Geheimnis des silbernen Ohrrings (HKLM\...\{4D6D0AA7-DD0E-47A8-BFCE-5A8E4E074CD0}) (Version: 1.00.0000 - Frogwares)
DEUTSCHLAND SPIELT GAME CENTER (HKLM\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
dm Fotowelt (HKLM\...\dm Fotowelt) (Version:  - )
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version:  - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Google Chrome Frame (HKLM\...\{7455D86F-5295-389C-AA29-18D2BDAF8DD8}) (Version: 65.169.102 - Google, Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2010 (HKLM\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 6.80.5.1 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
P4P (HKLM\...\{FC3D290D-79BE-44B7-ABF9-FDD110925930}) (Version: 1.0.0.17 - P4P)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sherlock Holmes (HKLM\...\Sherlock Holmes) (Version: 0.0.0.0 - INTENIUM GmbH)
Sherlock Holmes und der Hund der Baskervilles (HKLM\...\Sherlock Holmes und der Hund der Baskervilles) (Version: 1.0.0.0 - INTENIUM GmbH)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Total Video Converter 3.61 100319 (HKLM\...\Total Video Converter 3.61_is1) (Version:  - EffectMatrix Inc.)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
VLC media player 1.1.10 (HKLM\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Wartung Samsung CLP-620 Series (HKLM\...\Samsung CLP-620 Series) (Version:  - Samsung Electronics CO.,LTD)
Winamp (HKLM\...\Winamp) (Version: 5.622  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version:  - )
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
XnView 1.80 (HKLM\...\XnView_is1) (Version: 1.80 - Gougelet Pierre-e)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File

==================== Restore Points  =========================

03-03-2015 11:36:16 Windows Update
12-03-2015 19:22:19 Windows Update
13-03-2015 06:38:58 Windows Update
17-03-2015 06:29:16 Windows Update
22-03-2015 09:12:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2013-05-14 21:21 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION
Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288} - \{08C1F56F-088D-4C39-90C8-DC91FC840E23} No Task File <==== ATTENTION
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {181E6DDB-34B4-413B-BB3A-13569A47B47C} - \{C65372D3-A2AC-4846-B224-9DA52C853565} No Task File <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - \Microsoft\Windows\MobilePC\TMM No Task File <==== ATTENTION
Task: {1F4FCD5D-8ED2-4212-BDDA-6DC446BA43B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {23C4BEA3-5DAF-4A7D-A6CF-5237554F840E} - \{9FA2F356-D9B9-4379-BFB3-561836FACC41} No Task File <==== ATTENTION
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {30FF26BF-5D0E-4A0D-8E3A-74F448F3278C} - \{7DFD5A6F-BED3-4940-864C-795168F886B4} No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI No Task File <==== ATTENTION
Task: {357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {39B2AB48-552A-4DDD-89F6-BD28784C4795} - \User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B} No Task File <==== ATTENTION
Task: {3A17516A-C56F-4909-A45C-1E4EE8BE0837} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION
Task: {3BB5D87B-C851-4325-97B6-95E4EA1CBC61} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - \Microsoft\Windows\Shell\CrawlStartPages No Task File <==== ATTENTION
Task: {3C5B104F-A9EF-40F3-82A6-917E09DBB6B1} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {3CD7BF6C-F120-476E-AF84-851D43BDDEEE} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {42955E89-15F6-4B96-B803-8F10D491AF65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - \Microsoft\Windows\RAC\RACAgent No Task File <==== ATTENTION
Task: {48909068-64F9-4B29-8C14-6957F35923C3} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {4914F671-C936-43DC-99FF-FA6CEFA48631} - \{0C7F530A-D15D-4BE8-816A-B3F93F0750DB} No Task File <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {54F6CCFE-6C12-4522-A0F6-9DABAC751D2F} - \Microsoft\Windows\MUI\Mcbuilder No Task File <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - \Microsoft\Windows\Wired\GatherWiredInfo No Task File <==== ATTENTION
Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {61CFE991-4061-4219-8E70-0EDF343472E9} - \{9CC80E87-3310-4336-A010-8A18DC3F2535} No Task File <==== ATTENTION
Task: {6B91DF4F-7E1F-4AE8-820A-2FB331567D67} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {6BD37163-E955-4095-A64E-D09EB8917C21} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {6C041448-C69A-4D8B-A774-4F3948997407} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION
Task: {6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47} - \WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000 No Task File <==== ATTENTION
Task: {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {792493DE-3878-4323-B44D-F6F0C3562126} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
Task: {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
Task: {80EF5715-7C51-4381-AC78-AEEC32723C56} - \ASUS Live Update No Task File <==== ATTENTION
Task: {8352B580-641E-4BAD-89CA-3DCC243218D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION
Task: {89BC8B22-30CE-4893-9DC1-F51764E377F4} - \Microsoft\Windows\Tcpip\WSHReset No Task File <==== ATTENTION
Task: {90934D6D-B296-4720-9332-BBCE3BBAFAFE} - \{3A89627D-AE65-40F3-88A3-B9951A36F0A5} No Task File <==== ATTENTION
Task: {92C1E05D-0752-44C4-9541-E0311D8076F1} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {98AEA341-4C47-49D0-8C2D-FE77D5555D9A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION
Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification No Task File <==== ATTENTION
Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F} - \{B05EBB8C-D310-4191-A51D-C8E4B46199A1} No Task File <==== ATTENTION
Task: {C6CBFEC8-EF47-4B48-9718-3A4170F99600} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {D0181A7F-943E-4C95-81B0-B19DB84FAC6B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84} - \{0CD70452-7D35-4999-B126-2DCD7ABA619F} No Task File <==== ATTENTION
Task: {D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {D2D7C16D-D9DC-4982-A8C3-774722DEEB9F} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION
Task: {D8AB5B03-9FA1-497A-90C5-C11888682D07} - \{5320A76D-52E5-4D51-96BD-ABE6C59047C8} No Task File <==== ATTENTION
Task: {D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91} - \{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8} No Task File <==== ATTENTION
Task: {D913FE43-F22E-4EBD-880E-712ABDE8E828} - \{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B} No Task File <==== ATTENTION
Task: {DCF8CA49-10FE-40EA-A5B8-504B864BC698} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo No Task File <==== ATTENTION
Task: {E6031411-55F5-4DD3-B55A-CE322D523FA7} - \{CD11F57F-3271-4269-91B6-4BFCBC014426} No Task File <==== ATTENTION
Task: {E9D54BE1-CB20-4DFC-914B-4A2FA7C00403} - \Microsoft\Windows\MUI\Lpksetup No Task File <==== ATTENTION
Task: {EBC018B6-24B0-4279-98A5-0081A2EB83B1} - \{DE3B6822-025B-4A3E-8682-2116DC6AD7C4} No Task File <==== ATTENTION
Task: {EBF16443-B75E-45A5-BCBB-56B7BF614AF9} - \{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF} No Task File <==== ATTENTION
Task: {EFE3EA02-AD42-4B49-A996-BB3CFEE832BD} - \{0151438E-71FB-4644-9B9F-4D162F36262E} No Task File <==== ATTENTION
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {F81EF21C-F8FA-43AB-A6CB-C763D176EB75} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {FB297749-1051-4B6F-9D00-661A406EC721} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {FC6EE397-3ADC-4083-9CE2-6140F304DE98} - \{5C8A63CF-60C3-4332-99A4-8F60FFE0C241} No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2008-07-10 19:00 - 2007-05-18 10:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-07-10 18:53 - 2007-10-03 05:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-07-10 18:54 - 2007-08-08 08:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-12-11 18:57 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2012-05-20 13:08 - 2009-05-13 01:30 - 00026624 _____ () C:\Windows\System32\ssd2cl3.dll
2012-05-20 13:08 - 2009-09-04 09:59 - 00491520 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssd2cdu.dll
2008-07-10 19:00 - 2007-06-15 18:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-07-10 19:00 - 2007-06-02 01:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2011-12-13 11:54 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2008-07-10 19:00 - 2007-08-08 10:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-07-10 18:55 - 2007-10-18 03:04 - 07737344 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00061440 _____ () C:\Program Files\ASUS\ATK Media\DMedia.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00049152 _____ () C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll
2008-07-10 18:56 - 2006-10-25 23:37 - 00045056 _____ () C:\Program Files\ASUS\ATK Media\GERSTRING.dll
2008-07-10 19:17 - 2008-01-26 02:32 - 00778240 _____ () C:\Program Files\P4P\P4P.exe
2008-07-10 19:27 - 2008-07-10 19:27 - 00033136 _____ () C:\Windows\ASScrPro.exe
2012-05-20 13:07 - 2010-01-19 10:19 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2008-07-10 18:53 - 2004-05-28 02:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-07-10 18:57 - 2007-09-26 19:24 - 00147456 _____ () C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
2008-07-10 19:03 - 2007-07-06 00:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-10 19:11 - 2007-07-10 06:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2014-12-03 21:41 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
2008-07-10 18:53 - 2007-08-08 19:03 - 02441216 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-07-10 18:53 - 2007-08-15 19:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-07-10 18:53 - 2007-08-15 19:38 - 00147456 _____ () C:\Program Files\ATK Hotkey\WDC.exe
2008-07-10 19:08 - 2007-08-03 20:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-07-10 19:08 - 2007-09-14 18:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-07-10 19:08 - 2003-11-28 10:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-07-10 19:08 - 2005-08-29 23:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-07-10 19:08 - 2003-09-10 00:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-07-10 19:08 - 2006-04-04 18:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-07-10 19:08 - 2005-04-08 03:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2795298741-2112087132-3505275501-500 - Administrator - Disabled)
Gast (S-1-5-21-2795298741-2112087132-3505275501-501 - Limited - Enabled) => C:\Users\Gast
*** (S-1-5-21-2795298741-2112087132-3505275501-1000 - Administrator - Enabled) => C:\Users\***

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2015 05:52:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2015 05:45:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-BADBINURL-SHAVAR.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/22/2015 09:10:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/22/2015 09:10:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/22/2015 08:59:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 02:54:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 02:44:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (03/22/2015 05:52:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/22/2015 05:45:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/22/2015 08:59:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/20/2015 02:54:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/20/2015 02:41:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/20/2015 06:11:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/19/2015 05:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/17/2015 06:05:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/12/2015 06:55:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/12/2015 06:54:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.03.2015 um 18:51:41 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (03/22/2015 05:52:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2015 05:45:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.PSET

Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET

Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-BADBINURL-SHAVAR.PSET

Error: (03/22/2015 09:10:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK

Error: (03/22/2015 09:10:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK

Error: (03/22/2015 08:59:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 02:54:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 02:44:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.SBSTORE


CodeIntegrity Errors:
===================================
  Date: 2015-03-20 10:50:32.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:31.749
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:31.218
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:30.594
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:29.877
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:29.331
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:28.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:28.223
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:42:40.756
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:42:40.199
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 38%
Total physical RAM: 3070.29 MB
Available physical RAM: 1900.27 MB
Total Pagefile: 6342.85 MB
Available Pagefile: 5085.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.22 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:11.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:70.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8D1C393D)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106.7 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
--- --- ---

Geändert von zwn (22.03.2015 um 18:10 Uhr)

Alt 23.03.2015, 09:23   #8
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



VIS wurde schon von AdwCleaner gekillt

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION

Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION

Task: {08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288} - \{08C1F56F-088D-4C39-90C8-DC91FC840E23} No Task File <==== ATTENTION

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION

Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION

Task: {181E6DDB-34B4-413B-BB3A-13569A47B47C} - \{C65372D3-A2AC-4846-B224-9DA52C853565} No Task File <==== ATTENTION

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - \Microsoft\Windows\MobilePC\TMM No Task File <==== ATTENTION

Task: {23C4BEA3-5DAF-4A7D-A6CF-5237554F840E} - \{9FA2F356-D9B9-4379-BFB3-561836FACC41} No Task File <==== ATTENTION

Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION

Task: {30FF26BF-5D0E-4A0D-8E3A-74F448F3278C} - \{7DFD5A6F-BED3-4940-864C-795168F886B4} No Task File <==== ATTENTION

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI No Task File <==== ATTENTION

Task: {357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION

Task: {39B2AB48-552A-4DDD-89F6-BD28784C4795} - \User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B} No Task File <==== ATTENTION

Task: {3A17516A-C56F-4909-A45C-1E4EE8BE0837} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION

Task: {3BB5D87B-C851-4325-97B6-95E4EA1CBC61} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - \Microsoft\Windows\Shell\CrawlStartPages No Task File <==== ATTENTION

Task: {3C5B104F-A9EF-40F3-82A6-917E09DBB6B1} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION

Task: {3CD7BF6C-F120-476E-AF84-851D43BDDEEE} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION

Task: {42955E89-15F6-4B96-B803-8F10D491AF65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - \Microsoft\Windows\RAC\RACAgent No Task File <==== ATTENTION

Task: {48909068-64F9-4B29-8C14-6957F35923C3} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION

Task: {4914F671-C936-43DC-99FF-FA6CEFA48631} - \{0C7F530A-D15D-4BE8-816A-B3F93F0750DB} No Task File <==== ATTENTION

Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION

Task: {54F6CCFE-6C12-4522-A0F6-9DABAC751D2F} - \Microsoft\Windows\MUI\Mcbuilder No Task File <==== ATTENTION

Task: {561375CB-FF5A-417B-B297-BA73DE149581} - \Microsoft\Windows\Wired\GatherWiredInfo No Task File <==== ATTENTION

Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION

Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION

Task: {61CFE991-4061-4219-8E70-0EDF343472E9} - \{9CC80E87-3310-4336-A010-8A18DC3F2535} No Task File <==== ATTENTION

Task: {6B91DF4F-7E1F-4AE8-820A-2FB331567D67} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION

Task: {6BD37163-E955-4095-A64E-D09EB8917C21} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION

Task: {6C041448-C69A-4D8B-A774-4F3948997407} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION

Task: {6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47} - \WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000 No Task File <==== ATTENTION

Task: {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION

Task: {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION

Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION

Task: {792493DE-3878-4323-B44D-F6F0C3562126} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION

Task: {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION

Task: {80EF5715-7C51-4381-AC78-AEEC32723C56} - \ASUS Live Update No Task File <==== ATTENTION

Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION

Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION

Task: {89BC8B22-30CE-4893-9DC1-F51764E377F4} - \Microsoft\Windows\Tcpip\WSHReset No Task File <==== ATTENTION

Task: {90934D6D-B296-4720-9332-BBCE3BBAFAFE} - \{3A89627D-AE65-40F3-88A3-B9951A36F0A5} No Task File <==== ATTENTION

Task: {92C1E05D-0752-44C4-9541-E0311D8076F1} - \Adobe Flash Player Updater No Task File <==== ATTENTION

Task: {98AEA341-4C47-49D0-8C2D-FE77D5555D9A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION

Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION

Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION

Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification No Task File <==== ATTENTION

Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION

Task: {C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F} - \{B05EBB8C-D310-4191-A51D-C8E4B46199A1} No Task File <==== ATTENTION

Task: {C6CBFEC8-EF47-4B48-9718-3A4170F99600} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION

Task: {D0181A7F-943E-4C95-81B0-B19DB84FAC6B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION

Task: {D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84} - \{0CD70452-7D35-4999-B126-2DCD7ABA619F} No Task File <==== ATTENTION

Task: {D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION

Task: {D2D7C16D-D9DC-4982-A8C3-774722DEEB9F} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION

Task: {D8AB5B03-9FA1-497A-90C5-C11888682D07} - \{5320A76D-52E5-4D51-96BD-ABE6C59047C8} No Task File <==== ATTENTION

Task: {D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91} - \{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8} No Task File <==== ATTENTION

Task: {D913FE43-F22E-4EBD-880E-712ABDE8E828} - \{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B} No Task File <==== ATTENTION

Task: {DCF8CA49-10FE-40EA-A5B8-504B864BC698} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo No Task File <==== ATTENTION

Task: {E6031411-55F5-4DD3-B55A-CE322D523FA7} - \{CD11F57F-3271-4269-91B6-4BFCBC014426} No Task File <==== ATTENTION

Task: {E9D54BE1-CB20-4DFC-914B-4A2FA7C00403} - \Microsoft\Windows\MUI\Lpksetup No Task File <==== ATTENTION

Task: {EBC018B6-24B0-4279-98A5-0081A2EB83B1} - \{DE3B6822-025B-4A3E-8682-2116DC6AD7C4} No Task File <==== ATTENTION

Task: {EBF16443-B75E-45A5-BCBB-56B7BF614AF9} - \{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF} No Task File <==== ATTENTION

Task: {EFE3EA02-AD42-4B49-A996-BB3CFEE832BD} - \{0151438E-71FB-4644-9B9F-4D162F36262E} No Task File <==== ATTENTION

Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION

Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION

Task: {FC6EE397-3ADC-4083-9CE2-6140F304DE98} - \{5C8A63CF-60C3-4332-99A4-8F60FFE0C241} No Task File <==== ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.03.2015, 13:09   #9
zwn
 
PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Hi Schrauber, nach dem Fix kam eine Fehlermeldung. Der Screenshot ist angehängt.

Leider ist der Laptop beim ersten Fix zwischendruch ausgegangen, weshalb ich ihn neustarten musste. Habe den Fix dann nochmal gestartet. Hier sind die Beiden Logs:

1:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by *** at 2015-03-23 10:56:10 Run:1
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Gast)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION

Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION

Task: {08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288} - \{08C1F56F-088D-4C39-90C8-DC91FC840E23} No Task File <==== ATTENTION

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION

Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION

Task: {181E6DDB-34B4-413B-BB3A-13569A47B47C} - \{C65372D3-A2AC-4846-B224-9DA52C853565} No Task File <==== ATTENTION

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - \Microsoft\Windows\MobilePC\TMM No Task File <==== ATTENTION

Task: {23C4BEA3-5DAF-4A7D-A6CF-5237554F840E} - \{9FA2F356-D9B9-4379-BFB3-561836FACC41} No Task File <==== ATTENTION

Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION

Task: {30FF26BF-5D0E-4A0D-8E3A-74F448F3278C} - \{7DFD5A6F-BED3-4940-864C-795168F886B4} No Task File <==== ATTENTION

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI No Task File <==== ATTENTION

Task: {357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION

Task: {39B2AB48-552A-4DDD-89F6-BD28784C4795} - \User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B} No Task File <==== ATTENTION

Task: {3A17516A-C56F-4909-A45C-1E4EE8BE0837} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION

Task: {3BB5D87B-C851-4325-97B6-95E4EA1CBC61} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - \Microsoft\Windows\Shell\CrawlStartPages No Task File <==== ATTENTION

Task: {3C5B104F-A9EF-40F3-82A6-917E09DBB6B1} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION

Task: {3CD7BF6C-F120-476E-AF84-851D43BDDEEE} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION

Task: {42955E89-15F6-4B96-B803-8F10D491AF65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - \Microsoft\Windows\RAC\RACAgent No Task File <==== ATTENTION

Task: {48909068-64F9-4B29-8C14-6957F35923C3} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION

Task: {4914F671-C936-43DC-99FF-FA6CEFA48631} - \{0C7F530A-D15D-4BE8-816A-B3F93F0750DB} No Task File <==== ATTENTION

Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION

Task: {54F6CCFE-6C12-4522-A0F6-9DABAC751D2F} - \Microsoft\Windows\MUI\Mcbuilder No Task File <==== ATTENTION

Task: {561375CB-FF5A-417B-B297-BA73DE149581} - \Microsoft\Windows\Wired\GatherWiredInfo No Task File <==== ATTENTION

Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION

Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION

Task: {61CFE991-4061-4219-8E70-0EDF343472E9} - \{9CC80E87-3310-4336-A010-8A18DC3F2535} No Task File <==== ATTENTION

Task: {6B91DF4F-7E1F-4AE8-820A-2FB331567D67} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION

Task: {6BD37163-E955-4095-A64E-D09EB8917C21} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION

Task: {6C041448-C69A-4D8B-A774-4F3948997407} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION

Task: {6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47} - \WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000 No Task File <==== ATTENTION

Task: {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION

Task: {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION

Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION

Task: {792493DE-3878-4323-B44D-F6F0C3562126} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION

Task: {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION

Task: {80EF5715-7C51-4381-AC78-AEEC32723C56} - \ASUS Live Update No Task File <==== ATTENTION

Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION

Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION

Task: {89BC8B22-30CE-4893-9DC1-F51764E377F4} - \Microsoft\Windows\Tcpip\WSHReset No Task File <==== ATTENTION

Task: {90934D6D-B296-4720-9332-BBCE3BBAFAFE} - \{3A89627D-AE65-40F3-88A3-B9951A36F0A5} No Task File <==== ATTENTION

Task: {92C1E05D-0752-44C4-9541-E0311D8076F1} - \Adobe Flash Player Updater No Task File <==== ATTENTION

Task: {98AEA341-4C47-49D0-8C2D-FE77D5555D9A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION

Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION

Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION

Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification No Task File <==== ATTENTION

Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION

Task: {C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F} - \{B05EBB8C-D310-4191-A51D-C8E4B46199A1} No Task File <==== ATTENTION

Task: {C6CBFEC8-EF47-4B48-9718-3A4170F99600} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION

Task: {D0181A7F-943E-4C95-81B0-B19DB84FAC6B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION

Task: {D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84} - \{0CD70452-7D35-4999-B126-2DCD7ABA619F} No Task File <==== ATTENTION

Task: {D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION

Task: {D2D7C16D-D9DC-4982-A8C3-774722DEEB9F} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION

Task: {D8AB5B03-9FA1-497A-90C5-C11888682D07} - \{5320A76D-52E5-4D51-96BD-ABE6C59047C8} No Task File <==== ATTENTION

Task: {D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91} - \{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8} No Task File <==== ATTENTION

Task: {D913FE43-F22E-4EBD-880E-712ABDE8E828} - \{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B} No Task File <==== ATTENTION

Task: {DCF8CA49-10FE-40EA-A5B8-504B864BC698} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo No Task File <==== ATTENTION

Task: {E6031411-55F5-4DD3-B55A-CE322D523FA7} - \{CD11F57F-3271-4269-91B6-4BFCBC014426} No Task File <==== ATTENTION

Task: {E9D54BE1-CB20-4DFC-914B-4A2FA7C00403} - \Microsoft\Windows\MUI\Lpksetup No Task File <==== ATTENTION

Task: {EBC018B6-24B0-4279-98A5-0081A2EB83B1} - \{DE3B6822-025B-4A3E-8682-2116DC6AD7C4} No Task File <==== ATTENTION

Task: {EBF16443-B75E-45A5-BCBB-56B7BF614AF9} - \{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF} No Task File <==== ATTENTION

Task: {EFE3EA02-AD42-4B49-A996-BB3CFEE832BD} - \{0151438E-71FB-4644-9B9F-4D162F36262E} No Task File <==== ATTENTION

Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION

Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION

Task: {FC6EE397-3ADC-4083-9CE2-6140F304DE98} - \{5C8A63CF-60C3-4332-99A4-8F60FFE0C241} No Task File <==== ATTENTION
Emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{08C1F56F-088D-4C39-90C8-DC91FC840E23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\QueueReporting" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{181E6DDB-34B4-413B-BB3A-13569A47B47C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{181E6DDB-34B4-413B-BB3A-13569A47B47C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C65372D3-A2AC-4846-B224-9DA52C853565}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CC81347-6204-4B83-900C-01E02F50F067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC81347-6204-4B83-900C-01E02F50F067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C4BEA3-5DAF-4A7D-A6CF-5237554F840E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C4BEA3-5DAF-4A7D-A6CF-5237554F840E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9FA2F356-D9B9-4379-BFB3-561836FACC41}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FDBDC47-7148-49DB-9D32-32E6A003C996}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FDBDC47-7148-49DB-9D32-32E6A003C996}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30FF26BF-5D0E-4A0D-8E3A-74F448F3278C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30FF26BF-5D0E-4A0D-8E3A-74F448F3278C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DFD5A6F-BED3-4940-864C-795168F886B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{320124A7-D70F-41DE-A9D1-D5E8E19D5D91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320124A7-D70F-41DE-A9D1-D5E8E19D5D91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39B2AB48-552A-4DDD-89F6-BD28784C4795}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B2AB48-552A-4DDD-89F6-BD28784C4795}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A17516A-C56F-4909-A45C-1E4EE8BE0837}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A17516A-C56F-4909-A45C-1E4EE8BE0837}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ManualDefrag" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C5B104F-A9EF-40F3-82A6-917E09DBB6B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C5B104F-A9EF-40F3-82A6-917E09DBB6B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42955E89-15F6-4B96-B803-8F10D491AF65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42955E89-15F6-4B96-B803-8F10D491AF65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48909068-64F9-4B29-8C14-6957F35923C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48909068-64F9-4B29-8C14-6957F35923C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4914F671-C936-43DC-99FF-FA6CEFA48631}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4914F671-C936-43DC-99FF-FA6CEFA48631}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C7F530A-D15D-4BE8-816A-B3F93F0750DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth\UninstallDeviceTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54F6CCFE-6C12-4522-A0F6-9DABAC751D2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54F6CCFE-6C12-4522-A0F6-9DABAC751D2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\Mcbuilder" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561375CB-FF5A-417B-B297-BA73DE149581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561375CB-FF5A-417B-B297-BA73DE149581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired\GatherWiredInfo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57030356-4699-4E1F-9939-F9D4460CD4DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57030356-4699-4E1F-9939-F9D4460CD4DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5936C79A-731F-4716-BE59-35B58194ECE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5936C79A-731F-4716-BE59-35B58194ECE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61CFE991-4061-4219-8E70-0EDF343472E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61CFE991-4061-4219-8E70-0EDF343472E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9CC80E87-3310-4336-A010-8A18DC3F2535}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BD37163-E955-4095-A64E-D09EB8917C21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BD37163-E955-4095-A64E-D09EB8917C21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Signature Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C041448-C69A-4D8B-A774-4F3948997407}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C041448-C69A-4D8B-A774-4F3948997407}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask-Roam" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SystemSoundsService" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78DABEC8-68B8-4590-81BD-4532D98F07C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78DABEC8-68B8-4590-81BD-4532D98F07C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{792493DE-3878-4323-B44D-F6F0C3562126}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{792493DE-3878-4323-B44D-F6F0C3562126}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\SystemTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80EF5715-7C51-4381-AC78-AEEC32723C56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80EF5715-7C51-4381-AC78-AEEC32723C56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89194558-47E7-4A9E-B507-6C91CE4E6504}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89194558-47E7-4A9E-B507-6C91CE4E6504}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89BC8B22-30CE-4893-9DC1-F51764E377F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89BC8B22-30CE-4893-9DC1-F51764E377F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\WSHReset" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90934D6D-B296-4720-9332-BBCE3BBAFAFE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90934D6D-B296-4720-9332-BBCE3BBAFAFE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3A89627D-AE65-40F3-88A3-B9951A36F0A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92C1E05D-0752-44C4-9541-E0311D8076F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92C1E05D-0752-44C4-9541-E0311D8076F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98AEA341-4C47-49D0-8C2D-FE77D5555D9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98AEA341-4C47-49D0-8C2D-FE77D5555D9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99B9521C-F109-4B7B-BDDF-99CF656525E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99B9521C-F109-4B7B-BDDF-99CF656525E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ScheduledDefrag" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore\SR" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A61555D3-7840-45C1-A5A9-0D49851DE37A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61555D3-7840-45C1-A5A9-0D49851DE37A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B05EBB8C-D310-4191-A51D-C8E4B46199A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0181A7F-943E-4C95-81B0-B19DB84FAC6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0181A7F-943E-4C95-81B0-B19DB84FAC6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0CD70452-7D35-4999-B126-2DCD7ABA619F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2D7C16D-D9DC-4982-A8C3-774722DEEB9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2D7C16D-D9DC-4982-A8C3-774722DEEB9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS SmartLogon Console Sensor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8AB5B03-9FA1-497A-90C5-C11888682D07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8AB5B03-9FA1-497A-90C5-C11888682D07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5320A76D-52E5-4D51-96BD-ABE6C59047C8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D913FE43-F22E-4EBD-880E-712ABDE8E828}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D913FE43-F22E-4EBD-880E-712ABDE8E828}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework\MsCtfMonitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6031411-55F5-4DD3-B55A-CE322D523FA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6031411-55F5-4DD3-B55A-CE322D523FA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD11F57F-3271-4269-91B6-4BFCBC014426}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E9D54BE1-CB20-4DFC-914B-4A2FA7C00403}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D54BE1-CB20-4DFC-914B-4A2FA7C00403}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\Lpksetup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBC018B6-24B0-4279-98A5-0081A2EB83B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBC018B6-24B0-4279-98A5-0081A2EB83B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE3B6822-025B-4A3E-8682-2116DC6AD7C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBF16443-B75E-45A5-BCBB-56B7BF614AF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF16443-B75E-45A5-BCBB-56B7BF614AF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE3EA02-AD42-4B49-A996-BB3CFEE832BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE3EA02-AD42-4B49-A996-BB3CFEE832BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0151438E-71FB-4644-9B9F-4D162F36262E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8D6E476-24FE-4649-A4D7-985706B29128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D6E476-24FE-4649-A4D7-985706B29128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC6EE397-3ADC-4083-9CE2-6140F304DE98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC6EE397-3ADC-4083-9CE2-6140F304DE98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5C8A63CF-60C3-4332-99A4-8F60FFE0C241}" => Key deleted successfully.
         
2:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by *** at 2015-03-23 11:00:11 Run:2
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Gast)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION

Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION

Task: {08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288} - \{08C1F56F-088D-4C39-90C8-DC91FC840E23} No Task File <==== ATTENTION

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION

Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION

Task: {181E6DDB-34B4-413B-BB3A-13569A47B47C} - \{C65372D3-A2AC-4846-B224-9DA52C853565} No Task File <==== ATTENTION

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - \Microsoft\Windows\MobilePC\TMM No Task File <==== ATTENTION

Task: {23C4BEA3-5DAF-4A7D-A6CF-5237554F840E} - \{9FA2F356-D9B9-4379-BFB3-561836FACC41} No Task File <==== ATTENTION

Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION

Task: {30FF26BF-5D0E-4A0D-8E3A-74F448F3278C} - \{7DFD5A6F-BED3-4940-864C-795168F886B4} No Task File <==== ATTENTION

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI No Task File <==== ATTENTION

Task: {357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION

Task: {39B2AB48-552A-4DDD-89F6-BD28784C4795} - \User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B} No Task File <==== ATTENTION

Task: {3A17516A-C56F-4909-A45C-1E4EE8BE0837} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION

Task: {3BB5D87B-C851-4325-97B6-95E4EA1CBC61} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - \Microsoft\Windows\Shell\CrawlStartPages No Task File <==== ATTENTION

Task: {3C5B104F-A9EF-40F3-82A6-917E09DBB6B1} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION

Task: {3CD7BF6C-F120-476E-AF84-851D43BDDEEE} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION

Task: {42955E89-15F6-4B96-B803-8F10D491AF65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - \Microsoft\Windows\RAC\RACAgent No Task File <==== ATTENTION

Task: {48909068-64F9-4B29-8C14-6957F35923C3} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION

Task: {4914F671-C936-43DC-99FF-FA6CEFA48631} - \{0C7F530A-D15D-4BE8-816A-B3F93F0750DB} No Task File <==== ATTENTION

Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION

Task: {54F6CCFE-6C12-4522-A0F6-9DABAC751D2F} - \Microsoft\Windows\MUI\Mcbuilder No Task File <==== ATTENTION

Task: {561375CB-FF5A-417B-B297-BA73DE149581} - \Microsoft\Windows\Wired\GatherWiredInfo No Task File <==== ATTENTION

Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION

Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION

Task: {61CFE991-4061-4219-8E70-0EDF343472E9} - \{9CC80E87-3310-4336-A010-8A18DC3F2535} No Task File <==== ATTENTION

Task: {6B91DF4F-7E1F-4AE8-820A-2FB331567D67} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION

Task: {6BD37163-E955-4095-A64E-D09EB8917C21} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION

Task: {6C041448-C69A-4D8B-A774-4F3948997407} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION

Task: {6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47} - \WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000 No Task File <==== ATTENTION

Task: {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION

Task: {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION

Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION

Task: {792493DE-3878-4323-B44D-F6F0C3562126} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION

Task: {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION

Task: {80EF5715-7C51-4381-AC78-AEEC32723C56} - \ASUS Live Update No Task File <==== ATTENTION

Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION

Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION

Task: {89BC8B22-30CE-4893-9DC1-F51764E377F4} - \Microsoft\Windows\Tcpip\WSHReset No Task File <==== ATTENTION

Task: {90934D6D-B296-4720-9332-BBCE3BBAFAFE} - \{3A89627D-AE65-40F3-88A3-B9951A36F0A5} No Task File <==== ATTENTION

Task: {92C1E05D-0752-44C4-9541-E0311D8076F1} - \Adobe Flash Player Updater No Task File <==== ATTENTION

Task: {98AEA341-4C47-49D0-8C2D-FE77D5555D9A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION

Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION

Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION

Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification No Task File <==== ATTENTION

Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION

Task: {C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F} - \{B05EBB8C-D310-4191-A51D-C8E4B46199A1} No Task File <==== ATTENTION

Task: {C6CBFEC8-EF47-4B48-9718-3A4170F99600} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION

Task: {D0181A7F-943E-4C95-81B0-B19DB84FAC6B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION

Task: {D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84} - \{0CD70452-7D35-4999-B126-2DCD7ABA619F} No Task File <==== ATTENTION

Task: {D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION

Task: {D2D7C16D-D9DC-4982-A8C3-774722DEEB9F} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION

Task: {D8AB5B03-9FA1-497A-90C5-C11888682D07} - \{5320A76D-52E5-4D51-96BD-ABE6C59047C8} No Task File <==== ATTENTION

Task: {D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91} - \{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8} No Task File <==== ATTENTION

Task: {D913FE43-F22E-4EBD-880E-712ABDE8E828} - \{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B} No Task File <==== ATTENTION

Task: {DCF8CA49-10FE-40EA-A5B8-504B864BC698} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo No Task File <==== ATTENTION

Task: {E6031411-55F5-4DD3-B55A-CE322D523FA7} - \{CD11F57F-3271-4269-91B6-4BFCBC014426} No Task File <==== ATTENTION

Task: {E9D54BE1-CB20-4DFC-914B-4A2FA7C00403} - \Microsoft\Windows\MUI\Lpksetup No Task File <==== ATTENTION

Task: {EBC018B6-24B0-4279-98A5-0081A2EB83B1} - \{DE3B6822-025B-4A3E-8682-2116DC6AD7C4} No Task File <==== ATTENTION

Task: {EBF16443-B75E-45A5-BCBB-56B7BF614AF9} - \{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF} No Task File <==== ATTENTION

Task: {EFE3EA02-AD42-4B49-A996-BB3CFEE832BD} - \{0151438E-71FB-4644-9B9F-4D162F36262E} No Task File <==== ATTENTION

Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION

Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION

Task: {FC6EE397-3ADC-4083-9CE2-6140F304DE98} - \{5C8A63CF-60C3-4332-99A4-8F60FFE0C241} No Task File <==== ATTENTION
Emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{08C1F56F-088D-4C39-90C8-DC91FC840E23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\QueueReporting" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{181E6DDB-34B4-413B-BB3A-13569A47B47C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{181E6DDB-34B4-413B-BB3A-13569A47B47C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C65372D3-A2AC-4846-B224-9DA52C853565}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CC81347-6204-4B83-900C-01E02F50F067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC81347-6204-4B83-900C-01E02F50F067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C4BEA3-5DAF-4A7D-A6CF-5237554F840E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C4BEA3-5DAF-4A7D-A6CF-5237554F840E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9FA2F356-D9B9-4379-BFB3-561836FACC41}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FDBDC47-7148-49DB-9D32-32E6A003C996}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FDBDC47-7148-49DB-9D32-32E6A003C996}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30FF26BF-5D0E-4A0D-8E3A-74F448F3278C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30FF26BF-5D0E-4A0D-8E3A-74F448F3278C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DFD5A6F-BED3-4940-864C-795168F886B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{320124A7-D70F-41DE-A9D1-D5E8E19D5D91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320124A7-D70F-41DE-A9D1-D5E8E19D5D91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39B2AB48-552A-4DDD-89F6-BD28784C4795}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B2AB48-552A-4DDD-89F6-BD28784C4795}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A17516A-C56F-4909-A45C-1E4EE8BE0837}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A17516A-C56F-4909-A45C-1E4EE8BE0837}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ManualDefrag" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C5B104F-A9EF-40F3-82A6-917E09DBB6B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C5B104F-A9EF-40F3-82A6-917E09DBB6B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42955E89-15F6-4B96-B803-8F10D491AF65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42955E89-15F6-4B96-B803-8F10D491AF65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48909068-64F9-4B29-8C14-6957F35923C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48909068-64F9-4B29-8C14-6957F35923C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4914F671-C936-43DC-99FF-FA6CEFA48631}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4914F671-C936-43DC-99FF-FA6CEFA48631}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C7F530A-D15D-4BE8-816A-B3F93F0750DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth\UninstallDeviceTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54F6CCFE-6C12-4522-A0F6-9DABAC751D2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54F6CCFE-6C12-4522-A0F6-9DABAC751D2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\Mcbuilder" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561375CB-FF5A-417B-B297-BA73DE149581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561375CB-FF5A-417B-B297-BA73DE149581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired\GatherWiredInfo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57030356-4699-4E1F-9939-F9D4460CD4DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57030356-4699-4E1F-9939-F9D4460CD4DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5936C79A-731F-4716-BE59-35B58194ECE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5936C79A-731F-4716-BE59-35B58194ECE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61CFE991-4061-4219-8E70-0EDF343472E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61CFE991-4061-4219-8E70-0EDF343472E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9CC80E87-3310-4336-A010-8A18DC3F2535}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BD37163-E955-4095-A64E-D09EB8917C21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BD37163-E955-4095-A64E-D09EB8917C21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Signature Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C041448-C69A-4D8B-A774-4F3948997407}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C041448-C69A-4D8B-A774-4F3948997407}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask-Roam" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SystemSoundsService" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78DABEC8-68B8-4590-81BD-4532D98F07C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78DABEC8-68B8-4590-81BD-4532D98F07C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{792493DE-3878-4323-B44D-F6F0C3562126}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{792493DE-3878-4323-B44D-F6F0C3562126}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\SystemTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80EF5715-7C51-4381-AC78-AEEC32723C56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80EF5715-7C51-4381-AC78-AEEC32723C56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89194558-47E7-4A9E-B507-6C91CE4E6504}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89194558-47E7-4A9E-B507-6C91CE4E6504}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89BC8B22-30CE-4893-9DC1-F51764E377F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89BC8B22-30CE-4893-9DC1-F51764E377F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\WSHReset" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90934D6D-B296-4720-9332-BBCE3BBAFAFE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90934D6D-B296-4720-9332-BBCE3BBAFAFE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3A89627D-AE65-40F3-88A3-B9951A36F0A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92C1E05D-0752-44C4-9541-E0311D8076F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92C1E05D-0752-44C4-9541-E0311D8076F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98AEA341-4C47-49D0-8C2D-FE77D5555D9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98AEA341-4C47-49D0-8C2D-FE77D5555D9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99B9521C-F109-4B7B-BDDF-99CF656525E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99B9521C-F109-4B7B-BDDF-99CF656525E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ScheduledDefrag" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore\SR" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A61555D3-7840-45C1-A5A9-0D49851DE37A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61555D3-7840-45C1-A5A9-0D49851DE37A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B05EBB8C-D310-4191-A51D-C8E4B46199A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0181A7F-943E-4C95-81B0-B19DB84FAC6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0181A7F-943E-4C95-81B0-B19DB84FAC6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0CD70452-7D35-4999-B126-2DCD7ABA619F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2D7C16D-D9DC-4982-A8C3-774722DEEB9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2D7C16D-D9DC-4982-A8C3-774722DEEB9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS SmartLogon Console Sensor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8AB5B03-9FA1-497A-90C5-C11888682D07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8AB5B03-9FA1-497A-90C5-C11888682D07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5320A76D-52E5-4D51-96BD-ABE6C59047C8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D913FE43-F22E-4EBD-880E-712ABDE8E828}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D913FE43-F22E-4EBD-880E-712ABDE8E828}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework\MsCtfMonitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6031411-55F5-4DD3-B55A-CE322D523FA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6031411-55F5-4DD3-B55A-CE322D523FA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD11F57F-3271-4269-91B6-4BFCBC014426}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E9D54BE1-CB20-4DFC-914B-4A2FA7C00403}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D54BE1-CB20-4DFC-914B-4A2FA7C00403}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\Lpksetup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBC018B6-24B0-4279-98A5-0081A2EB83B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBC018B6-24B0-4279-98A5-0081A2EB83B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE3B6822-025B-4A3E-8682-2116DC6AD7C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBF16443-B75E-45A5-BCBB-56B7BF614AF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF16443-B75E-45A5-BCBB-56B7BF614AF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE3EA02-AD42-4B49-A996-BB3CFEE832BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE3EA02-AD42-4B49-A996-BB3CFEE832BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0151438E-71FB-4644-9B9F-4D162F36262E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8D6E476-24FE-4649-A4D7-985706B29128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D6E476-24FE-4649-A4D7-985706B29128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC6EE397-3ADC-4083-9CE2-6140F304DE98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC6EE397-3ADC-4083-9CE2-6140F304DE98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5C8A63CF-60C3-4332-99A4-8F60FFE0C241}" => Key deleted successfully.
EmptyTemp: => Removed 6.2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 11:02:07 ====
         
Dann das Log von ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c2d9db048d194944b190d5deeac70fff
# engine=23034
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-23 11:35:48
# local_time=2015-03-23 12:35:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 98152 264643276 0 0
# scanned=170247
# found=0
# cleaned=0
# scan_time=4447
         
und von SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.97  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.305  
 Adobe Reader 8 Adobe Reader out of Date! 
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox (36.0.4) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Miniaturansicht angehängter Grafiken
PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden-fehlermeldung-fix-frst.jpg  

Alt 23.03.2015, 20:12   #10
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Das frische FRST log bitte noch
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.03.2015, 22:22   #11
zwn
 
PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Ahhh, das habe ich glatt überlesen, sorry....


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by *** (administrator) on ***-PC on 23-03-2015 22:11:07
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\ASUS\ATK Media\DMedia.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\P4P\P4P.exe
() C:\Windows\ASScrPro.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2008-02-01] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [PowerForPhone] => C:\Program Files\P4P\P4P.exe [778240 2008-01-26] ()
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-10] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\ASScrProlog.exe [37232 2008-07-10] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-01-19] ()
HKLM\...\Run: [BCSSync] => D:\Instalationsdateien\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [Amazon Music] => C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Instalationsdateien\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1227966909
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Homepage: hxxp://de-de.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\INSTAL~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\INSTAL~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-10-26] (Nullsoft, Inc.)
FF Extension: GMX MailCheck - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\toolbar@gmx.net [2015-03-03]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-06]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-03-22]
FF Extension: PHPNukeDE Toolbar - C:\Program Files\Mozilla Firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2015-03-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2007-09-26] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-04-23] (Samsung Electronics) [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 12:49 - 2015-03-23 12:49 - 00852604 _____ () C:\Users\***\Desktop\SecurityCheck.exe
2015-03-23 11:16 - 2015-03-23 11:16 - 00000000 ____D () C:\Program Files\ESET
2015-03-23 11:14 - 2015-03-23 11:14 - 02347384 _____ (ESET) C:\Users\***\Desktop\esetsmartinstaller_deu.exe
2015-03-22 18:19 - 2015-03-22 18:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-22 18:00 - 2015-03-22 18:00 - 00038440 _____ () C:\Users\***\Desktop\Addition 2 bearbeitet.txt
2015-03-22 17:59 - 2015-03-22 17:59 - 00027053 _____ () C:\Users\***\Desktop\FRST 2 bearbeitet.txt
2015-03-22 09:12 - 2015-03-22 09:12 - 00001024 _____ () C:\Users\***\Desktop\Revo Uninstaller.lnk
2015-03-22 09:12 - 2015-03-22 09:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-22 09:10 - 2015-03-22 09:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\***\Desktop\revosetup95.exe
2015-03-20 14:56 - 2015-03-20 14:56 - 00001682 _____ () C:\Users\***\Desktop\AdwCleaner bearbeitet.txt
2015-03-20 14:46 - 2015-03-20 14:51 - 00000000 ____D () C:\AdwCleaner
2015-03-20 14:45 - 2015-03-20 14:46 - 02171392 _____ () C:\Users\***\Desktop\AdwCleaner_4.112.exe
2015-03-20 11:55 - 2015-03-20 11:55 - 00005505 _____ () C:\Users\***\Desktop\Gmer bearbeitet.txt
2015-03-20 11:54 - 2015-03-20 11:54 - 00040448 _____ () C:\Users\***\Desktop\Addition bearbeitet.txt
2015-03-20 11:53 - 2015-03-20 11:53 - 00027532 _____ () C:\Users\***\Desktop\FRST bearbeitet.txt
2015-03-20 11:43 - 2015-03-20 11:43 - 00005508 _____ () C:\Users\***\Desktop\Gmer.txt
2015-03-20 11:21 - 2015-03-22 17:58 - 00038490 _____ () C:\Users\***\Desktop\Addition.txt
2015-03-20 11:20 - 2015-03-23 22:12 - 00016043 _____ () C:\Users\***\Desktop\FRST.txt
2015-03-20 11:20 - 2015-03-23 22:11 - 00000000 ____D () C:\FRST
2015-03-20 11:19 - 2015-03-20 11:19 - 00000474 _____ () C:\Users\***\Desktop\defogger_disable.log
2015-03-20 11:19 - 2015-03-20 11:19 - 00000000 _____ () C:\Users\***\defogger_reenable
2015-03-20 11:17 - 2015-03-20 11:18 - 00000000 ____D () C:\Users\***\Desktop\Avira log
2015-03-20 11:16 - 2015-03-20 11:16 - 00380416 _____ () C:\Users\***\Desktop\Gmer-19357.exe
2015-03-20 11:15 - 2015-03-20 11:15 - 01135104 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2015-03-20 11:13 - 2015-03-20 11:13 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2015-03-13 06:53 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 06:52 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 06:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 06:45 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 06:45 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 06:44 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 06:44 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 06:44 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 06:44 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 06:44 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 06:43 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 06:43 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-13 06:41 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 19:25 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 19:25 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 19:25 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 19:25 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 19:25 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 19:25 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 19:25 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 19:25 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 19:25 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-27 09:50 - 2015-02-27 10:37 - 00000000 ____D () C:\Users\***\Desktop\Saghar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 22:10 - 2008-07-10 18:00 - 01889130 _____ () C:\Windows\WindowsUpdate.log
2015-03-23 22:06 - 2014-12-11 18:59 - 00000000 ____D () C:\Users\***\AppData\Local\FreePDF_XP
2015-03-23 22:05 - 2014-05-10 12:04 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job
2015-03-23 22:05 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 22:05 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-23 22:05 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-23 14:00 - 2006-11-02 14:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-23 13:05 - 2014-05-10 12:04 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job
2015-03-23 11:03 - 2008-07-10 19:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-23 10:56 - 2012-09-28 11:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-23 10:47 - 2013-01-23 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 11:48 - 2014-12-02 20:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 11:19 - 2008-10-16 21:36 - 00000000 ____D () C:\Users\***
2015-03-17 06:04 - 2006-11-02 13:47 - 00377464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 06:51 - 2014-05-16 08:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 06:46 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-05 20:34 - 2012-10-17 20:13 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 14:43 - 2012-10-17 20:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 14:43 - 2012-10-17 20:13 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 16:43 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 03:23 - 2009-10-02 19:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2008-11-13 20:42 - 2014-05-02 18:48 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.001
2008-11-13 18:58 - 2014-05-01 11:45 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.dat
2008-12-07 14:21 - 2008-12-07 14:23 - 1279254 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081207.bmp
2008-12-11 20:20 - 2008-12-11 20:20 - 23970870 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081211.bmp
2010-05-21 09:18 - 2010-05-21 09:18 - 2560054 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20100521.bmp
2013-01-22 20:30 - 2013-01-22 20:37 - 42467382 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20130122.bmp
2013-11-03 20:46 - 2013-11-03 20:47 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20131103.bmp
2014-05-19 20:09 - 2014-05-19 20:09 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140519.bmp
2014-09-13 20:22 - 2014-09-13 20:27 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140913.bmp
2011-06-03 19:34 - 2015-01-15 06:48 - 0000680 _____ () C:\Users\***\AppData\Local\d3d9caps.dat
2008-10-18 14:56 - 2014-02-05 17:58 - 0049664 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-10 20:50 - 2011-09-19 11:54 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-05-02 21:07 - 2015-03-23 22:06 - 0176142 _____ () C:\ProgramData\nvModes.001
2014-05-02 21:06 - 2015-03-23 22:06 - 0176142 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\***\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-23 22:12

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by *** at 2015-03-23 22:12:53
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS CopyProtect (HKLM\...\{2396F815-84E0-4353-83D7-8B190556DA42}) (Version: 1.00.0003 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS InstantFun (HKLM\...\{57B15AD4-8C9D-4164-82BB-E33D8644E757}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.6 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0004 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}) (Version: 1.02.0019 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 2.4.7.7 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0023 - ATK)
ATK Media (HKLM\...\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}) (Version:  - )
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.6 - ATK)
AudibleManager (HKLM\...\AudibleManager) (Version: 7559957.-2.2004512950.2004511964 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame PlugIn 3.96 APS  (HKLM\...\Audiograbber Lame PlugIn) (Version: 3.96 APS - )
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2830 - CyberLink Corp.)
Das Geheimnis des silbernen Ohrrings (HKLM\...\{4D6D0AA7-DD0E-47A8-BFCE-5A8E4E074CD0}) (Version: 1.00.0000 - Frogwares)
DEUTSCHLAND SPIELT GAME CENTER (HKLM\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
dm Fotowelt (HKLM\...\dm Fotowelt) (Version:  - )
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Google Chrome Frame (HKLM\...\{7455D86F-5295-389C-AA29-18D2BDAF8DD8}) (Version: 65.169.102 - Google, Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2010 (HKLM\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 6.80.5.1 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
P4P (HKLM\...\{FC3D290D-79BE-44B7-ABF9-FDD110925930}) (Version: 1.0.0.17 - P4P)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sherlock Holmes (HKLM\...\Sherlock Holmes) (Version: 0.0.0.0 - INTENIUM GmbH)
Sherlock Holmes und der Hund der Baskervilles (HKLM\...\Sherlock Holmes und der Hund der Baskervilles) (Version: 1.0.0.0 - INTENIUM GmbH)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Total Video Converter 3.61 100319 (HKLM\...\Total Video Converter 3.61_is1) (Version:  - EffectMatrix Inc.)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
VLC media player 1.1.10 (HKLM\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Wartung Samsung CLP-620 Series (HKLM\...\Samsung CLP-620 Series) (Version:  - Samsung Electronics CO.,LTD)
Winamp (HKLM\...\Winamp) (Version: 5.622  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version:  - )
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
XnView 1.80 (HKLM\...\XnView_is1) (Version: 1.80 - Gougelet Pierre-e)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File

==================== Restore Points  =========================

03-03-2015 11:36:16 Windows Update
12-03-2015 19:22:19 Windows Update
13-03-2015 06:38:58 Windows Update
17-03-2015 06:29:16 Windows Update
22-03-2015 09:12:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2013-05-14 21:21 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1F4FCD5D-8ED2-4212-BDDA-6DC446BA43B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8352B580-641E-4BAD-89CA-3DCC243218D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F81EF21C-F8FA-43AB-A6CB-C763D176EB75} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {FB297749-1051-4B6F-9D00-661A406EC721} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2008-07-10 19:00 - 2007-05-18 10:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-07-10 18:53 - 2007-10-03 05:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-07-10 18:54 - 2007-08-08 08:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-12-11 18:57 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2012-05-20 13:08 - 2009-05-13 01:30 - 00026624 _____ () C:\Windows\System32\ssd2cl3.dll
2012-05-20 13:08 - 2009-09-04 09:59 - 00491520 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssd2cdu.dll
2008-07-10 19:00 - 2007-06-15 18:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-07-10 19:00 - 2007-06-02 01:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2011-12-13 11:54 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2008-07-10 19:00 - 2007-08-08 10:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-07-10 18:55 - 2007-10-18 03:04 - 07737344 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00061440 _____ () C:\Program Files\ASUS\ATK Media\DMedia.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00049152 _____ () C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll
2008-07-10 18:56 - 2006-10-25 23:37 - 00045056 _____ () C:\Program Files\ASUS\ATK Media\GERSTRING.dll
2008-07-10 19:17 - 2008-01-26 02:32 - 00778240 _____ () C:\Program Files\P4P\P4P.exe
2008-07-10 19:27 - 2008-07-10 19:27 - 00033136 _____ () C:\Windows\ASScrPro.exe
2008-07-10 18:53 - 2004-05-28 02:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-07-10 18:57 - 2007-09-26 19:24 - 00147456 _____ () C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
2008-07-10 19:03 - 2007-07-06 00:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-10 19:11 - 2007-07-10 06:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2012-05-20 13:07 - 2010-01-19 10:19 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-12-03 21:41 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
2008-07-10 18:53 - 2007-08-08 19:03 - 02441216 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-07-10 18:53 - 2007-08-15 19:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-07-10 18:53 - 2007-08-15 19:38 - 00147456 _____ () C:\Program Files\ATK Hotkey\WDC.exe
2008-07-10 19:08 - 2007-08-03 20:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-07-10 19:08 - 2007-09-14 18:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-07-10 19:08 - 2003-11-28 10:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-07-10 19:08 - 2005-08-29 23:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-07-10 19:08 - 2003-09-10 00:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-07-10 19:08 - 2006-04-04 18:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-07-10 19:08 - 2005-04-08 03:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2795298741-2112087132-3505275501-500 - Administrator - Disabled)
Gast (S-1-5-21-2795298741-2112087132-3505275501-501 - Limited - Enabled) => C:\Users\Gast
*** (S-1-5-21-2795298741-2112087132-3505275501-1000 - Administrator - Enabled) => C:\Users\***

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2015 10:07:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2015 11:19:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 11:19:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 11:19:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 11:19:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 11:19:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 11:19:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 11:19:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 11:19:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 11:19:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (03/23/2015 10:07:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/23/2015 02:00:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (03/23/2015 02:00:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069RapiMgr{ED081F25-6A77-4C89-B689-C6E15C582EC1}

Error: (03/23/2015 01:59:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.03.2015 um 13:52:21 unerwartet heruntergefahren.

Error: (03/23/2015 11:12:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/23/2015 11:05:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/23/2015 10:58:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/23/2015 10:57:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.03.2015 um 10:56:08 unerwartet heruntergefahren.

Error: (03/23/2015 10:48:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (03/22/2015 05:52:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2


Microsoft Office Sessions:
=========================
Error: (03/23/2015 10:07:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2015 11:19:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.PSET

Error: (03/23/2015 11:19:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.PSET

Error: (03/23/2015 11:19:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.CACHE

Error: (03/23/2015 11:19:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.CACHE

Error: (03/23/2015 11:19:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.SBSTORE

Error: (03/23/2015 11:19:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.SBSTORE

Error: (03/23/2015 11:19:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET

Error: (03/23/2015 11:19:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET

Error: (03/23/2015 11:19:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.CACHE


CodeIntegrity Errors:
===================================
  Date: 2015-03-20 10:50:32.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:31.749
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:31.218
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:30.594
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:29.877
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:29.331
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:28.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:50:28.223
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:42:40.756
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-20 10:42:40.199
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 38%
Total physical RAM: 3070.29 MB
Available physical RAM: 1873.17 MB
Total Pagefile: 6346.85 MB
Available Pagefile: 5000.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.86 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:16.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:70.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8D1C393D)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106.7 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Abgesehen von der Fehlermeldung (die beim letzten Neustart auch nicht mehr aufgetaucht ist...) ist scheinbar alles in Ordnung. Und abgesehen von den Funden gab es ja auch keine Beeinträchtigung.

Könntest du mir vielleicht kurz knapp erklären worum es sich bei den Funden handelte? Das wäre sehr nett!

Alt 24.03.2015, 10:40   #12
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Das war alles nur Adware. Java und ADobe updaten.



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.03.2015, 14:39   #13
zwn
 
PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Alles klar.

Wenn ich den Adobe Reader aktualisieren will, dann kommt jedesmal die Meldung, dass bereits eine neuere Version installiert sei...

Alt 24.03.2015, 19:32   #14
schrauber
/// the machine
/// TB-Ausbilder
 

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Deinstalliere den Reader, installiere dann den aktuellen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.03.2015, 20:05   #15
zwn
 
PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Standard

PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden



Alles klar, das werde ich machen. Sollte es dennoch Probleme geben, dann melde ich mich nochmal.

Ansonsten vielen, vielen Dank für deine schnelle Hilfe und Beantwortung meiner Fragen!!!

Antwort

Themen zu PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden
converter, device driver, flash player, homepage, programm, pua/downloadsponsor.gen, pup.optional.bandoo, pup.optional.simplenewtab.a, registry, security, services.exe, software, svchost.exe, vis entfernen



Ähnliche Themen: PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden


  1. PUP.OPTIONAL.DOWNLOADPROTECT.A durch Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.08.2015 (8)
  2. PUP.Optional.APNToolBar.Gen und PUP.Optional.AskAPN.Gen von Malwarebytes gefunden
    Log-Analyse und Auswertung - 01.08.2015 (9)
  3. Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen
    Log-Analyse und Auswertung - 15.07.2015 (7)
  4. Avira hat PUA/DownloadSponsor.gen gefunden
    Log-Analyse und Auswertung - 13.03.2015 (9)
  5. AVIRA, AntiVir hat Virus PUA/DownloadSponsor.gen gefunden, diesen nun löschen
    Log-Analyse und Auswertung - 07.03.2015 (7)
  6. Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt.
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (6)
  7. Malwarebytes meldet PUP.Optional.Bundle und PUP.Optional.DownloadSponsor
    Log-Analyse und Auswertung - 16.10.2014 (7)
  8. Windows XP: Malwarebytes hat PUP.Optional.OpenCandy gefunden
    Log-Analyse und Auswertung - 28.07.2014 (3)
  9. WIN 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (10)
  10. PUP.Optional.OpenCandy mit Malwarebytes gefunden
    Log-Analyse und Auswertung - 09.12.2013 (9)
  11. Win7 - 'PUP.Optional.Babylon.A' und 'PUP.Optional.DownloadSponsor.A' gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (7)
  12. Malwarebytes Pup.Optional.DownloadSponsor.A
    Log-Analyse und Auswertung - 26.10.2013 (13)
  13. PUP.Optional.Sweetpacks, PUP.Optional.Conduit bei Scan mit Malwarebytes gefunden
    Log-Analyse und Auswertung - 04.09.2013 (27)
  14. pup.optional.opencandy von Malwarebytes gefunden
    Log-Analyse und Auswertung - 28.08.2013 (4)
  15. pup.optional.opencandy von Malwarebytes gefunden
    Log-Analyse und Auswertung - 20.08.2013 (7)
  16. Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.08.2013 (2)
  17. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)

Zum Thema PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden - Hallo zusammen, verschiedene Virenscans haben auf dem Laptop meiner Freundin verschiedene Funde geliefert: Vor einiger Zeit hat Malwarebytes "PUP.Optional.SimpleNewTab.A" gefunden. Die Dateien wurden in Quarantäne verschoben, aber erstmal nichts weiter - PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden...
Archiv
Du betrachtest: PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.